This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Related SMPP submit_sm filter

0

Hello, everyone! I'd like to filter out SMPP submit_resp's with а non-OK status. It's quite simple:

(smpp.command_id == 0x80000004) && !(smpp.command_status == 0x00000000)

But how can I filter out related SMPP submit_sm's without knowing of an absolute value of the SMPP sequence number? The goal is to create non-interactive tshark filtered dump.

Thanks in advance.

asked 14 Jul '15, 01:01

rusyarr's gravatar image

rusyarr
1224
accept rate: 0%

There must be a way to get a sequence number as a variable.

(14 Jul '15, 01:44) rusyarr

One Answer:

0

Bash helped me.

It looks like this:

tshark -r $folder/$suff.pcap.gz -Y "$(filter="";sn="";for sn in $(tshark -r $folder/$suff.pcap.gz -Y "(smpp.command_id == 0x80000004) && !(smpp.command_status == 0x00000000)" -Tfields -e "smpp.sequence_number");do filter="$filter || smpp.sequence_number == $sn";done;echo $filter|cut -c 4-)" -w $folder/$host4dump.submit_failed.pcap

For short:

  1. First I look for the SMPP submit_resp's with а non-OK status. I use filter (smpp.command_id == 0x80000004) && !(smpp.command_status == 0x00000000) for this purposes. -Tfields -e "smpp.sequence_number" only extract sequence numbers from the found packets.
  2. Secondly I use this numbers as a new filter.
  3. -w $folder/$host4dump.submit_failed.pcap outpust extracted to a new file.

answered 15 Jul '15, 11:47

rusyarr's gravatar image

rusyarr
1224
accept rate: 0%