This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SMPP Submit strange

0

Hi !

I cannot explain myself the following case. http://cloudshark.org/captures/4de5550070f7

The SubmitSM packet was sent directly in one session (using Java application) making even socket flush after, but when I examine it in a Wireshark, I can see last 4 bytes (74203430) displayed, but not marked as part of the SubmitSM. However, they are marked as the begining of the next SMPP packet (Unbind). That's why the SMPP server cannot decode properly Unbind, since the first 4 bytes are wrong. Within the application log, I can see proper byte stream to be sent on the stream (including missing last 4 bytes) Do we have a problem with Tcp stack as Java is not dealing with Windows etc, just puts stream to the system Tcp stack ?

asked 08 Feb '14, 03:23

Miskulinko's gravatar image

Miskulinko
16114
accept rate: 0%


One Answer:

1

It looks like the Length field of the SMPP is incorrect: in frame 9 if you expand the SMPP tree you can see that it is 678 bytes. If you click on the SMPP line in the protocol-tree (middle) frame you'll see in the bottom status line that Wireshark thinks the SMPP is 678 bytes long but in the hex (bottom) pane you'll see this does not include the final 4 bytes.

So: the sender has a problem. It needs to include those final 4 bytes in the smpp length field.

answered 10 Feb '14, 08:27

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Uh, ive checked several times, but was concentrated on payload tlv length which is correct (630), not the header length :) Thx

(10 Feb '14, 09:15) Miskulinko