Hello guys,
I was reading the nanoBTS product description and found support for "Network Listen" feature to monitor and decode GSM base stations. Is that an ip.access specific protocol? If so, does anyone has the ability to revers engineer this particular function. That would be really great!
I would like to scan other ARFCNs for neighbourcells and fill the information in SI 2, 3 or 4, don't remeber which one. Thank you.
On Tue, Jun 16, 2009 at 03:10:12PM +0200, Nordin wrote:
Hello guys,
I was reading the nanoBTS product description and found support for "Network Listen" feature to monitor and decode GSM base stations. Is that an ip.access specific protocol? If so, does anyone has the ability to revers engineer this particular function. That would be really great!
The network listen feature is implemented by means of GSM 12.21 "EXECUTE TEST" methods. So the activation/initiation of the network listen mode follows the framework as set forth by 12.21, but the actual parameters as well as the test results are vendor-specific attributes.
As far as I have noted, if you put the BTS in this mode it ceases to work as normal BTS, so you cannot do that while you're actually using it productively.
I've attached a pcap protocol trace of some old recorded network listen action. Maybe this helps you to discover and document the details.
Thank you for the trace Harald.
Harald Welte schreef:
On Tue, Jun 16, 2009 at 03:10:12PM +0200, Nordin wrote:
As far as I have noted, if you put the BTS in this mode it ceases to work as normal BTS, so you cannot do that while you're actually using it productively.
It's not a problem to me, as long as I can scan the neighbourcells, I'm satisfied. I'll work on this part...
-
Harald Welte -
Nordin