A colleague of mine wants to investigate a problem related to SMPP, and he took a snoop on the node, and when opening it with wireshark, he can see plenty of packets, then filtering on SMPP, there is nothing anymore. If I take that same snoop, load it in Wireshark, use the same filter, I can see all SMPP related packets, including bind, submit_SM that was used for his test, etc. We have the same version of Wireshark by the way... Do you have any idea why he can't see the SMPP packets???? Thanks, Charles asked 12 Jun '13, 10:36  lmcchju |
3 Answers:
Maybe the SMPP dissector is disabled on his machine.
Regards answered 12 Jun '13, 11:51  Kurt Knochner ♦ |
It also maybe that your friend has tried to decode that specific traffic (SMPP) in some other protocol and when he tries to filter now with SMPP normally he will not see anything. Right-click to the
Regards, Edmond. answered 12 Jun '13, 13:42  Edmond edited 13 Jun '13, 10:18 |
I suggest you have the blank trace use a display filter for the TCP port number you're using (assuming this is over TCP), then do as others have suggested and do a manual right-click "Decode As" operation for SMPP. Since SMPP doesn't use a defined port number it might just be some difference in the heuristics logic that Wireshark users between versions, if one version decodes it as SMPP and the other does not. Have you confirmed these are different versions you're using? answered 12 Jun '13, 15:07  Quadratic
Quote from the question:
(12 Jun '13, 16:29) Kurt Knochner ♦ touché. :) Still right that a manual decode should work though. (12 Jun '13, 19:39) Quadratic
de rien ;-) (13 Jun '13, 03:32) Kurt Knochner ♦ |
I am facing same issue, filtering SMPP on Wireshark gives no result. Manual decode also not working. Any specific version to try ?
Thanks, Steve
Did you try Kurt's version as described below?
Analyze -> Enabled Protocols -> SMPPyes.It is enabled.