Filter for empty SMPP messages
Hi, I am trying to construct a filter for incoming smpp messages that are empty and are the first message in. From the logs, when the smpp packet is decoded, I have messages that look like this:
2021-03-16T07:30:02+0100 [SmppTransceiverProtocol,client] INCOMING << {'body': {'mandatory_parameters': {'priority_flag': 0, 'source_addr': '2341231231234', 'protocol_id': 0, 'replace_if_present_flag': 0, 'registered_delivery': 0, 'dest_addr_ton': 'unknown', 'source_addr_npi': 'unknown', 'schedule_delivery_time': '', 'dest_addr_npi': 'unknown', 'sm_length': 0, 'esm_class': 24, 'data_coding': 15, 'service_type': 'USSD', 'source_addr_ton': 'unknown', 'sm_default_msg_id': 0, 'validity_period': '', 'destination_addr': '456', 'short_message': None}, 'optional_parameters': [{'length': 2, 'tag': 'its_session_info', 'value': '546e'}, {'length': 1, 'tag': 'ussd_service_op', 'value': '05'}]}, 'header': {'command_status': 'ESME_ROK', 'command_length': 64, 'sequence_number': 15682, 'command_id': 'deliver_sm'}}
And the values (I think) of interest, should be the "'data_coding': 15", and the ''short_message': None' parts. But I am having trouble matching these in a Wireshark filter. So far I've come up with permutations of this type: 'smpp.data_coding eq 15 and smpp.ussd_service_op eq 0x05 and smpp.sm_default_msg_id eq 0' Which unfortunately keep catching messages that do not have empty or null content. Please can someone help me correct or properly define this? If I could understand how properly to use the optional parameters values as well, would be a great help.
Thanks!
What sort of output is that, where does it come from?
Its a log from an SMPP client.
I'm sorry I still don't follow. The is a log file output by an application other than Wireshark?
Yes it was, and I was able to pull out the SMPP data needed