Hi!
A number of people want to do some long-term evaluation of their cellular environment and would be interested in an 'app' for OsmocomBB that continuously scans the spectrum and dumps the cell parameters such as * ARFCN, Signal Level, SNR * frequency synch offset * SCH info (BCC/NCC) * SI (at least 1-4) from BCCH
I would love to do it, but I simply don't have the time. I thought maybe somebody on this list is looking for a relatively simple task and has some time. I think this is a great project to work with OsmocomBB without having to go into the details.
The algorithm would look something like
STATE 1: Power Scan * do power measurement over all supported bands * pick strongest N carriers and iterate over them STATE 2: FCCH/SCH acquisition * try to get lock on the carrier * if not, go back to next carrier from power scan * if yes, continue with STATE 3 STATE 3: Wait until all relevant SI have been received * generate GSMTAP output for the SI messages (or timeout) * go back to STATE 2 for next strongest ARFCN * after last ARFCN, re-start from STATE 1
This is basically the initial step of the GSM 03.22 cell (re)selection that we already have as part of the 'mobile' program.
So all the code is there, but what's needed is a separate rady-made app, not requiring any user interaction. It should also include some e.g. shell script that automatically generates a new pcap file every N minutes/hours, and make sure to never overwrite any existing PCAP file.
In the end, having this running for an extended period of time should simply produce a large number of PCAP files without any manual interaction. Lock-ups in any state should be detected by timers, singalling a proper L1_RESET to make sure it continues. Unplugging / re-plugging the phone should also not require any re-start of the program.
Optional extensions: * software to aggregate info from the pcap files (remove duplicate entries, e.g.) * optional logging of GPS coordinates from a GPS receiver
If anyone has some time to give this some work, I'd most appreciate it. Please inform the mailing list to ensure no duplicate work is created.
Regards, Harald
Hi all,
On 22.12.2010 17:58, Harald Welte wrote:
A number of people want to do some long-term evaluation of their cellular environment and would be interested in an 'app' for OsmocomBB that continuously scans the spectrum and dumps the cell parameters such as
- ARFCN, Signal Level, SNR
- frequency synch offset
- SCH info (BCC/NCC)
- SI (at least 1-4) from BCCH
- optional logging of GPS coordinates from a GPS receiver
Just to avoid any duplicate of work as well: most of this is already done by cell_log (layer23/src/misc). It iterates over the whole spectrum and tries to get an Immediate Assignment by sending a RACH to every cell. It stores SI1-4, GPS position and the TA in a logfile, and using the gsmmap utility you can create a *.kml map of the calculated cell positions for Google Earth.
So what's missing is really only the PCAP support and a command line switch to turn off the "active" scanning by sending no RACHs.
Regards, Steve
On 12/22/2010 05:23 PM, Steve Markgraf wrote:
Hi all,
On 22.12.2010 17:58, Harald Welte wrote:
A number of people want to do some long-term evaluation of their cellular environment and would be interested in an 'app' for OsmocomBB that continuously scans the spectrum and dumps the cell parameters such as
- ARFCN, Signal Level, SNR
- frequency synch offset
- SCH info (BCC/NCC)
- SI (at least 1-4) from BCCH
- optional logging of GPS coordinates from a GPS receiver
Just to avoid any duplicate of work as well: most of this is already done by cell_log (layer23/src/misc). It iterates over the whole spectrum and tries to get an Immediate Assignment by sending a RACH to every cell. It stores SI1-4, GPS position and the TA in a logfile, and using the gsmmap utility you can create a *.kml map of the calculated cell positions for Google Earth.
Funny, I was just looking at this last night. Would you mind if I added gpsd support to cell_log?
So what's missing is really only the PCAP support...
would you want libpcap (a lot of unnecessary code), or just use the file and packet headers?
...and a command line switch to turn off the "active" scanning by sending no RACHs.
Since I'm just learning GSM, I've only compiled with TX disabled. My results have been pretty poor. Is there something I could add to handle passive scanning better? I've been getting nothing from cell_log, layer23, or mobile on lo (although I do see other loopback network traffic). I just started working on this a few days ago, so I'm not surprised. I'll dig into it more. The Getting Started guide was a great help!
thx,
Jason.
On 2010-12-22 20:01, Jason wrote:
So what's missing is really only the PCAP support...
would you want libpcap (a lot of unnecessary code), or just use the file and packet headers?
Here's some hackish code I wrote which might be useful. I've recently been abroad (in Austria), and wanted to run cell_log stand-alone on my GTA02 without lugging a laptop around.
I ran cell_log on the GTA02 application processor (with hacked timers to spend a longer time camped on each ARFCN), sending gsmtap packets to localhost. I then had a small program[1] which receives these and writes them to a file in .pcap format.
For simplicity (and somewhat lower overhead) only the raw GSMTAP payload is written, and the linktype is set to DLT_USER0. A small wireshark patch[2] then allows these captures to be read directly[3].
Cheers, Alex
[1], [2] attached. [3] e.g., wireshark -o "uat:user_dlts:"User 0 (DLT=147)","gsmtap","0","","0","""
baseband-devel@lists.osmocom.org
-
Alex Badea -
Harald Welte -
Jason -
Steve Markgraf