Ask Your Question
0

create a dissector for protobuf

asked 2025-02-27 14:55:08 +0000

BMWE gravatar image

Hi,

In some tool that I'm using, there is export to protobuf. However, when I try to use it, I'm getting that the field is not defined.

After removing everything, except parsing the 1st 2 bytes, I still have an error:

syntax = "proto3";

package my_test
message my_test_message {
bytes sync1 = 1;
bytes sync2 = 2;
}

I know that the 1st byte is 0xAC (sync1) and second one is 0x13 (sync2). I getting an output like:

Field(309):
[field name: <UNKNOWN>]
.000 1001 .010 1... = Field Number: 309
.... .100 = Wire Type: End Group (deprectaed) (4)

How to solve the issue so that I'll see sync1=0xAC (or 172) and sync2=0x13 (or 19).

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-02-27 15:13:49 +0000

grahamb gravatar image

Does the Wireshark Wiki page on Protobuf help?

edit flag offensive delete link more

Comments

Im familiar with this one. Unfortunately it doesn't help

BMWE gravatar imageBMWE ( 2025-02-27 15:36:01 +0000 )edit

Is the problem in the "In some tool that I'm using" element rather than Wireshark? Wireshark needs two things here; the captured traffic containing the protobuf messages and the protobuf definition.

grahamb gravatar imagegrahamb ( 2025-02-27 16:09:11 +0000 )edit

As mentioned, I've cleared everything except the definition I've wrote above. I have same problem in both cases - full definition and the simple one (which is above)

BMWE gravatar imageBMWE ( 2025-02-27 16:12:58 +0000 )edit

Have you confirmed that the message is valid by decoding it using command-line protoc? Also, why not encode the message using protoc (if you know what the field values are) and see if they differ. If they don't, you can file a nice bug report for Wireshark.

MartinM gravatar imageMartinM ( 2025-02-27 17:26:52 +0000 )edit

Also, the output above isn't from Wireshark, is it? I can't find that type ("deprectaed") in the history of packet-protobuf.h (going back to 2019).

MartinM gravatar imageMartinM ( 2025-02-27 17:34:51 +0000 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-02-27 14:55:08 +0000

Seen: 18 times

Last updated: yesterday

Related questions

Documentation/Use of new protobuf dissector

decode protobuf within a protobuf in lua plugin

[LUA] How to get a field from a decoded protobuf to decode the next protobuf

macOS crash setting protobuf search path

Protobuf decoding for Mqtt messages

gRPC Configuration

Protobuf dissector with nested structures

gRPC traffic dissector with TLSv1.3

Protobuf field malformed packet for last byte of 'repeated fixed32'

Multiple "failed assertion "saved_layers_len < 500"" messages for protobuf protocol