Ask Your Question
0

MATE: Calculate response time for SMPP

asked 2022-09-26 05:22:51 +0000

Hi all, I'm just trying to use MATE to calculate response time between each submit_sm and submit_sm_resp, this is the mate script I'm using:

Pdu smpp_pdu Proto smpp Transport mate { 
   Extract cmd From smpp.command_id; 
   Extract seq From smpp.sequence_number;
};
Gop smpp_session On smpp_pdu Match (seq) { 
   Start (cmd=4); 
   Stop (cmd=2147483652);
};
Done;

So basically, it exacts command id and sequence numbers, then in Gop uses command id for start/stop 4 = 0x00000004 = SUBMIT_SM 2147483652 = 0x80000004 = SUBMIT_SM_RESP

This should do the trick. But, now what? I added a column with Delta Time Displayed, and this should show the response time for each submit_sm_resp, but this is not using MATE, just calculate the time between each previous packet:

image description

How can I use MATE script?

If I use the following filter in a specific column: mate.smpp_pdu.RelativeTime

I only got the seconds, for each packet, from starting trace:

image description

As far I understood, MATE should setup time between START and STOP, but which is the filter I should use? This doesn't shown anything: mate.smpp_session.Time

Please advise, Thank you, Lucas

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-09-26 15:28:01 +0000

Chuckc gravatar image

(MATE can be very frustrating to work with)

From the WSUG 12.7.1. Attribute Value Pairs:

12.7.1.2. Value The value is a string. It is either set in the configuration (for configuration AVPs) or by MATE while extracting interesting fields from a dissection tree and/or manipulating them later. The values extracted from fields use the same representation as they do in filter strings.

Pdu smpp_pdu Proto smpp Transport mate { 
   Extract cmd From smpp.command_id; 
   Extract seq From smpp.sequence_number;
};
Gop smpp_session On smpp_pdu Match (seq) { 
   Start (cmd="0x00000004"); 
   Stop (cmd="0x80000004");
};
Done

Output from the Wiki Sample Capture (smpp.cap (libpcap)):

MATE smpp_pdu:6->smpp_session:1
    smpp_pdu: 6
        smpp_pdu time: 28.922
        smpp_pdu time since beginning of Gop: 0.00800896
        smpp_pdu Attributes
            cmd: 0x80000004
            seq: 3
    smpp_session: 1
        GOP Key:  seq=3;
        smpp_session Attributes
            seq: 3
        smpp_session Times
            smpp_session start time: 28.914
            smpp_session hold time: 0.00800896
            smpp_session duration: 0.00800896
        smpp_session number of PDUs: 2
            Start PDU: in frame: 9 (0.000000 : 0.000000)
            Stop PDU: in frame: 10 (0.008009 : 0.008009)

edit flag offensive delete link more

Comments

OMG! It was so simple! That's the reason because start/stop doesn't work!!! Thank you very much Chuckc, you saved me a lot of headache!

Do you know if is possible to adjust/reduce the decimals as per delta time in the example below?

https://i.imgur.com/MeOjmFo.png

Something like:

from: 0,0110474 to: 0,011

LucasRey gravatar imageLucasRey ( 2022-09-26 16:38:09 +0000 )edit

You could do that with a Wireshark Lua plugin.

There is an example post processor on the Wireshark Wiki

EASYPOST.lua - a template to copy a field, modify the data and add as a new Protocol field.

Chuckc gravatar imageChuckc ( 2022-09-26 16:50:45 +0000 )edit
  • Step 4 modified to grab the MATE field.
  • Format string changed to 3 digits of floating point.
    local field_data = string.format("%.3f", v.value):upper()
-- EASYPOST.lua
-- Replace occurrences of "easypost/EASYPOST" with protocol/dissector name.
-- Grab and format fields as needed

-- Step 1 - document as you go. See header above and set_plugin_info().
local easypost_info =
{
    version = "1.0.0",
    author = "Good Coder",
    description = "Important EASYPOST stuff",
    repository = "Floppy in top drawer"
}

set_plugin_info(easypost_info)

-- Step 2 - create a protocol to attach new fields to
local easypost_p = Proto.new("easypost","Important EASYPOST Protocol")

-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("easypost.payload", "EASYPOST data") }

easypost_p.fields = pf

-- Step 4 - create a Field extractor to copy packet field data.
easypost_payload_f = Field.new("mate.smpp_session.Duration")

-- Step 5 - create the postdissector function that will run on each frame/packet
function easypost_p.dissector(tvb,pinfo,tree)
    local ...
(more)
Chuckc gravatar imageChuckc ( 2022-09-26 17:21:40 +0000 )edit

Thank you again Chuckc, unfortunately I have so many activities that I have no time now to play with it. But since I know very well lua language, I'll check it later for sure. I need only to know/study how to implement lua in wireshark, and then I can implement the string format and maybe many other automations with lua!

LucasRey gravatar imageLucasRey ( 2022-09-27 05:03:01 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-09-26 05:19:47 +0000

Seen: 69 times

Last updated: Sep 26