Wireshark dissector for protocol buffer

asked 2019-03-21 15:25:41 +0000

ADSI gravatar image

updated 2019-03-21 19:14:02 +0000

Guy Harris gravatar image

I am currently using Wireshark to view the traffic of a message with multiple fields (double & enum) that were defined with protocol buffer. To be able to view the value of the different fields of the message I have used the open source dissector that I found on this page: https://github.com/128technology/prot...

The problem is that the value of the fields (after being decoded by the above dissector) is in Hexadecimal form. I am interested in being able to view it in decimal form.

The message code is very simple since it is just a trial. Here is the code if it is of any help!

syntax = "proto2";

// Message AData
message AData
{
    required double x = 1;
    required double y = ;
    required double z = 3;
    required eAType AType = 4;
    required double a = 5;
    required double b = 6;
    required double c = 7;
    required double d = 8;
    required double e = 9;
    required double f = 10;
}

syntax = "proto2";

enum eAType
{
    PA  = 0;
    BA  = 1;
    AG  = 2;
    WG  = 3;
}
edit retag flag offensive close merge delete

Comments

Hi ASDI,

0] Please provide the packet capture in question. It will make it easier to help you. Screenshots also help if we're talking about Wireshark.

1] Depending on where you want to convert from hex to dec, you could take wireshark out of the picture. For example, let's say that you do something like tshark -r <file> -T fields -e "my.very.cool.field" and save the input as part of a script. For example, python can convert a string 16 > 10 like so: int("100",16) => 256.

2] If the dissector is parsing as hex and you want it converted to decimal, you should post a feature request as an issue to the repo (https://github.com/128technology/prot...).

Ross Jacobs gravatar imageRoss Jacobs ( 2019-03-21 22:10:35 +0000 )edit

Hello pocc,

Wireshark is only used to view the traffic of the message and the value of its fields. In the future when more messages are added I would like to use Wireshark to view the traffic of all of them through a network.

I have updated the question to add a screenshot of the different fields of the message and the value it displays. As you can see in the screenshot the "Value" shown under "Fixed64 Value" is in hexadecimal form; and that is where I would like to view it in decimal form.

Thank you!!

ADSI gravatar imageADSI ( 2019-03-22 09:21:59 +0000 )edit

Unfortunatelly I am not able to upload an imagine since I don't have 60 points yet :(

ADSI gravatar imageADSI ( 2019-03-22 09:37:20 +0000 )edit

0] Is there a packet capture? If you are piping to wireshark, can you save part of the stream as a pcap? I see the "message code" and what would help me much more is a file that ends in .pcap. I want to be able to replicate this problem in Wireshark to understand it and right now, I can't do that.

You don't need to upload an image/pcap. Just provide a link to a File on Dropbox/Google drive etc with sharing settings such that anyone who has the link can view the file.

1/2] You haven't addressed these points.

Ross Jacobs gravatar imageRoss Jacobs ( 2019-03-22 13:33:02 +0000 )edit

Hello,

Unfortunatelly I am not able to facilitate you with a packet capture for security reasons. I am sorry.

Regarding point 1 I am not sure I completely understand your point. But I am interested in keep on using wireshark to view the traffic of messages and its different fields with the value obtained.

Regarding point 2, I have already done that but I have gotten no answer yet!

I am sorry I cannot be of any more help. I would be glab to explain again my situation if there is any part of it that was not made complety clear.

Thank you!

ADSI gravatar imageADSI ( 2019-03-25 15:39:56 +0000 )edit