I read about ISO 8583 messaging at WIKI and Code Project; I understood ISO 8583 messages can basically be divided in 3 parts:

1. MTI (Message Type Indicator)

1.1. Version

1.2. Message Class

1.3. Message Function

1.4. Message Origin

2. Bitmap

Indicate which data elements are present.

3. DataElement

The essence of the whole ISO message, contain information about the transaction such as:

• transaction type,

• amount,

• customerid, etc.

So, after reading these two web references, I want to make divide my ISO messaging log as MTI, bitmap, and Data Element.

For example:

(0800 2020000000800000   000000 000001 3239313130303031)
MTI:  0800 (1987 version, Network Management Message, Request, Acquirer)
Bitmap: 20 20 00 00 00 80 00 00 (eg. 20 = 0010 0000 ,so position 3 is on)
DataElement:(by seeing Bitmap , we can defined data element as follow)
    field 03:000000 (Processing Code)
    field 11:000001 (Systems trace audit number)
    field 41:3239313130303031 (Card acceptor terminal idenfication)

But my challenge is that I already have ISO 8583 messaging log from my ATM Machine.

This actual output messaging log is not very clear like the one in the snippet above.

So I cannot divide this message to MTI, Bitmap and Data element like upper example.

00000:00 5B 30 31 31 30 30 30 30 30 30 30 30 38 32 30 80 38 00 00  [.[01100000000820.8..]
00020:00 81 00 00 04 00 00 00 00 00 00 00 33 36 32 39 31 30 31 30  [............36291010]
00040:32 39 35 37 31 30 33 31 31 30 30 30 30 30 30 35 30 33 31 53  [2957103110000005031S]
00060:55 32 30 31 31 31 30 33 31 31 30 32 39 35 37 32 30 31 31 31  [U2011103110295720111]
00080:30 33 31 31 30 32 39 35 37 33 30 30 31                       [0311029573001       ]

I have no previous experience in ISO 8583 message and welcome suggestions.

Got it,
This message is divided as follows:

First 2 bytes are the message length 00 5B = 91
Followed by 14 bytes of header = 01100000000820

Followed somehow by BMP as follows:

• Primary BMP = 80 38 00 00 00 81 00 00 = Fields {1, 11,12, 13, 41, 48} exist
  Field 1 means secondary BMP exist
• Secondary BMP = 04 00 00 00 00 00 00 00 = Field 70 exist

I am not sure where is MTI, will it be the 0820 at the trailer of the header? since it is in ASCII and usually it comes in numeric value of 08 20 but this might be part of the specs. 0820 means network management advice

anyways, the fields from the decoded BMP as follows:

• DE 11 = 362910
  System Trace Audit Number
• DE 12 = 102957
  Local transaction time hh(24)mmss
• DE 13 = 1031
  Local transaction date MMDD
• DE 41 = 10000005
  terminal ID
• DE 48 = (031) SU20111031102957201110311029573
  notice the 3 digits length field preceding the remaining data in this field. which is a generic (future/private use) field
• DE 70 = 001
  network management information code <001 = sign on>

From DE 70 value 001 this is a sign on message, which must be a 0800 MTI.

To get more information about the location of the MTI and the meaning of DE 48, you should read the manual (technical specs) of this device to get more information.

while sending ISO 8583 message we are converting it in BCD/HEX form ,use Wireshark tool to

track communication between IP and Ports.