Sniffing GPRS

Luca Bongiorni luca.bongiorni1 at studenti.unimi.it
Fri Feb 17 11:15:32 UTC 2012


Hi Dario,

which is the environment that you are using for the tests? (eg. OpenBSC or a PLMN: in this case which one? 01, 10, 88)

Are you trying to just sniff the air or also stimulating the traffic with your own ME?

Good results depends from many factors:
- If the "session" is hopping through chans or not;
- If the ME supports only GPRS or not;
- If you are making tests on your own lab's environment or a PLMN;
- an other related with the osmocombb's ME and the cable used.

In case you don't use OpenBSC with nanobts or BS-11, i would suggest use to use an old ME that supports only GPRS and not EDGE, thus u will avoid it to use EDGE's coding-schemes (eg. i obtained good results with an old gprs usb modem on PLMNs). Then i would suggest you to find an ARFCN of a PLMN that doesn't hop: i found some good ones by checking with a Blackberry's Field Test [1].

[1] http://i41.tinypic.com/20huagj.jpg

Cheers,
Luca



> I'm still not able to sniff enough data to reconstruct TCP sessions.
> I can get datagrams (even TCP), but they look like "sparse" datagrams. Even using 2 sniffing phones I have a slightly better result, but not enough to consider it satisfying.
> Are there some other steps that can be done? 
> 
> Is there anyone, other that gprs decoder authors, able to make it completely working?
> 
> Thanks.
> Dario.





More information about the baseband-devel mailing list