This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decode SMS Bearer Data Hex String

0

I have the hex string for the SMS bearer data, GSM MAP, etc part of a network capture. Rather than providing an entire capture file to the Wireshark application, I just want to provide the hex stream of the SMS bearer data for decoding. Does Wireshark provide tools or an API for such a task?

For example, below I have provided the hex string for the GSM Mobile Application and GSM SMS TPDU parts of a packet capture. It is an SMS-SUBMIT request which I have manually decoded.

0x3045840891150009880132008208917535f150f239f2042f3d000a9132695403000011411090513032002074747a0e4acf416110bd3ca783ccf2771b44479741d120885e0eb743

    GTT: 1951009088102300
    MSISDN: 1957531052932
    Message Reference (TP-MR): 00
    TP-DA: 2396453000
    Timestamp: 01-09-2014 15:03:23 GMT+0
    Text Message: this is a test from the QA team!

I am hoping that I don't have to go spelunking through ANSI/GSM specification documents, since Wireshark has probably already done that...

asked 09 Jan '14, 08:53

tongerny's gravatar image

tongerny
16225
accept rate: 0%

One Answer:
active answersoldest answersnewest answerspopular answers
3

Hi, you can do this with some manual steps:

  • put your hex string in a file following the text2pcap format (http://www.wireshark.org/docs/man-pages/text2pcap.html)
  • in case of GSM SMS, as direction matters (to differentiate a SMS-DELIVER from a SMS-DELIVER REPORT for example) it's better to put it in the text file (see text2pcap -D option description)
  • in Wireshark GUI, click on File -> Import from Hex Dump
  • In the new window, select your file, click on "Direction indication" checkbox in case you put a I or O to indicate the direction, and select a USER 0 to 15 encapsulation type
  • Then go to Edit -> Preferences -> DLT USER and configure the protocol used to decode the user layer type you selected (see wiki.wireshark.org/HowToDissectAnything). For GSM SMS, the protocol name is gsm_sms and for GSM MAP, it is gsm_map

Note that to call directly the GSM SMS dissector, you need to use a Wireshark 1.11.2 or later development version.

Good luck,

Pascal.

permanent link

answered 10 Jan '14, 08:46

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Nice! It worked. Thanks.

I do have another related question though. Can this be done using a command line tool?

For example, I would like to be able to display GSM MAP in human readable format via a Perl script. As a debugging tool.

(10 Jan '14, 12:24) tongerny

Yes it can be done using a small script / program. You need to:

(10 Jan '14, 13:24) Pascal Quantin
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×89
×37
×8
×4
×3

question asked: 09 Jan '14, 08:53

question was seen: 9,715 times

last updated: 10 Jan '14, 13:26

Related questions

US Number Portability decode

ISUP IAM Malformed?

GSM SMS Call Flow invoke forwardSM

SLL to GSM SMS

statistics for GSM

Abis over IUA decoding

wireshark and dct3trace of LAPDm stored in xml

802.11r, 802.11k, 802.11u Supported fully? or Partially?

x509 decode with tshark

Show more characters on packet details fields.

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A