Wireshark-bugs: [Wireshark-bugs] [Bug 11306] Error dissecting TCP/SMPP packets | Invalid SMPP Op
Date: Wed, 05 Aug 2015 12:46:03 +0000
Comment # 9
on bug 11306
from Aristotelis M.
well as promised (better late than never)...
attached a "sample" pcap file; a truncated version of a "tcp dump" file taken
on a production system.
so, by making use of "wireedit" app, i replaced (i hope all necessary -
confidential - values):
- source ip with "127.0.0.1".
- dest ip with "255.255.255.255".
- destination address (msisdn) with "1234567890123".
- msisdn in text with "1234567890".
- originating address short short code with "XXX".
- originating address short short code in text with "XXX".
Keep in mind that "smpp" (destination port) is : "10000"
======================================================================================================================================
"wireshark" case | version: 1.10.14
When using "wireshark" - particularly version: 1.10.14 - and without defining
the "smpp" port in "decode as" dialogue, all "smpp" operations are being
displayed; result seems valid - the attached screen shot "smpp operations
WITHOUT decode as" (smpp_operations_WITHOUT_decode_as.jpg) shows the result of
the "smpp operations" in this case.
However, when i am specifying the "smpp" port in "decode as" dialogue, then
the result of the "smpp" operations seems invalid (in this case, "submit_sm"
operations = 0) - the attached screen shot "smpp operations WITH decode as"
(smpp_operations_WITH_decode_as.jpg) shows the result of the "smpp operations"
in this case:
Below you can find the same results by making use of "tshark" utility:
# 1.1. "smpp" port NOT defined in "decode as" dialogue - results valid:
$ ../Documents/Apps/Wireshark/tshark.exe -r sample.pcap -q -z
smpp_commands,tree
===================================================================
SM_PP Operations value rate percent
-------------------------------------------------------------------
SMPP Operations 1251 0.161734
SMPP Requests 594 0.076794 47.48%
Submit_sm 594 0.076794 100.00%
SMPP Responses 657 0.084939 52.52%
Submit_sm - resp 657 0.084939 100.00%
SMPP Response Status 657 0.084939
Ok 657 0.084939 100.00%
===================================================================
# 1.2. "smpp" port IS defined in "decode as" dialogue - results invalid:
$ ../Documents/Apps/Wireshark/tshark.exe -r sample.pcap -q -z
smpp_commands,tree -d tcp.port==10000,smpp
===================================================================
SM_PP Operations value rate percent
-------------------------------------------------------------------
SMPP Operations 657 0.086305
SMPP Requests 0 0.000000 0.00%
SMPP Responses 657 0.086305 100.00%
Submit_sm - resp 657 0.086305 100.00%
SMPP Response Status 657 0.086305
Ok 657 0.086305 100.00%
===================================================================
======================================================================================================================================
"wireshark" case | version: 1.12.5
On the other hand,
# 2.1. when using "wireshark" - particularly version: 1.12.5 - and without
defining the "smpp" port in "decode as" dialogue, you get the following
(totally) "invalid" results:
=====================================================================================================================================
SM_PP Operations:
Topic / Item Count Average Min val Max val
Rate (ms) Percent Burst rate Burst start
-------------------------------------------------------------------------------------------------------------------------------------
SMPP Operations 0
100% - -
SMPP Responses 0
- -
SMPP Requests 0
- -
SMPP Response Status 0
100% - -
-------------------------------------------------------------------------------------------------------------------------------------
# 2.2. while when using "wireshark" - again version: 1.12.5 - this time
defining the "smpp" port in "decode as" dialogue, you get the following
"invalid" - but different - results; which are the same as the # 1.2 results
above !!!
=====================================================================================================================================
SM_PP Operations:
Topic / Item Count Average Min val Max val
Rate (ms) Percent Burst rate Burst start
-------------------------------------------------------------------------------------------------------------------------------------
SMPP Operations 657
0,0863 100% 0,5600 1,672
SMPP Responses 657
0,0863 100,00% 0,5600 1,672
Submit_sm - resp 657
0,0863 100,00% 0,5600 1,672
SMPP Requests 0
0,0000 0,00% - -
SMPP Response Status 657
0,0863 100% 0,5600 1,672
Ok 657
0,0863 100,00% 0,5600 1,672
-------------------------------------------------------------------------------------------------------------------------------------
======================================================================================================================================
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 11306] Error dissecting TCP/SMPP packets | Invalid SMPP Operations statistics
- Next by Date: [Wireshark-bugs] [Bug 11419] 802.11ad Decoding Error
- Previous by thread: [Wireshark-bugs] [Bug 11306] Error dissecting TCP/SMPP packets | Invalid SMPP Operations statistics
- Next by thread: [Wireshark-bugs] [Bug 11421] New: GVCP filter expression predefined values for gvcp.cmd.command, hex vs. unsigned
- Index(es):