This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SMPP parse with lua

0

Hello! Sorry for my bad english!

I write lua script for parse smpp protocol do local smpp_packets = 0 local tcp_ack_time_count = 0 local tcp_ack_time_sum = 0 local submit_sm = 0 local submit_sm_resp = 0 local deliver_sm = 0 local deliver_sm_resp = 0 local mo_deliver_sm = 0

local function init_listener()
    local tap = Listener.new("smpp")
    local ip_dst = Field.new("ip.dst")
    local ip_src = Field.new("ip.src")
    local frame_number = Field.new("frame.number")
    local frame_time = Field.new("frame.time")
    local frame_epochtime = Field.new("frame.time_epoch")
    local tcp_analysis_ack_rtt = Field.new("tcp.analysis.ack_rtt")
    local smpp_command_id = Field.new("smpp.command_id")
    local smpp_sequence_number = Field.new("smpp.sequence_number")
    local smpp_message_id = Field.new("smpp.message_id")
    local smpp_receipted_message_id = Field.new("smpp.receipted_message_id")
    local smpp_esm_submit_msg_type = Field.new("smpp.esm.submit.msg_type")
    local smpp = Field.new("smpp")

function tap.packet(pinfo,tvb,ip)
    local src = tostring(ip_src())
    local dst = tostring(ip_dst())
    local frame = tostring(frame_number())
    local frametime = tostring(frame_time())
    local frameepoch = tostring(frame_epochtime())
    local command_id = smpp_command_id()
    local sequence_number = smpp_sequence_number()
    local message_id = smpp_message_id()
    local receipted_message_id = smpp_receipted_message_id()
    local esm_submit_msg_type = smpp_esm_submit_msg_type()
    local out_message_id = ""
    local out_receipted_message_id = ""
    local out_esm_submit_msg_type = ""
    --local _smpp = smpp()

    if message_id ~= nil then
        out_message_id = message_id
    end

    if receipted_message_id ~= nil then
        out_receipted_message_id = receipted_message_id
    end

    if esm_submit_msg_type ~= nil then
        out_esm_submit_msg_type = esm_submit_msg_type
    end

    print(string.format("%s|%s|%s|%s|%s|%s|%s", frame, frameepoch, command_id, sequence_number, out_message_id, out_receipted_message_id, out_esm_submit_msg_type))

end



end
init_listener()

end

if frame include more one smpp packet my script output this

40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0
40495|1433778261.482167000|4|459182|||0

459182 But packets in frame with sequence number 459182-459190

How i can take sequence number and another field for every smpp packet?

asked 10 Jun ‘15, 06:52

Sergey%20%20Dergachev's gravatar image

Sergey Derg…
6113
accept rate: 0%

edited 27 Jun ‘15, 17:24

Hadriel's gravatar image

Hadriel
2.7k2939

2 Answers:

0

You'd have to put field selector in "{}" brackets and they will return a table

Then you iterate over a table something along the lines like below

        local command_id_tbl = { smpp_command_id() } 
        local sequence_number_tbl = { smpp_sequence_number() }
        local message_id_tbl = { smpp_message_id() } 
        local receipted_message_id_tbl = { smpp_receipted_message_id() }
        local esm_submit_msg_type_tbl = { smpp_esm_submit_msg_type() }

    for i, sequence_number in ipairs(sequence_number_tbl)
    do
        print(string.format("%s|%s|%s|%s", frame, frameepoch, command_id_tbl[i], sequence_number_tbl[i]))

    end

answered 10 Jun ‘15, 07:50

izopizo's gravatar image

izopizo
2024714
accept rate: 0%

Thank you But don’t work! If have packet with link text

In table message_id only one element, but to which the packet is this element can not be determined

(10 Jun ‘15, 08:00) Sergey Derg…

0

Since there could be multiple SMPP messages in a single captured frame (i.e., a single IP packet and TCP segment), and they might not each have a Message ID field, you'll have to keep track of each SMPP message as its parsed and which Message ID each has (if any).

See the answer for question #43543 for an idea of how to do that.

Basically the idea is to keep a Lua table indexed by the frame numbers, and the value of that frame number entry would be the number of Message ID fields already parsed/seen. Since your tap.packet() function will be invoked by Wireshark for each SMPP message, you can figure out how many (if any) Message ID fields have already been accounted for or if there's a new one.

answered 27 Jun '15, 17:35

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%