h1. Debug SMPP message with Wireshark

{{>toc}}

Let's say, you want to see a decoded binary packet flow of the message exchange.
The convenient method to do this is to use the _Wireshark_ application:

!wireshark_smpp.png!

_Wireshark_ works with the files which contain captured message in format _.pcap_.
Therefore, the initial task is to obtain such a file.

h2. Automatic pcap capturing on the server.

This is the recommended method.
Use the embedded system of [[Pcap capturing]] to obtain the _pcap_ file.

h2. Manual pcap capturing on the server.

In case if automatic [[Pcap capturing]] is not available in your version, or it doesn't produce meaningful results, use manual method.
1. Actuire _root_ access. Described in the section [[How to acquire root access]]

2. Capture the packet log of the message exchange. 
We use _tcpdump_ utility for this:

<pre>
# tcpdump -s 0 -w sms.cap
</pre>

This command will capture the packet log to a file sms.cap in thecurrent directory.
However it would be much better if you know from whom you are going to receive the traffic or to whom you are going to send it.
IP address of terminator or originator could be seen on the web-interface.
In this case execute the command this way:

<pre>
# tcpdump -s 0 -w sms.cap host 192.168.0.1
</pre>

In this case 192.168.0.1 - is the IP address of needed peer, through which the message flows.

To make a packet dump from several hosts (for example, orignator and terminator) use this instruction:

<pre>
# tcpdump -s 0 -w sms.cap host 192.168.0.1 or 192.168.0.2
</pre>

In this case 192.168.0.1 - is the IP address of originator, 
192.168.0.2 - is the IP address of terminator.

Commands above capture on the first network interface.
To capture on specific interface, execute command this way:

<pre>
# tcpdump -i rl0 -s 0 -w sms.cap
</pre>

Here rl0 - is one of interfaces which are listed by

<pre>
# ifconfig
</pre>

The commands above begin capturing the packet log to a file.
To stop capturing to a file press CTRL+C.

*Notice!* To properly obtain a packet dump first run _tcpdump_ *before* starting sending a message and stop it *after* message sending has been finished.

3. Download the packet log to your PC.
For this use _pscp_ application (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html):

<pre>
pscp.exe -C admin@10.0.0.1:sms.cap sms.cap
</pre>

Now packet dump is on your PC.

h2. Manual packet capturing on your PC

In case if you generate a message from your PC, it will be more convenient to capture the packet flow on your PC instead of the server.

For this:
# Launch _wireshark_.
# Press Start.
# If you will be prompted - select network interface on which to capture.
# Send a message from a message sending application.
# Press Stop in _wireshark_.
# Save file (Save As).

h2. Using _wireshark_ for analysis.

Open a pcap file obtained either automatically or manually in _wireshark_ application (http://www.wireshark.org/).

For this:
# Launch _wireshark_.
# Choose file sms.cap in dialog File->Open.
# You'll see all captured packets.
# Choose needed packet by clicking with a mouse.
# You'll see a decrypted contents of a message. 

[[Отладка SMPP сообщения с Wireshark|Русский перевод]]