Ask Your Question
0

"Message Decoding" to decode MQTT Protobuff Message

asked 2023-11-13 06:44:46 +0000

fapue gravatar image

I have the problem that I send protobuf messages via MQTT, which I want to sniff with the help of Wireshark. I have already found out that there is a "Message Decoding" function that could help me with this. I have already tried to find a solution using "Decode as" and a dissector.

Now my question: What do I have to set in the individual columns so that I can decode my Protobuf messages from the MQTT protocol. What does "match criteria", "topic pattern", "decoding", "payload protocol" stand for?

edit retag flag offensive close merge delete

Comments

See the Protobuf section of the Wireshark Wiki and 11.21. Protobuf Search Paths in the WSUG - Wireshark User's Guide.

Chuckc gravatar imageChuckc ( 2023-11-13 10:01:25 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-11-13 23:46:03 +0000

cmaynard gravatar image

Section 3.3.3 Payload of the MQTT 3.1.1 Specification states that, "The Payload contains the Application Message that is being published. The content and format of the data is application specific."

In order to reliably dissect the payload then, Wireshark must be told how to do that. In other words, it must be told what protocol dissector to hand off the payload to, when applicable. The MQTT Message Decoding preferences serve that purpose, and it's based on the MQTT Topic. You basically tell Wireshark for a given topic pattern and match criteria, which dissector Wireshark should call in order to properly interpret/dissect the payload.

The "Match criteria" of the topic pattern can be one of, "Equal to", "Contains", "Starts with", "Ends with", or "Regular Expression".

The "Topic pattern" is the topic of interest, or some part of that topic that will be used by the match criteria.

"Decoding" is either "none" or "compressed", and this tells Wireshark whether the payload needs to be decompressed first or not before handing off the payload to the appropriate payload protocol dissector.

Finally, the "Payload protocol" is simply the name of the protocol dissector that will get handed the payload once a match of the topic pattern is made.

Again, the payload is application-specific, so you must know how to match the topic to the payload in order for Wireshark to be able to dissect it.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2023-11-13 06:44:46 +0000

Seen: 649 times

Last updated: Nov 13 '23