127.0.0.1 is the loop back IP address and its purpose is to loop back to the same machine which is used by the end user. It can be used to establish a connection to the services or system while accessed from the same machine.
It establishes the connection to the same system in a way as it would make a connection to some remote system.Lets say if you are running some web services from your machine and if you browse to 127.0.0.1 on the same machine, you should be served by the web page.
This loopback construct provides a system or a device the capability to validate or establish the IP stack on the machine.
The 127.0.0.1 is a special address of IPv4 (Internet Protocol version 4). It has a range of IP addresses 127.0.0.1 to 127.255.255.255. All the IP Addresses in this range 127.*.*.* will work the same as 127.0.0.1 will do.
All the addresses in the range 127.*.*.* represent the system of the end user and so can be considered as loopback address.
These days IPv6 (Internet Protocol version 6) is taking over IPv4 and sooner IPv4 might completely be replaced. The equivalent of 127.0.0.1 IP address in IPv6 is ‘::1’.
The IP address 127.0.0.1 is also known as the ‘Loopback address’ or the ‘localhost.’
Why is 127.0.0.1 called loopback address or localhost?
The name of 127.0.0.1 IP address comes from one of the Class A networks 127. The 127 class A network was reserved for the loopback functions.
When you ping the 127.0.0.1 IP Address, it treats the end user’s computer as a remote computer. And it re-routes all the outgoing information to the same computer. Thus, it is called the Loopback Address.
Also, the end user’s computer is the host. The 127.0.0.1Loopback IP address is the local computer address or the host name of ‘this computer.’ And, thus, called localhost.
How do the loopback IP address 127.0.0.1 works?
The Loopback IP Address 127.0.0.1 treats the end user system as a remote system. By using the loopback address, it establishes the connection to the same system in a way it would have established the connection to some remote system.
The local network interface helps connect a system to another network’s system. Using the loopback IP address 127.0.0.1, though, does not allow to use the local network interface hardware while establishing the connection.
This process ascertains that the connection does not establish with any other system than the localhost.
Any information sent from the TCP/IP application, from Internet Protocol (IP) layer gets directed to the Data Link layer in the form of IP datagrams.
If these data packets are addressed and sent to the 127.0.0.1 IP address of the network, they do not appear anywhere over the physical network.
Instead, the data packet is re-routed, or it loops back to the end user’s system.
What is the purpose of the 127.0.0.1 loopback IP address?
The Loopback functionality of the IP address 127.0.0.1 serves multiple purposes which are as follows.
Verifying Network Interface Card (NIC) Status
One of the basic check to verify TCP/IP stack and network interface of a computer, is to send a ping request to 127.0.0.1.
Based on the results of the test, administrators or computer users can assess the operating system IP stack of the system to some extent.
The data packets are sent addressing to the 127.0.0.1 Loopback IP address. If it is received back to the user end system, then the NIC is working properly.
Self-Connectivity of the system
The IP address 127.0.0.1 is used to check ‘self-connectivity’ for the system.
This is especially used in the case where you have a web service running on the system. Before going live, you can access and test the web services on loopback address.
There are few other benefits as well.
127.0.0.1 loopback IP address in host files
The Loopback 127.0.0.1 IP address is assigned in the hosts file of the system. Before sending request to the Domain Name Server (DNS) while accessing any website or remote system, the local host files are first checked for the domain name resolution.
You can locate hosts file on windows at c:\Windows\System32\Drivers\etc\hosts but for other other operatins system like Linux and unix, it can be located at /etc/hosts.
Host file entries for localhost are as follows
127.0.0.1 localhost.localdomain localhost
Hosts files can also be modified to restrict access to some sites. This is also sometimes used by some malware not letting the end user seek legitimate security, by assigning the website to the localhost.
This way of restricting a website is not very standard practice. It can be achieved by following similar entry in hosts file.
What is the ‘Ping of Death’?
This is an attack which can be caused by pinging a request to the 127.0.0.1 IP Address. Known as the ‘Ping of Death’, this ping command ‘ping 127.0.0.1’ can be used to send the malicious pings to the computer. It may cause the whole server to crash down.
The attacker sends oversized data packets (larger than 65,536 bytes) breaking them into fragments, using the ping command.
Since the ping appears to be coming from the Loopback address, it gets accepted by the host, and it starts giving echo reply to the ping, joining all the fragments.
When they finally receive the oversized packet from joining those fragments, it brings down all the other functionalities of the system.
This attack since does not disclose the identity of the attacker (as it appears to be coming from the Loopback IP address), it is sometimes very effective and difficult to prevent.
How does 127.0.0.1 IP address differ from 0.0.0.0 IP address?
As we already know, 127.0.0.1 IP address is known as the localhost which is a Loopback address. It is often confused with another special 0.0.0.0 IP address.
This special 0.0.0.0 IP address unlike the 127.0.0.1 does not provide any loopback functionality. For a route entry, 0.0.0.0 IP address is a ‘no particular address’ or a ‘non-routable target.’
0.0.0.0 is an IP address syntax, which is valid. It is parsed and converted to a numeric traditional IP address whenever required.
But in the context of servers, this IP adress infact means all IPv4 addresses available on the local machine.
So, incase your local machine has two IP addresses, 192.168.1.5 and 10.1.2.2, and a server running on the host listens on 0.0.0.0, that means it is listening on both of those IPs.
Any web server at 0.0.0.0 will be reachable at all of the other IPv4 addresses of the system.
There are many special addresses that are reserved by the Internet Assigned Numbers Authority (IANA), for various special functionalities serving its own unique purpose. 127.0.0.1 is one of these special addresses.
127.0.0.1 comes with the Loopback functionality which helps in establishing the connection by looping back to the same system. 127.0.0.1 IP address is used to refer to the local computer or the localhost.
Loopback IP address serves various purposes. It helps in verifying the operating system IP stack of the system to validate network as well as checking the self-connectivity of the system.
This mechanism can also be used to test/access web services running on local host without exposing it to outside network to which a computer is connected to.