UDP Ports

It specifies the range of UDP ports. “8000” or “8000,8008-8088,9080” are acceptable formats in this field.

Message Type:

This field specifies the Protobuf message type that is to be used for parsing the data on the given UDP port(s). The message type can be left empty, which implies Protobuf can analyze the data on the specified UDP ports as if it were a standard wire type without precise definitions. Protobuf dissector can be called by creating our dissector. If it is written in C language, then the message type can be passed using the data parameter of call dissector with data() function to the Protobuf dissector. If your dissector is written in Lua, then the message type can be passed on to the Protobuf dissector using pinfo.private[“pb_msg_type”]. 

Format:

The format of specifying data and pinfo.private[“pb_msg_type”] is

"message," message_type_name

For Example:

message,hello.Welcome

Hello is the package name and welcome is the message type.

The concept of Protobuf UDP Message Type in Wireshark is to parse the data on the specified UDP port, Wireshark uses this table to determine the type of Protobuf message, in case the payload of UDP includes the Protobuf encoding (s) on the specific ports.   The “User Table” consists of the following fields that keep the configuration maps for UDP Port(s) to Protobuf message type.