How to trace SMPP traffic in Wireshark

This tutorial is a detailed guide on how to trace SMPP traffic using Wireshark. The process itself involves installing Wireshark, then we launch the program and configure to return SMPP traffic logs specifically. This is useful for monitoring all of your incoming and outgouing traffic, if you operate a large number of SMS messages at once. We hope you find this guide useful and let's get started with using Wireshark!

What is Wireshark?

Wireshark is a packet sniffer and analysis tool. It captures network traffic on the local network and stores that data for offline analysis. Wireshark captures network traffic from various sources such as Ethernet, Bluetooth, Wireless etc. In this guide we use Wiresark to trace SMPP traffic.

How to trace SMPP traffic in Wireshark (Simple instructions)

To trace SMPP traffic in Wireshark:

  1. Download Wireshark
  2. Install Wireshark
  3. Go on The Wireshark Network Analyzers welcome page
  4. Click on the blue Wireshark icon to see network traffic
  5. Apply a display filter to highlight the SMPP communication
  6. Inspect any SMPP PDU (by clicking on it)
  7. Examine the smpp submit_sm pdu used for SMS sending
  8. Open Follow TCP Stream from context menu
  9. Check the whole SMPP communication for the message

1.) Download wireshark

With Wireshark you can follow and save the network traffic passing through network cards. First, please download Wireshark from https://www.wireshark.org/#download page as you can see in the Figure 1.

download wireshark
Figure 1 - Download Wireshark

2.) Install wireshark

As soon as you started the installer .exe file, the installer starts with a welcome screen (Figure 2). All you have to do here is to click Next to continue the installation.

install wireshark
Figure 2 - Install Wireshark

3.) Start the capture

After you installed the Wireshark, in the opening page select the network interface via which you wish to capture the network traffic as the Figure 3 shows.

select interface
Figure 3 - Select Interface

You can start the traffic capturing process with click on the blue wireshark icon in the upper left of the page as you can see in the Figure 4.

start capture
Figure 4 - Start Capture

4.) Filter for SMPP protocol

You can filter the SMPP communication from the traffic if you type smpp in the "Apply a display filter" line as the Figure 5 shows.

filter smpp
Figure 5 - Filter SMPP

5.) Open an SMPP PDU

After you filtered out the SMPP communication you are able to open any SMPP PDU to see its content as you can see in Figure 6. As you can see this is an smpp submit_sm pdu. This pdu is used by the SMPP client to send an SMS to the SMPP server. By examining this PDU, you can seel all the fields of the smpp submit_sm pdu.

open smpp pdu
Figure 6 - Open SMPP PDU

6.) Follow TCP stream

You can follow the whole TCP communication for an SMPP message by right click on an SMPP PDU and than select the Follow/TCP Stream option.

follow tcp stream
Figure 7 - Follow TCP stream

After it you will see the whole SMPP communication for the message in one page at the Figure 8 shows.

tcp stream
Figure 8 - TCP stream

More information