This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

filtering on SMPP gives no result

0

A colleague of mine wants to investigate a problem related to SMPP, and he took a snoop on the node, and when opening it with wireshark, he can see plenty of packets, then filtering on SMPP, there is nothing anymore. If I take that same snoop, load it in Wireshark, use the same filter, I can see all SMPP related packets, including bind, submit_SM that was used for his test, etc.

We have the same version of Wireshark by the way...

Do you have any idea why he can't see the SMPP packets????

Thanks,

Charles

asked 12 Jun '13, 10:36

lmcchju's gravatar image

lmcchju
11112
accept rate: 0%

I am facing same issue, filtering SMPP on Wireshark gives no result. Manual decode also not working. Any specific version to try ?

Thanks, Steve

(04 Sep '14, 22:19) steve8

Did you try Kurt's version as described below? Analyze -> Enabled Protocols -> SMPP

(05 Sep '14, 03:56) Edmond

yes.It is enabled.

(09 Sep '14, 02:16) steve8

3 Answers:

0

Maybe the SMPP dissector is disabled on his machine.

Analyze -> Enabled Protocols -> SMPP

Regards
Kurt

answered 12 Jun '13, 11:51

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

It also maybe that your friend has tried to decode that specific traffic (SMPP) in some other protocol and when he tries to filter now with SMPP normally he will not see anything.

Right-click to the SMPP packet -> Decode As , than there are two options:

  1. Click on Clear
  2. Go to Transport tab and chose your TCP ports and select SMPP and Apply

Regards, Edmond.

answered 12 Jun '13, 13:42

Edmond's gravatar image

Edmond
1813614
accept rate: 33%

edited 13 Jun '13, 10:18

0

I suggest you have the blank trace use a display filter for the TCP port number you're using (assuming this is over TCP), then do as others have suggested and do a manual right-click "Decode As" operation for SMPP.

Since SMPP doesn't use a defined port number it might just be some difference in the heuristics logic that Wireshark users between versions, if one version decodes it as SMPP and the other does not. Have you confirmed these are different versions you're using?

answered 12 Jun '13, 15:07

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

Have you confirmed these are different versions you're using?

Quote from the question:

We have the same version of Wireshark by the way...

(12 Jun '13, 16:29) Kurt Knochner ♦

touché. :)

Still right that a manual decode should work though.

(12 Jun '13, 19:39) Quadratic

touché. :)

de rien ;-)

(13 Jun '13, 03:32) Kurt Knochner ♦