I read the code again. In `ApiVersionsResponseData._write()`, there is a check of the version. If >=3, the API keys array is pre-prended by one byte that contains the length of the following array. Else, it is an INT32 that contains the length of the following array. So, the 0x3c in my case is the count of APIs in the response i.e., 60. While the Wireshark GUI does show the API Key and Version, it appears in square brackets. Therefore, I am not sure, if Wireshark _always_ assumes that the response is version 3 or higher.
On Sun, Oct 27, 2024 at 11:25 PM Steven Miller <st...@idrathernotsay.com> wrote: > There used to be a kafka dissector that I thought was shipped with > Wireshark - does that decode this properly? I wasn’t certain if you were > trying to decode it yourself or if the kafka dissector wasn’t working. > > I wrote something up here about using the dissector, but it’s been almost > a decade since then… > > -Steve > > > On Oct 27, 2024, at 12:42 PM, Chain Head <mrchainh...@gmail.com> wrote: > > > > (Apologies - I sent the same mail to the dev mailing list by mistake!) > > > > Hello, > > I set-up a simple Java client to publish a sample message to Kafka > broker. > > I can see API Versions request v3 and response messages. I am able to map > > all the bytes as described here > > (https://kafka.apache.org/protocol.html#The_Messages_ApiVersions) for > > API > > Versions request and response except for 1 byte as shown below. > > > > - Length - INT32 > > - Correlation ID - INT32 > > - Error code - INT16 > > - ? - 1 byte value 0x3c > > - Array of API keys, supported versions and tagged fields > > - Throttle - INT32 > > - Tagged fields. > > > > Can you please help me understand? > > > > Thanks. >
