Sniffing GPRS

canarion dani.martinezroca at gmail.com
Fri Feb 3 08:17:43 UTC 2012


Hi,

After compiling osmocom-bb and apply sylvain/burst_ind branch and
gprs_multi.patch, I execute it and try to sniff gprs traffic.
I loaded the layer1 into my C139 and I obtained an ARFCN code (883).
When I run ccch_scan -a 883 I get the next result:

opyright (C) 2010 Harald Welte <laforge at gnumonks.org>
Contributions by Holger Hans Peter Freyther

License GPLv2+: GNU GPL version 2 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Failed to connect to '/tmp/osmocom_sap'.
Failed during sap_open(), no SIM reader
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(1476410343) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(1207963561) 
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x1ad1cda) 
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x41ae98f9) 
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214031385056117) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3306441249) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214031482053520) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214036185306441) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4207880193) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4135931713) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4214223105) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3388536385) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(134915836) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3961436929) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4229756769) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(531909) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214034185316455) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3829437761) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214033485554660) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3639403521) 
<0001> app_ccch_scan.c:105 SI1 received.
<0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3827744513) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(335734299) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3561969409) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4294310401) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3698994241) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3682615617) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(67866789) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4003487553) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3770351169) 
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x41ae98f9) 
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x1ad1cda) 
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214031385056117) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3306441249) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214031482053520) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214036185306441) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4102036289) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4135931713) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214032485273805) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3798414145) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(134915836) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3988859137) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3735175681) 
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(531909) 
<0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24,
MAIO=1, TS=7, SS=0, TSC=1) 
Dropping frame with 55 bit errors
<000c> l1ctl.c:238 Dropping frame with 55 bit errors
<000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR   8)
<000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR   8, UL,
SACCH)
<000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR   5,
SACCH)
<000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR   0)
<000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR   5)
<000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR   2)
<000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR   1)
<000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR   2, UL,
SACCH)
<000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR   5,
SACCH)
<000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR   3)
<000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR   2)
<000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR   3)
<000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR   0)
<000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR   6, UL)
<000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR   0)
<000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR   6, UL)

But it stop to capture frames, seems to be left in a standby state and I
don't know why that is.
With gprsdecode I can see the next image in the wireshark:

http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.png 

If someone knows what is the problem, please tell me.

Thanks in advance.

Cheers,
Dani

--
View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.html
Sent from the baseband-devel mailing list archive at Nabble.com.




More information about the baseband-devel mailing list