Decode SMS Bearer Data Hex String

Question

I have the hex string for the SMS bearer data, GSM MAP, etc part of a network capture. Rather than providing an entire capture file to the Wireshark application, I just want to provide the hex stream of the SMS bearer data for decoding. Does Wireshark provide tools or an API for such a task?

For example, below I have provided the hex string for the GSM Mobile Application and GSM SMS TPDU parts of a packet capture. It is an SMS-SUBMIT request which I have manually decoded.

0x3045840891150009880132008208917535f150f239f2042f3d000a9132695403000011411090513032002074747a0e4acf416110bd3ca783ccf2771b44479741d120885e0eb743

    GTT: 1951009088102300
    MSISDN: 1957531052932
    Message Reference (TP-MR): 00
    TP-DA: 2396453000
    Timestamp: 01-09-2014 15:03:23 GMT+0
    Text Message: this is a test from the QA team!

I am hoping that I don't have to go spelunking through ANSI/GSM specification documents, since Wireshark has probably already done that...

Accepted Answer

Hi, you can do this with some manual steps:

put your hex string in a file following the text2pcap format (http://www.wireshark.org/docs/man-pages/text2pcap.html)
in case of GSM SMS, as direction matters (to differentiate a SMS-DELIVER from a SMS-DELIVER REPORT for example) it's better to put it in the text file (see text2pcap -D option description)
in Wireshark GUI, click on File -> Import from Hex Dump
In the new window, select your file, click on "Direction indication" checkbox in case you put a I or O to indicate the direction, and select a USER 0 to 15 encapsulation type
Then go to Edit -> Preferences -> DLT USER and configure the protocol used to decode the user layer type you selected (see wiki.wireshark.org/HowToDissectAnything). For GSM SMS, the protocol name is gsm_sms and for GSM MAP, it is gsm_map

Note that to call directly the GSM SMS dissector, you need to use a Wireshark 1.11.2 or later development version.

Good luck,

Pascal.