THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Why are packets captured on "\Device\NPF_Loopback" shown with a red background?

  • retag add tags

Hi,

i hope anyone can tell me why wireshark flags the packages on the Screenshot in red.

Many Thanks

tOmek247's avatar
1
tOmek247
asked 2021-09-01 07:04:23 +0000
Guy Harris's avatar
19.9k
Guy Harris
updated 2021-09-02 03:19:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Your question isn't clear and your image is missing. Please post your image on a public file share, e.g. Google Drive, DropBox etc. and post a link to it back here in your question.

grahamb's avatar grahamb (2021-09-01 07:47:39 +0000) edit
more
  • delete

This can be either because the colouring rules make them so, or a dissection error has taken place. Either way, like @grahamb said, giving us access to the image is a first step here.

Jaap's avatar Jaap (2021-09-01 12:01:36 +0000) edit
more
  • delete

Hi, sorry for that. I uploaded the picture on gdrive.

tOmek247's avatar tOmek247 (2021-09-01 14:43:56 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Likely to be because the packets contain a TCP RST. You can check which coloring rule is being used by expanding the frame item in the protocol details pane and looking for the [Coloring Rule Name: xxx] and [Coloring Rule String: yyy] fields to see the name and the filter string respectively causing the packet to be colored in that way.

grahamb's avatar
23.8k
grahamb
answered 2021-09-01 15:06:05 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer