Protocol Buffer Wireshark Plugin

Question

I am looking for a wireshark plugin for google protocol buffer. And I found this GPB Wireshark plugin http://code.google.com/p/protobuf-wireshark/

Apparently only UDP….Is there a GPB plugin for wireshark that works for TCP?

Answer 1

This plugin only supports wireshark 10.0.2.

Answer 2

You could use Protobuf dissector shipped with Wireshark instead. Since Wireshark 3.2.0, the *.proto files can now be configured to enable more precise parsing of serialized Protobuf data (such as gRPC).

Parsing Protobuf data based on UDP port is supported since that version. And you can also write a simple dissector to invoke Protobuf dissector for TCP by passing message type through 'data' parameter in C or pinfo.private["pb_msg_type"] in lua.

You may get detail from the release note (https://www.wireshark.org/docs/relnotes/wireshark-3.2.0.html). The detail of invoking Protobuf dissector in your own dissector is on https://www.wireshark.org/docs/wsug_html_chunked/ChProtobufUDPMessageTypes.html.