Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10202] New: wrong decoding of UID field on packets from pflogX interface

Wireshark-bugs: [Wireshark-bugs] [Bug 10202] New: wrong decoding of UID field on packets from pf

Date: Wed, 18 Jun 2014 21:48:41 +0000

Bug ID	10202
Summary	wrong decoding of UID field on packets from pflogX interface
Classification	Unclassified
Product	Wireshark
Version	1.10.7
Hardware	x86
OS	Mac OS X 10.8
Status	UNCONFIRMED
Severity	Minor
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	marcodome@libero.it

Build Information:
Version 1.10.7 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.3,
with
GLib 2.40.0, with libpcap, with libz 1.2.5, without POSIX capabilities, without
libnl, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.1, without Python, with
GnuTLS 3.2.14, with Gcrypt 1.6.1, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built May 30 2014 23:49:47), with AirPcap.

Running on Mac OS X 10.8.5, build 12F45 (Darwin 12.5.0), with locale
it_IT.UTF-8, with libpcap version 1.1.1, with libz 1.2.5, GnuTLS 3.2.14, Gcrypt
1.6.1, without AirPcap.
      Intel(R) Core(TM) i7-2635QM CPU @ 2.00GHz

Built using clang 4.2.1 Compatible Apple LLVM 5.1 (clang-503.0.40).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Using the pf firewall it's possible to add the "user" parameter on the log
command to have the UID in the additional information of packets shown on
pflogX interface.
On MacOS (I can't say about BSD) the UID field seems to me that is Little
endian but it's decoded as it would be Big Endian.



PS: there are also the PID, the RULE UID and the RULE PID fields, but I think
that they are not populated correctly (by pf).

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10201] col.Protocol missing from tshark 1.11.3 and 1.12.0-rc2
Next by Date: [Wireshark-bugs] [Bug 10200] wireshark v1.12.0-rc2 unable to dissect Kerberos protocol
Previous by thread: [Wireshark-bugs] [Bug 10201] col.Protocol missing from tshark 1.11.3 and 1.12.0-rc2
Next by thread: [Wireshark-bugs] [Bug 10202] wrong decoding of UID field on packets from pflogX interface
Index(es):
- Date
- Thread