Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] SMPP dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 30 Aug 2002 02:16:36 -0700
On Fri, Aug 30, 2002 at 09:50:00AM +0300, Dorin Stancu wrote:
> I installed Ethereal v 0.9.6 and WinPcap version 2.3 on a Windows 2000
> system and I didn't succeed to capture SMPP packets. 
> 
> Can you tell me please what port Ethereal is listening to for SMPP
> packets ?

Ethereal doesn't listen to ports; it uses a raw packet capture mechanism
that delivers link-layer packets without regard to the port they came in
on.  The mechanism supports filtering based on various criteria,
including TCP port numbers, but that happens only if you specify a
capture filter expression.

The SMPP dissector registers as a "heuristic" dissector for TCP.  For
any TCP segment with data that doesn't have a source or destination port
for which a specific dissector is registered, the heuristic dissectors
registered for TCP are called; each one will either return FALSE and
dissect nothing, in which case the next heuristic dissector will be
called, or will return TRUE and dissect the packet, in which case no
other heuristic dissectors will be called.

The test the SMPP dissector does is:

	if the TCP segment doesn't have at least 16 bytes, the packet is
	assumed not to be SMPP;

	if the first 4 bytes don't match one of the known commands, the
	packet is assumed not to be SMPP;

	if the next 4 bytes don't match a known status, the packet is
	assumed not to be SMPP;

	otherwise, the packet is treated as SMPP.

If you are not capturing any SMPP packets, that's probably because none
are being delivered to your network interface.  (See

	http://www.ethereal.com/faq.html#q5.1

for a discussion of some reasons why you might not be seeing the traffic
you expect.)

If you are capturing SMPP packets, but Ethereal isn't *recognizing* them
as SMPP packets (i.e., if you look at the packets, they're obviously
SMPP packets, but they're not showing up as SMPP packets in the
display), there's probably a deficiency in the SMPP dissector.  You
could use the "Decode As" menu item to force a particular port to be
dissected as SMPP, but if that fixes the problem, and you don't want to
have to continue using "Decode As", you'd have to provide enough
information for us to figure out what the problem is.  (I said "us", not
"me" - I'm not the author of the SMPP dissector, so you should contact
the author, or just report the information to the ethereal-dev list.)
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube