Ask Your Question

Why are packets captured on "\Device\NPF_Loopback" shown with a red background?

asked 2021-09-01 07:04:23 +0000

tOmek247 gravatar image

updated 2021-09-02 03:19:44 +0000

Guy Harris gravatar image


i hope anyone can tell me why wireshark flags the packages on the Screenshot in red.

Many Thanks

edit retag flag offensive close merge delete


Your question isn't clear and your image is missing. Please post your image on a public file share, e.g. Google Drive, DropBox etc. and post a link to it back here in your question.

grahamb gravatar imagegrahamb ( 2021-09-01 07:47:39 +0000 )edit

This can be either because the colouring rules make them so, or a dissection error has taken place. Either way, like @grahamb said, giving us access to the image is a first step here.

Jaap gravatar imageJaap ( 2021-09-01 12:01:36 +0000 )edit

Hi, sorry for that. I uploaded the picture on gdrive.

tOmek247 gravatar imagetOmek247 ( 2021-09-01 14:43:56 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2021-09-01 15:06:05 +0000

grahamb gravatar image

Likely to be because the packets contain a TCP RST. You can check which coloring rule is being used by expanding the frame item in the protocol details pane and looking for the [Coloring Rule Name: xxx] and [Coloring Rule String: yyy] fields to see the name and the filter string respectively causing the packet to be colored in that way.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-09-01 07:04:23 +0000

Seen: 466 times

Last updated: Sep 02 '21