Open In App

What are Protobuf Search Paths in Wireshark?

Last Updated : 19 Dec, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

Protocol Buffers define how the local and remote Wireshark processes should interact with each other. The protocol buffer chatty layer allows you to configure a proxy server and have Wireshark talk to it, which could be on your own machine or on a different one. This is sometimes useful for debugging, but there are processors in data centers that are running Wireshark as well.

In those cases, you can use the protobuf search paths value to tell them where to find the protocol buffers files they need in order to communicate with each other. If you’re trying to troubleshoot an issue with Wireshark saving data from a customer’s node application (e.g., Apache Spark, Apache Kafka, etc.).

Protocol Buffers in Wireshark:

Protocol Buffers are used for protocol negotiation and file format description. The file name of the downloaded protocol buffer code is called a “binary” and the actual binary object data is called a “byte stream”. Protocol buffers are used by many other tools, such as Drop wizard libraries and Thrift libraries. In addition to developing open-source software to use them, they’re also used by proprietary software.

Protocol Buffers were originally created by Google in 2007 to be better at describing how Java programs communicate with each other across a network. Today they are supported by Facebook and Apple, among others. You can learn more about Google’s use of Protocol Buffers here.

Protobuf Search Paths:

When Wireshark communicates with a Wireshark instance on a different computer on the same network you can specify which protocol buffers binary to use for communication by defining a protobuf search path. You’ll want to set your protobuf search paths value in your Wireshark preferences file (usually located at C:\Users\<username>\AppData\Local\Programs\Wireshark\). The default value is “wiretap”, which uses the Wireshark binaries compiled with system libraries:    

 Wireshark –version …     

Protocol Buffers Version: 2.3.0     

Application Version: 1.10.1   

 Library Version: 2.3.0

Protobuf Search Paths are “key=value” pairs, separated by a semicolon and surrounded by quotes (e.g., “path=C:\Users\<username>\AppData\Local\MyProtoshare\”).

 

Protobuf Search Paths

 

Features: 

  • The “protobuf search paths” settings in Wireshark are broken by default. 
  • The result is that Wireshark cannot find the files it needs to transfer data between itself and the remote protobuf server.  
  • Here’s how you can modify your Wireshark preferences file to take advantage of “protobuf search paths”.

Save and Run Preferences:

  • Close Wireshark on both sides and restart it for changes to take effect. (This program does not support Auto-Restart.) After Wireshark restarts, open the preferences file with a text editor such as Notepad++ or TextEdit.
  • Look for the line with “protobuf search paths”.  Add a new line below it and copy and paste this text:
    protobuf search paths = ./wiretap;C:\Users\<username>\AppData\Local\MyProtoshare
  • Save your preference file then restart Wireshark. Wireshark should now be able to find the location of the protobuf files it needs.

Like Article
Suggest improvement
Next
What is User Table in Wireshark?
Share your thoughts in the comments

Similar Reads

Protobuf UDP Message and its Types in Wireshark
SMI (MIB and PIB) Paths in Wireshark
MaxMind Database Paths in Wireshark
SNMP Users Table in Wireshark
Viewing Packets You Have Captured in Wireshark
ONC-RPC Programs in Wireshark
Bluetooth Devices in Wireshark
Steps of Marking Packets in Wireshark
MATE’s Configuration Library in Wireshark
ARP in Wireshark
author
tejaswipkle
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox