Wireshark mailing list archives

Re: localhost versus url

From: Guy Harris <guy () alum mit edu>
Date: Wed, 9 Mar 2011 23:39:09 -0800


On Mar 9, 2011, at 11:19 PM, Jaap Keuter wrote:

Assuming your domain name is resolved to your public IP address on the outside of the firewall/NAT, your assumption 
is right.

When entering localhost in the URL, that's resolved to 127.0.0.1, your local machines loopback interface. No Ethernet 
networking involved, so watching with Wireshark won't show this traffic at all (unless capturing the on the loopback 
interface on a !Windows machine).


!Windows && !Solaris - Solaris (except perhaps in OpenSolaris 11) doesn't support a capture mechanism that can listen 
to loopback traffic.

On the other hand:

When entering the FQDN in the URL, that's resolved to your outside address. Browser traffic flows to that address 
first, then comes back to access the Apache server. Now you'll see the traffic when you capture on the network 
interface, once going out and once coming in.


...in at least some operating systems, even attempts to send packets to one of your own network addresses will go 
through the same path as attempts to send packets to 127.0.0.1, so either you won't be able to capture them at all, on 
Windows (where there is no equivalent to UN*X loopback interfaces; the Windows "loopback interface" is different) or on 
UN*Xes where you can't capture in the loopback interface, or you'll have to capture them on the loopback interface, 
just as you capture traffic to 127.0.0.1.

In the circumstance that there's no NAT involved (so your outside address is your interface address) you still end up 
with more delay that going through the loopback interface. The extra DNS interactions, and probably additional safety 
measures of your platform, take away a little time for every object retrieved.


My guess is that's the performance issue; traffic from your machine to one of its non-loopback IP addresses, or to its 
loopback address, largely go through the same code path, so it's probably that looking up the host name via DNS is 
slower than looking up "loopback" or that something else is triggered by traffic to a local address that's not 
triggered by traffic to 127.0.0.1.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

localhost versus url Tony Anecito (Mar 09)
- Re: localhost versus url David Alanis (Mar 09)
  - Re: localhost versus url Tony Anecito (Mar 10)
- Re: localhost versus url Jaap Keuter (Mar 09)
  - Re: localhost versus url Guy Harris (Mar 09)
  - Re: localhost versus url Tony Anecito (Mar 10)
    - Re: localhost versus url Jaap Keuter (Mar 10)
    - Re: localhost versus url Tony Anecito (Mar 10)