Wireshark-bugs: [Wireshark-bugs] [Bug 11306] Error dissecting TCP/SMPP packets | Invalid SMPP Op
Date: Wed, 05 Aug 2015 12:46:03 +0000

Comment # 9 on bug 11306 from
well as promised (better late than never)...

attached a "sample" pcap file; a truncated version of a "tcp dump" file taken
on a production system. 

so, by making use of "wireedit" app, i replaced (i hope all necessary -
confidential - values):
- source ip with "127.0.0.1".
- dest ip with "255.255.255.255".
- destination address (msisdn) with "1234567890123".
- msisdn in text with "1234567890".
- originating address short short code with "XXX".
- originating address short short code in text with "XXX".

Keep in mind that "smpp" (destination port) is : "10000"

======================================================================================================================================

"wireshark" case | version: 1.10.14

When using "wireshark" - particularly version: 1.10.14 - and without defining
the "smpp" port in "decode as" dialogue, all "smpp" operations are being
displayed; result seems valid - the attached screen shot "smpp operations
WITHOUT decode as" (smpp_operations_WITHOUT_decode_as.jpg) shows the result of
the "smpp operations" in this case.

​However, when i am specifying the "smpp" port in "decode as" dialogue, then
the result of the "smpp" operations seems invalid (in this case, "submit_sm"
operations = 0) - the attached screen shot "smpp operations WITH decode as"
(smpp_operations_WITH_decode_as.jpg) shows the result of the "smpp operations"
in this case:
​
Below you can find the same results by making use of "tshark" utility:

# 1.1. "smpp" port NOT defined in "decode as" dialogue - results valid:

    $ ../Documents/Apps/Wireshark/tshark.exe -r sample.pcap -q -z
smpp_commands,tree

    ===================================================================
     SM_PP Operations            value              rate         percent
    -------------------------------------------------------------------
     SMPP Operations           1251       0.161734
      SMPP Requests              594       0.076794          47.48%
       Submit_sm                  594       0.076794         100.00%
      SMPP Responses             657       0.084939          52.52%
       Submit_sm - resp           657       0.084939         100.00%
     SMPP Response Status         657       0.084939
      Ok                           657       0.084939         100.00%

    ===================================================================

# 1.2. "smpp" port IS defined in "decode as" dialogue - results invalid:

    $ ../Documents/Apps/Wireshark/tshark.exe -r sample.pcap -q -z
smpp_commands,tree -d tcp.port==10000,smpp

    ===================================================================
     SM_PP Operations            value              rate         percent
    -------------------------------------------------------------------
     SMPP Operations            657       0.086305
      SMPP Requests                0       0.000000           0.00%
      SMPP Responses             657       0.086305         100.00%
       Submit_sm - resp           657       0.086305         100.00%
     SMPP Response Status         657       0.086305
      Ok                           657       0.086305         100.00%

    ===================================================================

======================================================================================================================================

"wireshark" case | version: 1.12.5

On the other hand, 

# 2.1. when using "wireshark" - particularly version: 1.12.5 - and without
defining the "smpp" port in "decode as" dialogue, you get the following
(totally) "invalid" results:

=====================================================================================================================================
SM_PP Operations:
Topic / Item          Count         Average       Min val       Max val      
Rate (ms)     Percent       Burst rate    Burst start  
-------------------------------------------------------------------------------------------------------------------------------------
SMPP Operations       0                                                        
            100%          -             -            
 SMPP Responses       0                                                        
                          -             -            
 SMPP Requests        0                                                        
                          -             -            
SMPP Response Status  0                                                        
            100%          -             -            

-------------------------------------------------------------------------------------------------------------------------------------

# 2.2. while when using "wireshark" - again version: 1.12.5 - this time
defining the "smpp" port in "decode as" dialogue, you get the following
"invalid" - but different - results; which are the same as the # 1.2 results
above !!!

=====================================================================================================================================
SM_PP Operations:
Topic / Item          Count         Average       Min val       Max val      
Rate (ms)     Percent       Burst rate    Burst start  
-------------------------------------------------------------------------------------------------------------------------------------
SMPP Operations       657                                                    
0,0863        100%          0,5600        1,672        
 SMPP Responses       657                                                    
0,0863        100,00%       0,5600        1,672        
  Submit_sm - resp    657                                                    
0,0863        100,00%       0,5600        1,672        
 SMPP Requests        0                                                      
0,0000        0,00%         -             -            
SMPP Response Status  657                                                    
0,0863        100%          0,5600        1,672        
 Ok                   657                                                    
0,0863        100,00%       0,5600        1,672        

-------------------------------------------------------------------------------------------------------------------------------------

======================================================================================================================================


You are receiving this mail because:
  • You are watching all bug changes.