Using Wireshark with TLS1.2 connection

Post Reply
bencover
Posts: 7
Joined: Wed May 26, 2021 12:40 pm

Using Wireshark with TLS1.2 connection

Post by bencover » Tue Aug 02, 2022 9:47 am

Hey,
I'm currently working with a new provider and for some reason his DLR is all being received with a default Message-Id - "1111111111"
In the SubmitResponse the MessageId is fine.
example of DLR -
```
{"MessageId":"1111111111","Submitted":0,"Delivered":0,"SubmitDate":"2022-07-31T13:22:00","DoneDate":"2022-07-31T13:22:00","State":2,"ErrorCode":"000","Text":"null","Items":{"id":"1111111111","sub":"000","dlvrd":"000","submit
date":"2207311322","done
date":"2207311322","stat":"DELIVRD","err":"000","Text":"null"}}
```

After contacting the provider he says that the issue is with my serialization which is obviously done using InetLab.
In order to understand if the issue indeed is on my end, I want to capture the packet of the DLR using Wireshark, to assure that the MessageId is being serialized correctly.

Problem is that using a secured SMPP connection it seems like Wireshark doesn't even recognize it as an SMPP protocol, it simply says it's a raw TCP/IP protocol.
And the actual data is encrypted.

Is there a way for me to decrypt those packets manually? it seems like I can provide Wireshark with a Master-Secret file in order for it to decrypt the payloads, which Master-Secret does the connection use?

Thanks
alt
Site Admin
Posts: 985
Joined: Tue Apr 25, 2006 9:45 am

Re: Using Wireshark with TLS1.2 connection

Post by alt » Tue Aug 02, 2022 4:36 pm

There no way to get the MasterSecret from the .NET SslStream.

You can enable verbose logging for the library and find "Received data:" records with received PDUs in hex format.

The data can be decoded on the website https://www.sysop.fr/smpp-decoder/
bencover
Posts: 7
Joined: Wed May 26, 2021 12:40 pm

Re: Using Wireshark with TLS1.2 connection

Post by bencover » Wed Aug 03, 2022 8:49 am

alt wrote:
Tue Aug 02, 2022 4:36 pm
There no way to get the MasterSecret from the .NET SslStream.

You can enable verbose logging for the library and find "Received data:" records with received PDUs in hex format.

The data can be decoded on the website https://www.sysop.fr/smpp-decoder/
Thanks, alt!
After looking into it deeper, it seems like InetLab documentation refers to pre-v3.4, where the MessageId and State were populated in the Receipt.
Post v3.4 the MessageId and Receipt are populated via additional parameters which seem to be available through InetLab TLVCollection but aren't strongly typed.

Wondering how best would you write a DLR method that supports both older and newer versions? how best would you access the TLVCollection params and parse their value?

Thanks
alt
Site Admin
Posts: 985
Joined: Tue Apr 25, 2006 9:45 am

Re: Using Wireshark with TLS1.2 connection

Post by alt » Wed Aug 03, 2022 7:18 pm

This code can help you to get the MessageId from the TLV parameters.

Code: Select all

 
 var parameter = deliverSm.Parameters.Of<ReceiptedMessageIdParameter>().FirstOrDefault();
 string messageId =  parameter.MessageId;
 
Post Reply