Wireshark dissector for protocol buffer
I am currently using Wireshark to view the traffic of a message with multiple fields (double & enum) that were defined with protocol buffer. To be able to view the value of the different fields of the message I have used the open source dissector that I found on this page: https://github.com/128technology/prot...
The problem is that the value of the fields (after being decoded by the above dissector) is in Hexadecimal form. I am interested in being able to view it in decimal form.
The message code is very simple since it is just a trial. Here is the code if it is of any help!
syntax = "proto2";
// Message AData
message AData
{
required double x = 1;
required double y = ;
required double z = 3;
required eAType AType = 4;
required double a = 5;
required double b = 6;
required double c = 7;
required double d = 8;
required double e = 9;
required double f = 10;
}
syntax = "proto2";
enum eAType
{
PA = 0;
BA = 1;
AG = 2;
WG = 3;
}
Hi ASDI,
0] Please provide the packet capture in question. It will make it easier to help you. Screenshots also help if we're talking about Wireshark.
1] Depending on where you want to convert from hex to dec, you could take wireshark out of the picture. For example, let's say that you do something like
tshark -r <file> -T fields -e "my.very.cool.field"and save the input as part of a script. For example, python can convert a string 16 > 10 like so:int("100",16) => 256.2] If the dissector is parsing as hex and you want it converted to decimal, you should post a feature request as an issue to the repo (https://github.com/128technology/prot...).
Hello pocc,
Wireshark is only used to view the traffic of the message and the value of its fields. In the future when more messages are added I would like to use Wireshark to view the traffic of all of them through a network.
I have updated the question to add a screenshot of the different fields of the message and the value it displays. As you can see in the screenshot the "Value" shown under "Fixed64 Value" is in hexadecimal form; and that is where I would like to view it in decimal form.
Thank you!!
Unfortunatelly I am not able to upload an imagine since I don't have 60 points yet :(
0] Is there a packet capture? If you are piping to wireshark, can you save part of the stream as a pcap? I see the "message code" and what would help me much more is a file that ends in
.pcap. I want to be able to replicate this problem in Wireshark to understand it and right now, I can't do that.You don't need to upload an image/pcap. Just provide a link to a File on Dropbox/Google drive etc with sharing settings such that anyone who has the link can view the file.
1/2] You haven't addressed these points.
Hello,
Unfortunatelly I am not able to facilitate you with a packet capture for security reasons. I am sorry.
Regarding point 1 I am not sure I completely understand your point. But I am interested in keep on using wireshark to view the traffic of messages and its different fields with the value obtained.
Regarding point 2, I have already done that but I have gotten no answer yet!
I am sorry I cannot be of any more help. I would be glab to explain again my situation if there is any part of it that was not made complety clear.
Thank you!