Ask Your Question

Revision history [back]

To support protobuf over tcp, you can write a Lua script and put it in your Lua plugins directory ("Help->About Wireshark->Folders->Personal Lua Plugins").

The file name might be "protobuf_tcp.lua", and the content likes: 

do
    local protobuf_tcp_proto = Proto("protobuf_tcp", "Protobuf over TCP")
    local protobuf_dissector = Dissector.get("protobuf")
    local f_length = ProtoField.uint32("protobuf_tcp.length", "Length", base.DEC)
    protobuf_tcp_proto.fields = { f_length }
    -- This must be the root message defined in your .proto file
    local message_type = "tutorial.AddressBook"

    function protobuf_tcp_proto.dissector(tvb, pinfo, tree)
        local offset = 0
        local remaining_len = tvb:len()
        local subtree = tree:add(protobuf_tcp_proto, tvb())
        pinfo.columns.protocol:set("PB_TCP")
        while remaining_len > 0 do
            if remaining_len < 4 then -- head not enough
                pinfo.desegment_offset = offset
                pinfo.desegment_len = DESEGMENT_ONE_MORE_SEGMENT
                return -1
            end

            local data_len = tvb(offset, 4):uint()

            if remaining_len - 4 < data_len then -- data not enough
                pinfo.desegment_offset = offset
                pinfo.desegment_len = data_len - (remaining_len - 4)
                return -1
            end
            subtree:add(f_length, tvb(offset, 4))

            pinfo.private["pb_msg_type"] = "message," .. message_type
            pcall(Dissector.call, protobuf_dissector, tvb(offset + 4, data_len):tvb(), pinfo, subtree)

            offset = offset + 4 + data_len
            remaining_len = remaining_len - 4 - data_len
        end
    end

    -- TCP port
    DissectorTable.get("tcp.port"):add(18127, protobuf_tcp_proto)
end

Remember to replace "tutorial.AddressBook" with the fullname of the root message defined in your .proto file and tcp port 18127 with your tcp port of your capture file.

You should be sure your .proto file is in the "Protobuf search paths", and make sure "load all files" option checked.

You can use "decode as" now if your message types for all tcp ports are the same.

Certainly, you can make the message type for each tcp port different and configurable by adding something like: protobuf_tcp_proto.prefs.tcp_port_message_maps = Pref.string("TCP Ports and Message Maps", "18127:tutorial.AddressBook", "Format: port1:message.type1,port2:message.type2,...") But that need more code.