2.7. The missing network loopback interface

Windows TCP/IP stack does not implement a network loopback interface, as found in other TCP/IP stack like lo* interfaces in BSD systems.

Thus, it is not possible to sniff network traffic using the typical Windows packet capture driver, WinPcap [24].

However, TDIMon [10] can be used to see loopback traffic (but does not support network traffic logging):

NT Kernel Resources's Local Host Monitor [11] is similar to Sysinternals's TDIMon but also supports data sent to the TCP/IP driver using the TDI interface, including loopback network data.

Another method to capture loopback network data is to use a Winsock LSP (Layered Service Provider). The Ports Traffic Analyzer [25] is an example of such sniffer.

The Microsoft Loopback Adapter can be installed on Windows systems, to run network applications when no physical adapter is present or active on the system [26]. This adapter is not the equivalent of a network loopback interface and IPv4 address 127.0.0.1 can not be assigned to it. Also, it is not possible to sniff network traffic on it, at least with WinPcap.