Debug SMPP message with Wireshark¶

• Table of contents
• Debug SMPP message with Wireshark
  • Automatic pcap capturing on the server.
  • Manual pcap capturing on the server.
  • Manual packet capturing on your PC
  • Using wireshark for analysis.

Let's say, you want to see a decoded binary packet flow of the message exchange.
The convenient method to do this is to use the Wireshark application:

Wireshark works with the files which contain captured message in format .pcap.
Therefore, the initial task is to obtain such a file.

Automatic pcap capturing on the server.¶

This is the recommended method.
Use the embedded system of Pcap capturing to obtain the pcap file.

Manual pcap capturing on the server.¶

In case if automatic Pcap capturing is not available in your version, or it doesn't produce meaningful results, use manual method.
1. Actuire root access. Described in the section How to acquire root access

2. Capture the packet log of the message exchange.
We use tcpdump utility for this:

# tcpdump -s 0 -w sms.cap

This command will capture the packet log to a file sms.cap in thecurrent directory.
However it would be much better if you know from whom you are going to receive the traffic or to whom you are going to send it.
IP address of terminator or originator could be seen on the web-interface.
In this case execute the command this way:

# tcpdump -s 0 -w sms.cap host 192.168.0.1

In this case 192.168.0.1 - is the IP address of needed peer, through which the message flows.

To make a packet dump from several hosts (for example, orignator and terminator) use this instruction:

# tcpdump -s 0 -w sms.cap host 192.168.0.1 or 192.168.0.2

In this case 192.168.0.1 - is the IP address of originator,
192.168.0.2 - is the IP address of terminator.

Commands above capture on the first network interface.
To capture on specific interface, execute command this way:

# tcpdump -i rl0 -s 0 -w sms.cap

Here rl0 - is one of interfaces which are listed by

# ifconfig

The commands above begin capturing the packet log to a file.
To stop capturing to a file press CTRL+C.

Notice! To properly obtain a packet dump first run tcpdump before starting sending a message and stop it after message sending has been finished.

3. Download the packet log to your PC.
For this use pscp application (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html):

pscp.exe -C admin@10.0.0.1:sms.cap sms.cap

Now packet dump is on your PC.

Manual packet capturing on your PC¶

In case if you generate a message from your PC, it will be more convenient to capture the packet flow on your PC instead of the server.

1. Launch wireshark.
2. Press Start.
3. If you will be prompted - select network interface on which to capture.
4. Send a message from a message sending application.
5. Press Stop in wireshark.
6. Save file (Save As).

Using wireshark for analysis.¶

Open a pcap file obtained either automatically or manually in wireshark application (http://www.wireshark.org/).

1. Launch wireshark.
2. Choose file sms.cap in dialog File->Open.
3. You'll see all captured packets.
4. Choose needed packet by clicking with a mouse.
5. You'll see a decrypted contents of a message.

Русский перевод