Hello everybody
First of all, let me introduce myself. My name is Yann Moupinda and I'm a student doing his Master thesis in the field of
GSM technology. For my thesis, the company for which i'm working now, bought a sysmoBTS from sysmocom. The
sysmoBTS is configured as a stand alone GSM network in a box (NITB) running the osmo-nitb and the osmo-bts programs.
An important part of my thesis is to understand how the sysmoBTS works and therefore I did some measurements with
wireshark to analyse the data flow between the BTS,BSC and MSC/HLR/VLR/EIR. This is also to see the main differences between a sysmoBTS and a conventional GSM Network.
I used the " tcpdump " - command on the loopback interface lo0 to capture the data flow between the GSM components and then, the analysis with wireshark shows me only the data flow between BTS and BSC. It's possible to see such messages like LOCATION UPDATING REQUEST and IDENTITY REQUEST wich are normally, transparently exchanged between Mobile Station (MS) and the Network subsystem (MSC/HLR/VLR/EIR). All these messages are always addressed to, or from the same BSC TCP-port 3003. So i can not see what happens behind this port (behind BSC).
In order to get the communication between BSC and MSC, i decided to have a deeper look on the logging messages of the sysmoBTS. Even there, i cannot recognize how the data transmission between BSC and MSC works.
Does anyone know how to get this information? Any guidance would be appreciated.
I have included one .pcap file and a text file of the logging messages taken while i powered on the mobile phone.
Best regards,
Yann.
Hi Yann,
Yann R. Moupinda wrote:
An important part of my thesis is to understand how the sysmoBTS works and therefore I did some measurements with wireshark to analyse the data flow between the BTS,BSC and MSC/HLR/VLR/EIR. This is also to see the main differences between a sysmoBTS and a conventional GSM Network.
So i can not see what happens behind this port (behind BSC).
In order to get the communication between BSC and MSC, i decided to have a deeper look on the logging messages of the sysmoBTS. Even there, i cannot recognize how the data transmission between BSC and MSC works.
Start looking at the source code. Pick some entry point for a message that you understand. Follow the call graph through the source code, to learn about the data flow in OpenBSC. You will quickly find what the difference is between OpenBSC and a conventional BSC.
//Peter
On Tue, Oct 02, 2012 at 05:23:28PM +0200, Peter Stuge wrote:
Hi Yann,
Start looking at the source code. Pick some entry point for a message that you understand. Follow the call graph through the source code, to learn about the data flow in OpenBSC. You will quickly find what the difference is between OpenBSC and a conventional BSC.
Hi,
on top of that the "BSC API"[1] is a good way to start to look at. There are currently two implementations. One for the NITB and one for the classic BSC. The NITB will handle the MSC/AuC/HLR/VLR functionality by direct function calls, the BSC will pack the data into GSM08.08 BSSMAP and send it to a MSC using SCCP-lite (SCCP on the IPA protocol). To use the "classic BSC" one needs a real MSC to connect to. My Smalltalk implementation is not very mature yet.
holger
[1] http://cgit.osmocom.org/cgit/openbsc/tree/openbsc/src/libbsc/bsc_api.c
-
Holger Hans Peter Freyther -
Peter Stuge -
Yann R. Moupinda