How to parse protobuf packets in Wireshark

Question

My goal is to have a plugin/dissector that can parse a protocol based on protobuf (UDP).
I found on the web an Auto-generate Wireshark/Ethereal dissector plugins for Protocol Buffer messages: https://code.google.com/archive/p/protobuf-wireshark/
when i follow the ReadMe file i skipped "STEP 1: Install Wireshark from source" since i have it installed (version 1.12.3).

Step 2: Prepare Protocol Buffers -

this step i dont understend, how do i install libprotobuf and where?

Step 3: Updating wireshark configuration file -

I'm not sure what is "wireshark_src_dir"

I created a wireshark.conf file with:
wireshark_src_dir : C:\Program Files (x86)\Wireshark
wireshark_install_dir : C:\Program Files (x86)\Wireshark
wireshark_version : 1.12.3

Step 4: Run make_wireshark_plugin.py - for that step i downloaded and installed python-3.6.0-amd64.exe.

When i run this i get an error that: Traceback (most recent call last): File "C:\ProtoBuff\protobuff\make_wireshark_plugin.py", line 91, in f=open("configure.in","r") FileNotFoundError: [Errno 2] No such file or directory: 'configure.in'.

This file realy doesn't exists in the package i downloaded from github. Where do i get this file? do i need to create such? What is this make_wireshark_plugin.py generates?

Step 5: Create proto configuration files - All proto configuration files need to be in /usr/share/wireshark/protobuf or $HOME/.wireshark/protobuf.

i dont have a share folder and protobuf folder in wireshark installation path. Can i simply put the proto configuration files in the plugins folder?

Answer 1

New features about Protobuf and gRPC dissectors have been added into Wireshark since version 3.2.0:

• Protobuf files (*.proto) can now be configured to enable more precise parsing of serialized Protobuf data (such as gRPC).
• The message of stream gRPC method can now be parsed with supporting of HTTP2 streaming mode reassembly feature.
• User can specify protobuf search paths (where has *.proto files), and the UDP ports to protobuf message type maps at the Protobuf protocol preferences.
• If your own dissectors need invoke protobuf dissector, you can pass the message type to Protobuf dissector by data parameter (in C) or pinfo->private_table["pb_msg_type"] (pinfo.private["pb_msg_type"] in lua).

Another two new features will be released in 3.3.0 or 3.4.0:

• Protobuf fields can be dissected as wireshark (header) fields that allows user input the full names of Protobuf fields or messages in Filter toolbar for searching.
• Dissector based on Protobuf can register itself to a new 'protobuf_field' dissector table, which is keyed with the full names of fields, for further parsing fields of BYETS or STRING type.

References:

• https://www.wireshark.org/docs/relnotes/wireshark-3.2.0.html
• https://www.wireshark.org/docs/wsug_html_chunked/ChProtobufSearchPaths.html
• https://www.wireshark.org/docs/wsug_html_chunked/ChProtobufUDPMessageTypes.html