127.0.0.1 – What Are its Uses and Why is it Important?

127.0.0.1 is the loopback Internet protocol (IP) address also referred to as the “localhost.” The address is used to establish an IP connection to the same machine or computer being used by the end-user. The same convention is defined for computer’s that support IPv6 addressing using the connotation of ::1. Establishing a connection using the address 127.0.0.1 is the most common practice; however, using any IP address in the range of 127.*.*.* will function in the same or similar manner. The loopback construct gives a computer or device capable of networking the capability to validate or establish the IP stack on the machine.

How Does the Internet Protocol Work?

The Internet Protocol (IP) is a set of rules that ensure there is a standardized method to address and communicate between computers and other network devices. Besides governing the method of addressing, the IP protocol also standardizes the manner or method that data packets are sent to, delivered, and where applicable acknowledged across the Internet and local networks. Internet Protocol version 4 (or IPv4) is the fourth revision of the protocol and is There's no place like 127.0.0.1the most widely deployed throughout the world. IETF RFC 791, which was finalized in September of 1981, is the current definition of the protocol. IPv4 is slowly being replaced by IPv6, but it’s adoption is still in infancy. IPv4 is considered to be a connectionless protocol designed to be used on Ethernet-based networks. The protocol does not guarantee delivery, data integrity, or proper data sequencing; instead, relying on the Transmission Control Protocol (TCP) to handle these concerns.

How Does 127.0.0.1 Work?

Establishing a network connection to the 127.0.0.1 loopback address is accomplished in the same manner as establishing one with any remote computer or device on the network. The primary difference is that the connection avoids using the local network interface hardware. System administrators and application developers commonly use 127.0.0.1 to test applications. When establishing an IPv4 connection with 127.0.0.1 will normally be assigned subnet mask 255.0.0.1. If any public switch, router, or gateway receives a packet addressed to the loopback IP address, it is required to drop the packet without logging the information. As a result, if a data packet is delivered outside of the localhost, by design it will not accidently arrive at a computer which will try to answer it. This aspect of the loopback helps ensure network security is maintained, since most computers will answer packets addressed to their respective loopback address which may also unexpectedly activate other services on a machine by responding to a stray data packet.

What is the Domain Name System?

Human beings are not able to easily remember IP addresses or number well. Plain language web addresses; however, are much easier to use, but require a method to resolve to the actual address of the remote computer or server. As a result, the Domain Name System (DNS), was developed to help direct local and Internet traffic to the appropriate destination by performing real-time look-ups of Internet address with other DNS servers located on the Internet. Before a local computer will send a DNS request to the DNS server for the local network; however, it will perform a check of the locally stored Hosts file first to save time and network resources. The hosts file contains pairings of IP addresses along with one or more host names and is updated frequently based on predefined conditions on the local computer. Before the invention of DNS, there was a single Hosts file that was shared across the network. This was found to not pass the test of scalability; however, when multiple networks started to get connected together which resulted in the development of the DNS system in use today.

How is 127.0.0.1 Used in the Hosts File?

Whenever a computer user tries to access a website or remote computer by name, the computer checks the locally stored Hosts file for domain name resolution before sending a request to the Domain Name Server (DNS). The 127.0.0.1 IP address is commonly found in the Hosts file on computers assigned to the plain English address, “localhost.” It is also used by computer malware to assign legitimate websites to the localhost to prevent the end-user from seeking legitimate computer security assistance with malware infection. This type of change has most commonly been associated with many of the computer scareware packages that have been deployed across the Internet through maliciously infected websites, Trojan horse viruses, and infected email attachments. Some computer administrators, and interested students, can modify the hosts file to prevent access to undesirable websites; however, is not the preferred method as the end-user (or administrator) now becomes responsible for removing the entry when required. Examples of host file entries:

127.0.0.1 localhost

127.0.0.1 www.SiteYouWantToRouteToLocalHost.com

127.0.0.1 SiteYouWantToRouteToLocalHost.com

What is a Special Use IP Address?

