Filter for empty SMPP messages

asked 2021-03-16 19:19:21 +0000

updated 2021-03-17 15:15:55 +0000

grahamb gravatar image

Hi, I am trying to construct a filter for incoming smpp messages that are empty and are the first message in. From the logs, when the smpp packet is decoded, I have messages that look like this:

2021-03-16T07:30:02+0100 [SmppTransceiverProtocol,client] INCOMING << {'body': {'mandatory_parameters': {'priority_flag': 0, 'source_addr': '2341231231234', 'protocol_id': 0, 'replace_if_present_flag': 0, 'registered_delivery': 0, 'dest_addr_ton': 'unknown', 'source_addr_npi': 'unknown', 'schedule_delivery_time': '', 'dest_addr_npi': 'unknown', 'sm_length': 0, 'esm_class': 24, 'data_coding': 15, 'service_type': 'USSD', 'source_addr_ton': 'unknown', 'sm_default_msg_id': 0, 'validity_period': '', 'destination_addr': '456', 'short_message': None}, 'optional_parameters': [{'length': 2, 'tag': 'its_session_info', 'value': '546e'}, {'length': 1, 'tag': 'ussd_service_op', 'value': '05'}]}, 'header': {'command_status': 'ESME_ROK', 'command_length': 64, 'sequence_number': 15682, 'command_id': 'deliver_sm'}}

And the values (I think) of interest, should be the "'data_coding': 15", and the ''short_message': None' parts. But I am having trouble matching these in a Wireshark filter. So far I've come up with permutations of this type: 'smpp.data_coding eq 15 and smpp.ussd_service_op eq 0x05 and smpp.sm_default_msg_id eq 0' Which unfortunately keep catching messages that do not have empty or null content. Please can someone help me correct or properly define this? If I could understand how properly to use the optional parameters values as well, would be a great help.

Thanks!

edit retag flag offensive close merge delete

Comments

What sort of output is that, where does it come from?

grahamb gravatar imagegrahamb ( 2021-03-17 15:16:47 +0000 )edit

Its a log from an SMPP client.

sinaowolabi gravatar imagesinaowolabi ( 2021-03-18 07:43:56 +0000 )edit

I'm sorry I still don't follow. The is a log file output by an application other than Wireshark?

grahamb gravatar imagegrahamb ( 2021-03-18 09:01:31 +0000 )edit