GPRS EXperiments

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Keith keith at rhizomatica.org
Mon Oct 30 18:12:03 UTC 2017


Hi List!

As there isn't so much about GPRS on here, I though I might
write something about experiments over the last couple of
weeks with data inside and outside of the lab.

I've installed up to date versions of osmo-bts and osmo-pcu
on sysmobts 2050 hardware and it's working great!
Dynamic channels are really nice, with half rate TCH and AMR
working perfectly. Thanks for all that work!

The question for this experiment was if it was going to be
feasible to actually do anything with several hundred data
hungry spying devices.... I mean mobile phones on the network.

For the traffic control, I setup a local blacklisting or
whitelisting dns server.
I've tried both. Blacklisting the worst culprits would be
nice, but in practice I think I'll have to go for
whitelisting only the intended permitted services.
I configured pcodns1 in the ggsn to point to this DNS
server, AND I setup a port 53 redirect to catch quite a lot
of traffic from android that likes to just talk directly to
8.8.8.8 anyway.

In the wild, some dns request analysis reveals the worst
culprits (this is a very basic analysis) appear to be all
the google update stuff, play store etc, facebook  iCloud, 
(all to be expected) , and certain CDNs. Some research shows
that these CDN companys specialize in delivery of
advertising content inside apps such as mobile platform
games. Such is the sad state of affairs on today's internet.
Fortunately, we have iptables and ip sets and we have AS
blocks assigned to certain bandwidth hungry corporations :-)

So turns out it seems quite feasible to supply service for
text messages with certain popular IM services to many phones.
Short voice clips worked quite well in the lab tests, 
although support for media such as pictures and videos was
not so great. I have yet to successfully send an image
(sourced via device camera within the app) over a "secret"
chat with Telegram messenger.

As this is not a very low level report, rather intended as
some light reading :) I also have a question in a similar
light vein.

I'm still getting to grips with the log messages available
in the pcu , the sgsn and not so much the ggsn, and I'm
observing and learning the sequence of events, so at some
point I should be able to present a better report about this
with some relevant traces and better analysis.

For now, In the lab tests I am constantly monitoring the RF
uplink; I observe that a phone will attach and then go
quiet. A foreground running app may report that it is
"connecting" or some such, and the little arrows may be
flashing to show that apparently we are transmitting data,
but there is nothing on the uplink. My guess here is the OS
has sent something and the baseband is saying yes yes doing
it.. but the baseband at the same time is waiting for
something from the network (and not getting it)?

This situation can persist for some time.. several minutes.
I have observed that if I initiate any data transfer from
the network side then the uplink is established. By the same
token, If I transfer a file from the network (http download
or some such), the same applies. The link stays active and
the IM chat session is very responsive alongside the file
transfer. Shortly after the file transfer completes, the
uplink is quiet again and the latency in the IM session
becomes a problem.

>From a UX point of view.. Let me put it this way.. I can
start an IM chat, send a message.. but then we get to this
quiet uplink sitation and the messages stop sending.. so
from the user's point of view it's frustrating. the phone
looks like it's transmitting.. until there are timeouts and
disconnections and the app may show some indication to the
user that it is having trouble connecting to the network.

However if I run something on the network side like a script
that sends one ping to the phone every ten seconds, this
keeps the connection 'alive' and the IM session is much more
satisfactory for the user.

I should note I believe I observe this also on commercial
networks  in some places like certain Berlin U-bahn stations
where you can still find (only) GPRS data coverage. Also, a
more scientific report is needed, but I seem to observe some
phones behaving "better" than others, as in being a little
more active on the uplink. Maybe it is related to power
saving configuration?

The not very low level and scientific question here is: Is
this kind of thing tunable with gprs parameters?
Any tips on which ones to play with? ( Quite happy to wait
until I can send a more useful  report too! )

Thanks!

Keith.








More information about the OpenBSC mailing list