A special use IP address is one that has been assigned by the Internet Assigned Numbers Authority (IANA) and is reserved for a specific reason or purpose. The IANA’s authority to delineate these addresses comes from the IETF to make assignments in support of the Internet Standards Process. The IANA defines special use IP addresses for IPv4 in RFC 3330: Special-Use IPv4 Addresses and for IPV6 in RFC 3513: Internet Protocol Version 6 (IPv6) . RFC 3330 was the first specification to collect the various one-off definitions for special use IP addresses such as 127.0.0.1 that had been defined over the years in a central location. Based on these lessons learned, all of the special user IPv6 addresses were included in RFC 3513 from the beginning. The IANA does state in RFC 3330 that the Internet does not protect against the abuse of special IP addresses such as 127.0.0.1. The organization also goes on to recommend that if all data packets from a reserved address are assumed to have originated from the same computer’s subnet that all border routers should filter reserved packets that do not originate from the same device since there have been instances of attacks mounted based on the use of one or more of these special addresses.

Special IP Address Summary Table

Address Block             Present Use                      

0.0.0.0/8             “This” Network

10.0.0.0/8            Private-Use Networks

14.0.0.0/8            Public-Data Networks

24.0.0.0/8            Cable Television Networks

39.0.0.0/8            Reserved, subject to allocation

127.0.0.0/8          Loopback

128.0.0.0/16        Reserved, subject to allocation

169.254.0.0/16    Link Local

172.16.0.0/12      Private-Use Networks

191.255.0.0/16    Reserved, subject to allocation

192.0.0.0/24        Reserved but subject to allocation

192.0.2.0/24        Test-Net

192.88.99.0/24    6to4 Relay Anycast

192.168.0.0/16    Private-Use Networks

198.18.0.0/15        Network Interconnect Device Benchmark Testing

223.255.255.0/24     Reserved, subject to allocation

224.0.0.0/4          Multicast, commonly used in multiplayer simulations and gaming and for video distribution.

240.0.0.0/4          Reserved for Future Use

What Are the Common Uses for 127.0.0.1?

A common technique to verify that a computer’s networking equipment, operating system, and TCP/IP implementation are working correctly is to send a ping request to 127.0.0.1. Based on the results of the test, administrators or computer users can troubleshoot network connectivity issues. Application developers also make use of the loopback address to test basic network functionality when developing a program or application component prior to going “live” on a network or the Internet with testing or deployment.

Some of the “lighter” uses of the loopback address are to trick computer security or computer science students into attempting to crack, probe, or test network speed by using the 127.0.0.1 address. There are also a number of variations on the “World’s Worst Hacker” found across the Internet. In these stories (which at least a few are likely based on true stories), fellow hackers urge “newbies” or a “less-than-knowledgeable” hacker to infect, hack, or conduct a DOS or DDOS attack against the 127.0.0.1 address.  In the more humorous stories, the hacker succeeds in infecting or deleting information from his or her own computer to the amusement of those watching.

Where is 127.0.0.1 Defined?

RFC 1700, published by the Internet Engineering Task Force (IETF) was the first document to reserve the 127.0.0.0/8 address block for loopback purposes. IETF document, RFC 3330, then further described the usage of the IPv4 address block 127.0.0.0/8 for loopback purposes. These definitions were later updated exclusively through the IANA and continue to be excluded for assignment by Regional Internet Registries or the IANA.

What is IPv6?

As the number of people and devices that use the Internet has grown, the demand for addresses has continued to grow exponentially. Internet Protocol Version 6, IPv6, is the next generation protocol that is designed to ultimately replace IPv4 and is slowly being adopted in education and research circles. The Internet Engineering Task Force (IETF) developed IPv6 to accommodate the increasing number of devices and users accessing the Internet and to help address some of the fundamental security shortcomings in the IPv4 implementation. IPv6 accommodates a greater number of addresses by using bigger numbers to create IP addresses. Under the IPv4 addressing convention, an address is 32 bits in length that allows for approximately 4.3 billion unique addresses. IPv6; however, uses a 128 bit address that permits up to 340 trillion, trillion IP addresses.

