Ask Your Question
0

Filter for empty SMPP messages

asked 2021-03-16 19:19:21 +0000

sinaowolabi gravatar image

updated 2021-03-17 15:15:55 +0000

grahamb gravatar image

Hi, I am trying to construct a filter for incoming smpp messages that are empty and are the first message in. From the logs, when the smpp packet is decoded, I have messages that look like this:

2021-03-16T07:30:02+0100 [SmppTransceiverProtocol,client] INCOMING << {'body': {'mandatory_parameters': {'priority_flag': 0, 'source_addr': '2341231231234', 'protocol_id': 0, 'replace_if_present_flag': 0, 'registered_delivery': 0, 'dest_addr_ton': 'unknown', 'source_addr_npi': 'unknown', 'schedule_delivery_time': '', 'dest_addr_npi': 'unknown', 'sm_length': 0, 'esm_class': 24, 'data_coding': 15, 'service_type': 'USSD', 'source_addr_ton': 'unknown', 'sm_default_msg_id': 0, 'validity_period': '', 'destination_addr': '456', 'short_message': None}, 'optional_parameters': [{'length': 2, 'tag': 'its_session_info', 'value': '546e'}, {'length': 1, 'tag': 'ussd_service_op', 'value': '05'}]}, 'header': {'command_status': 'ESME_ROK', 'command_length': 64, 'sequence_number': 15682, 'command_id': 'deliver_sm'}}

And the values (I think) of interest, should be the "'data_coding': 15", and the ''short_message': None' parts. But I am having trouble matching these in a Wireshark filter. So far I've come up with permutations of this type: 'smpp.data_coding eq 15 and smpp.ussd_service_op eq 0x05 and smpp.sm_default_msg_id eq 0' Which unfortunately keep catching messages that do not have empty or null content. Please can someone help me correct or properly define this? If I could understand how properly to use the optional parameters values as well, would be a great help.

Thanks!

edit retag flag offensive close merge delete

Comments

What sort of output is that, where does it come from?

grahamb gravatar imagegrahamb ( 2021-03-17 15:16:47 +0000 )edit

Its a log from an SMPP client.

sinaowolabi gravatar imagesinaowolabi ( 2021-03-18 07:43:56 +0000 )edit

I'm sorry I still don't follow. The is a log file output by an application other than Wireshark?

grahamb gravatar imagegrahamb ( 2021-03-18 09:01:31 +0000 )edit

Yes it was, and I was able to pull out the SMPP data needed

sinaowolabi gravatar imagesinaowolabi ( 2021-07-26 17:21:37 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-07-26 17:30:01 +0000

sinaowolabi gravatar image

smpp.data_coding == 0x0f and smpp.ussd_service_op == 0x05 really helped, with other smpp filtering combinations.

edit flag offensive delete link more

Comments

Wow, an answer after more than 5 years. Should be a special badge for that

grahamb gravatar imagegrahamb ( 2021-07-26 17:49:35 +0000 )edit

Sorry about that :-) Work was/is crazy. Also is crazy is my not wanting to leave anything unanswered, no matter how long ago. Is that what OCD is?

sinaowolabi gravatar imagesinaowolabi ( 2021-07-26 17:51:52 +0000 )edit

You should complete your mission and accept your answer by clicking the check mark to the left of it.

grahamb gravatar imagegrahamb ( 2021-07-26 18:18:58 +0000 )edit

Oh yes! Unfortunately I don't have points enough to accept my own answer.

sinaowolabi gravatar imagesinaowolabi ( 2021-07-26 20:17:09 +0000 )edit
1

Done. Thanks for coming back.

grahamb gravatar imagegrahamb ( 2021-07-27 07:09:49 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-03-16 19:19:21 +0000

Seen: 378 times

Last updated: Mar 17 '21