How to trace SMPP traffic in Wireshark
This tutorial is a detailed guide on how to trace SMPP traffic using Wireshark. The process itself involves installing Wireshark, then we launch the program and configure to return SMPP traffic logs specifically. This is useful for monitoring all of your incoming and outgouing traffic, if you operate a large number of SMS messages at once. We hope you find this guide useful and let's get started with using Wireshark!
What is Wireshark?
Wireshark is a packet sniffer and analysis tool. It captures network traffic on the local network and stores that data for offline analysis. Wireshark captures network traffic from various sources such as Ethernet, Bluetooth, Wireless etc. In this guide we use Wiresark to trace SMPP traffic.
How to trace SMPP traffic in Wireshark (Simple instructions)
To trace SMPP traffic in Wireshark:
- Download Wireshark
- Install Wireshark
- Go on The Wireshark Network Analyzers welcome page
- Click on the blue Wireshark icon to see network traffic
- Apply a display filter to highlight the SMPP communication
- Inspect any SMPP PDU (by clicking on it)
- Examine the smpp submit_sm pdu used for SMS sending
- Open Follow TCP Stream from context menu
- Check the whole SMPP communication for the message
1.) Download wireshark
With Wireshark you can follow and save the network traffic passing through network cards. First, please download Wireshark from https://www.wireshark.org/#download page as you can see in the Figure 1.
    
      
2.) Install wireshark
As soon as you started the installer .exe file, the installer starts with a welcome screen (Figure 2). All you have to do here is to click Next to continue the installation.
    
      
3.) Start the capture
After you installed the Wireshark, in the opening page select the network interface via which you wish to capture the network traffic as the Figure 3 shows.
    
      
You can start the traffic capturing process with click on the blue wireshark icon in the upper left of the page as you can see in the Figure 4.
    
      
4.) Filter for SMPP protocol
You can filter the SMPP communication from the traffic if you type smpp in the "Apply a display filter" line as the Figure 5 shows.
    
      
5.) Open an SMPP PDU
After you filtered out the SMPP communication you are able to open any SMPP PDU to see its content as you can see in Figure 6. As you can see this is an smpp submit_sm pdu. This pdu is used by the SMPP client to send an SMS to the SMPP server. By examining this PDU, you can seel all the fields of the smpp submit_sm pdu.
    
      
6.) Follow TCP stream
You can follow the whole TCP communication for an SMPP message by right click on an SMPP PDU and than select the Follow/TCP Stream option.
    
      
After it you will see the whole SMPP communication for the message in one page at the Figure 8 shows.
    
      
