New features about Protobuf and gRPC dissectors have been added into Wireshark since version 3.2.0:
- Protobuf files (*.proto) can now be configured to enable more precise parsing of serialized Protobuf data (such as gRPC).
- The message of stream gRPC method can now be parsed with supporting of HTTP2 streaming mode reassembly feature.
- User can specify protobuf search paths (where has *.proto files), and the UDP ports to protobuf message type maps at the Protobuf protocol preferences.
- If your own dissectors need invoke protobuf dissector, you can pass the message type to Protobuf dissector by data parameter (in C) or pinfo->private_table["pb_msg_type"] (pinfo.private["pb_msg_type"] in lua).
Another two new features will be released in 3.3.0 or 3.4.0:
- Protobuf fields can be dissected as wireshark (header) fields that allows user input the full names of Protobuf fields or messages in Filter toolbar for searching.
- Dissector based on Protobuf can register itself to a new 'protobuf_field' dissector table, which is keyed with the full names of fields, for further parsing fields of BYETS or STRING type.
References:
- https://www.wireshark.org/docs/relnotes/wireshark-3.2.0.html
- https://www.wireshark.org/docs/wsug_html_chunked/ChProtobufSearchPaths.html
- https://www.wireshark.org/docs/wsug_html_chunked/ChProtobufUDPMessageTypes.html
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
