Since v3.0.0 Wireshark supports msgpack. I have a capture file containing msgpack messages encapsulated in UDP I want to dissect. The problem is that when I'm running:
tshark -r 1.pcap -d udp.port==60003,msgpack
I get following message:
tshark: Protocol "msgpack" isn't valid for layer type "udp.port"
tshark: Valid protocols for layer type "udp.port" are:
The list of supported protocol contains msgpack:
tshark -G protocols | grep msgpack
Message Pack MsgPack msgpack
Here is the link to example capture file: https://drive.google.com/file/d/1qZO-WKgTValghMjC4kM56B-M1FlYg5C2/view?usp=sharing
It is not possible to decode as msgpack in latest 3.07 tshark & Wireshark (i.e. this looks like a bug). If you are feeling virtuous, you can file one.
You can still access the data layer that comes after layer 4. We can use shell magic to do the equivalent of decoding the layer with the file you provided:
# Unix-like (Macos/Linux/BSD) systems ship with xxd.
# WSL on Windows will also have it.
bash$ tshark -r msgpack.pcap -T fields -e data | xxd -p -r | msgpack2json && echo
{"message_type":"complete_caching","generation":123992}
Here, we
msgpack2json
from msgpack-tools to convert the binary data back to JSON.