Ask Your Question
0

How to reference .proto files to tshark [closed]

asked 2025-09-09 15:03:01 +0000

Aminekhdh gravatar image

I am trying to use a lua script that dissects protobuf messages, when I use wireshark and add my proto folder to the Protobuf Search Paths, everything works and I see my dissectors working, now I want to use tshark because I need it in a context of an automation and I only built tshark, from the script I am using I can see that the lua script is working and even the someip messages being decoded correctly, when it comes to protobuf that's where I get a wrong result, I guess the built in protobuf dissector is being used instead of the one that I have in my plugin.

Here is a sample of the result: 
"_ws.lua.fake": "",
        "protobuf": {
          "Message: <UNKNOWN>": {
            "protobuf.message.name": "<UNKNOWN>",
            "Field(1): 106 (uint32)": {
              "protobuf.field.name": "<UNKNOWN>",
              "protobuf.field.number": "1",
              "protobuf.field.wiretype": "0",
              "protobuf.field.value": "6a",
              "protobuf.field.value_tree": {
                "protobuf.field.value.uint32": "106"

I have searched for an option to make tshark find the .proto files something like protocol_search_paths but nothing I have tried worked so far, do you know if there is a way to do this?

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Aminekhdh
close date 2025-09-10 07:26:44.132937

add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-09-10 07:26:21 +0000

Aminekhdh gravatar image

I have finally found the solution for this, maybe someone else might need it in the future, tshark was finally able to use my .proto files when I used the preference protobuf_search_paths:

the cammand is tshark ... -o  uat:protobuf_search_paths: "/path/to/protofolder","TRUE"

don't forget to escape special characters like so otherwise it won't work :

"uat:protobuf_search_paths:\"/path/to/protofolde\",\"TRUE\""
edit flag offensive delete link more

Comments

You can also add that to your preference file to make it permanent.

If you run Wireshark, you select Preferences from the Edit menu (non-Macs) or the Wireshark menu (Macs), open Protocols from the list on the left, search for "ProtoBuf" in that list (type "P" enough times and it'll get you to the protocols with names beginning with "P"), and click "Edit:" to edit the list of paths.

Guy Harris gravatar imageGuy Harris ( 2025-09-10 07:59:20 +0000 )edit

Thanks Harris for the fast comment, in our context I need to use tshark capabilities in a fully automated system, it was great to find that I can use the command line like that, I know the preference setting can be a one time thing but I would like to reduce any manual dependency as much as I can

Aminekhdh gravatar imageAminekhdh ( 2025-09-10 10:30:14 +0000 )edit

You can also use -C on the command line with TShark to select particular configuration profiles other than the default, which can be useful for automation. Note that TShark without that option will always use the Default profile, unlike Wireshark which uses the last selected profile.

johnthacker gravatar imagejohnthacker ( 2025-09-10 12:18:14 +0000 )edit
add a comment

Question Tools

subscribe to rss feed

Stats

Asked: 2025-09-09 15:03:01 +0000

Seen: 380 times

Last updated: 8 hours ago

Related questions

Any way to use cmd tshark for a gns3 wire?

lua script for 80211ah

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Error while creating a Lua listener in 2.4.2 with filter

Lua Dumper to variable

http2 decrypted data in tshark lua script

Decode as LUA - how do I do that?

LUA: dissector wide global table

Deduplication in tshark -T ek [closed]