What Are the Advantages of IPv6?

Besides the significant increase in total numbers of IP addresses, IPv6 also offers networking advantages over IPv4. The new protocol allows devices to detect and use services of IPv6 enabled networks without requiring action by the end-user. It also significantly reduces the need for Network Address Translation (NAT) which is used on IPv4 to allow a number of clients to share a single IP address. A number of research projects based on the underlying IPv6 technology are underway as part of the Internet 2 project led by a non-profit U.S. networking consortium comprised of education communities, industry, and government. With more than 280 members, the Internet 2 Network currently connects more than 60,000 institutions and provides a next-generation optical network that can meet high-performance demand requirements for research and education.

What is the Equivalent of 127.0.0.1 in IPv6?

::1 or in longhand, 0:0:0:0:0:0:0:1 is the loopback address in the IPv6 protocol. The loopback address in IPv6 performs a similar function as in IPv4 by allowing a node to send a data packet to itself. It cannot be assigned to any physical interface on the computer and is considered to have a “link-local” scope. The ::1 address is not allowed to be used as a source address in IPv6 packets that are sent outside of a single node. If they are, an IPv6 router is not allowed to forward the data packet. If a packet with this address is received on an interface, it must also be dropped. The loopback, “unspecified addresses,” and the IPv6 addresses that have embedded IPv4 addresses are assigned out of the 0000 0000 binary prefix space.

Steps to Ping 127.0.0.1

Although pinging the loopback address or 127.0.0.1 can be accomplished using the DOS command prompt or terminal on a MAC OS X computer, it is also built in to many of the network administrator tools available on the market.

Step 1 – Log-in to your computer using an account with administrator permissions.

Step 2 – Open the “DOS” prompt by selecting the “Start” button and typing “CMD” into the search text field. In Mac OS X, select the “Finder” located in the computer’s “Dock” and click on the “Utilities” menu option. Then, double click the “Network Utility” application icon.

Step 3 – In Windows, enter “ping 127.0.0.1” at the DOS command prompt followed by pressing the “Enter” key. On a Mac, select the “Ping” menu tab and enter “127.0.0.1” in the field provided. Then press the “Ping” menu button.

Step 4 – View the results displayed on the screen. The data displayed will include the number of data packets sent, received, lost, and the approximate round trip time of the data transmission. Results on a Windows computer will look similar to:

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Rate this article:

Last updated .

Follow Will.Spencer on
  • Jacke9779

    Thanks very much!

  • Fred Woolman

    When I use the installed version of AOL, everytime I click on a web-link a blank window appears that never loads.
    And the IP address being used is 127.0.0.1

    This is very frustrating beacause I cannot use any links from the desktop version of AOL. The web version works fine.

    How do I get links to work from the desk top AOL? !!

    Thanks,

    FW

  • pcs

    Reply to the following comment:


    When I use the installed version of AOL, everytime I click on a web-link a blank window appears that never loads.
    And the IP address being used is 127.0.0.1

    Immediately discontinue using AOL.

  • brenda

    I constantly receive email from “UPS” concerning a package that can’t be delivered and is encouraging me to click on a link for instructions. The email is a scam, I understand, but an IP trace shows it’s destination to be Birmingham, UK and the origination is a local host 127.0.0.1. If that’s the local host, is it coming from my puter?
     
    In general terms, what is “local host”?

    • memenode

      Scammers can spoof an email address and put anything there including the local IP address. If you didn’t send it to yourself and your computer didn’t develop a will of its own and a desire to mess around with you then it’s impossible that it came from your computer. Someone just faked it.

      A local host or “localhost” just means “this computer”, and refers to the computer you’re using right now.

  • Mike

    127.0.0.1 had BLA trojan established on one of my ports so I quickly disconnected the connection…does this mean I have a Virus?? or someone put a backdoor in my PC? plzz help

    • memenode

      According to Symantec it’s a backdoor, but since it’s apparently known an antivirus program should be able to deal with it.

    • damon

      Basically trojanv is a way of getting into the comp and getting a way to change the password.

