Wireshark mailing list archives

Re: Decoding error SS7 SMS-MO (ok) vs SMPP Deliver SM (malformed)

From: Pascal Quantin <pascal () wireshark org>
Date: Wed, 7 Jul 2021 16:47:21 +0200

Hi Andreas,

Le mer. 7 juil. 2021 à 16:20, Andreas Fink <afink () list fink org> a écrit :

Hello,

I run into a decoding error in SMPP

I have a GSM SMS payload which comes in as SMS-MO into a SMSC.

the GSM-SMS TPDU SMS-submit -> TP-UserData section contains the bytes:
    027100001412000001897d3623d52eaea27bb6dad9e9c37cfa

Wireshark decodes this correctly as having a UDH header of 0x71 which is a
(U)SIM Tooling Security Header and some raw binary data.



This same Payload is now packed by the SMSC into a SMPP Deliver SM.
The bytes are exactly the same. but now Wireshark can't decode it anymore



So I presume the SMPP branch doesn't know the same User Data Headers as
the SS7 branch of Wireshark.


It's even worse: your first screenshot is decoded by the gsm_sms dissector
(that decodes a TPDU, including the TP-UD)), while the SMPP dissector is
calling another gsm_sms_ud dissector (taht decodes the TP-UD only).
It seems like the latter is not really maintained while the former is more
actively maintained and has better decoding capabilities.

Even worse, it does not skip over a unknown UDH header but assumes

everything is wrong.


As said, it seems to be abandoned code so that's not surprising.


I think this needs fixing.
I can probably find it in the right spot in the source but I don't have a
wireshark build environment set up as I used it mainly on a Mac (which has
quite some complex dependencies). So if someone has an easy way to fix
this, it would be greatly apprechiated.


I do not see an "easy fix" and no one will ever try to fix that with a
screenshot only. Better fill a bug on
https://gitlab.com/wireshark/wireshark/-/issues with a pcap attached.

Best regards.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Decoding error SS7 SMS-MO (ok) vs SMPP Deliver SM (malformed) Andreas Fink (Jul 07)
- Re: Decoding error SS7 SMS-MO (ok) vs SMPP Deliver SM (malformed) Pascal Quantin (Jul 07)