Sniffing GPRS

Dario Lombardo dario.lombardo at
Fri Feb 17 11:39:50 UTC 2012

On Fri, Feb 17, 2012 at 12:15 PM, Luca Bongiorni <
luca.bongiorni1 at> wrote:

> Hi Dario,
> which is the environment that you are using for the tests? (eg. OpenBSC or
> a PLMN: in this case which one? 01, 10, 88)


> Are you trying to just sniff the air or also stimulating the traffic with
> your own ME?


> Good results depends from many factors:
> - If the "session" is hopping through chans or not;
> - If the ME supports only GPRS or not;
> - If you are making tests on your own lab's environment or a PLMN;
> - an other related with the osmocombb's ME and the cable used.
> In case you don't use OpenBSC with nanobts or BS-11, i would suggest use
> to use an old ME that supports only GPRS and not EDGE, thus u will avoid it
> to use EDGE's coding-schemes (eg. i obtained good results with an old gprs
> usb modem on PLMNs). Then i would suggest you to find an ARFCN of a PLMN
> that doesn't hop: i found some good ones by checking with a Blackberry's
> Field Test [1].
My stimulating ME supports edge, so my fake traffic is not good for
tracking. I must find the right phone... do you have some model to suggest?
I can find very old phones or very new, but it's hard to find some "medium"
that support GPRS and not EDGE :).

> [1]
That sounds very interesting, since I have a BB. How can you check that
your arfcn is not hopping from this menu?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the baseband-devel mailing list