  • Bob Abbott

    I have received an email 3 times telling me that I have a “free” email account in existence since 1996 and I should use the account by installing “YPOP” on my computer and setting up this email account as an internet mail account.  There is NO identification of any type in this email and it comes from noreply@nonprogrammersxo.net.  Further instruction say that I am to use 127.0.0.1 as both my incoming and outgoing server.

    • BrieFrie

      No Bob! Don’t do it!

      • Bob Abbott

        Thanks!  After reading a little on this URL I sense that this is a scam used to gather information or hack into my computer. 

        I actually received this same emil again this morning.  I wish I could determine where it is coming from.

  • FreddieMac

    Good job, Bob, good job!
    You go, Bob! Google Is your best friend!  
    Everyone else – suspicious email? GOOGLE it!

  • Gaptek

    i confused,,,

    this is standard ?

    so default my gadget always use althoug i ‘m not configure ?

  • vineet kumar

    last month my facebook account was hacked and by checking the notification coming on gmail the address of sender cominh out is 127.0.0.1
    what does it means? please any my question
     

  • ed wiles

    Lately, when I try to log onto my internet service to go to my home page at att:yahoo news, it fails to come up.  Instead, a page appears with the my att and yahoo browser but a block comes up saying “internet explorer cannot display the webpage”.  My internet connection icon shows the dsl internet is connected but I can not browse, get my may or go to any site. 
    Was on the phone with ATT technicians for over 2 hours and could not get it fixed.  They ran me through everything, including setting up a new dsl connection.  The dsl modem works fine also.
    Can you venture a guess?

  • spuds

    this is cool

  • pravi

    it’s realy good!!!!!!!!!!!!

  • Eduardo

    Nice post.

    Do you know if a request from the server to the same server using their asigned IP (10.213.100.x) uses the network? or make a loopback like 217.0.0.1?

    Thanks.

  • http://interservices4u.blogspot.com/ Asad

    really informative i blocked some websites on my pc by using local host trick.Thanks for sharing such informative article

  • mammie

    someone has downloaded this on my computer and everytime I look something up it shows I used 127.0.0.1 to look them up ,am I being hacked is someone else seeing everything I look up ?

    • WillSpencer

      Can you post a screenshot?

  • memenode

    Some clues from here might be helpful. You might be running a server with a 127.0.0.1 address (in which case changing it to 0.0.0.0 might help), or are running an email program in the background with an inbox full..

  • memenode

    Ellos son probablemente tratando de estafarlo. 127.0.0.1 es una dirección IP internade la máquina local, y no es visible fuera de su ordenador. (via Google Translate).

    They are probably trying to scam you. 127.0.0.1 is an internal IP address for the local host, and is not visible outside of your computer.

  • mark0526

    127.0.0.1 is the univereal loop back standered for ALL computers on the net. iF YOU FIND IT IN A EMAIL HEADER then it is a fake. LOOK only at the “ORIGINATED FROM IP#” in the email header as the rest  the numbers most likly our fake but the ORIGINAL SENDER IP# well be correct even if it is thru a proxie and that happens with fake emails making it inposable to retrack with out a court order.
    127.0.0.1 Defined in the Internet RFC’s
    The proper use of 127.0.0.1 is defined in RFC 3330: Special-Use IPv4 Addresses:
    127.0.0.0/8 – This block is assigned for use as the Internet host loopback address. A datagram sent by a higher level protocol to an address anywhere within this block should loop back inside the host. This is ordinarily implemented using only 127.0.0.1/32 for loopback, but no addresses within this block should ever appear on any network anywhere.

  • Sherrill Bjorklund

    the update manager will not let me change anything.  It will not load so I can read about the settings.  It has the wrong email address and will not except any of my passwords.
     
    It says it is a firefox document.  I can’t get it to stop popping up.  I will look through the questions here but I am stuck with trying to get rid of the popups. 
     
    Thanks,
    Sherrill

  • Robert Berriz

    Who in the world uses AOL at all…. for anything
    Especially desktop
    Get with the times. Google/gmail