Sniffing GPRS

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Sniffing GPRS

canarion
Hi,

After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic.
I loaded the layer1 into my C139 and I obtained an ARFCN code (883).
When I run ccch_scan -a 883 I get the next result:

opyright (C) 2010 Harald Welte <laforge@gnumonks.org>
Contributions by Holger Hans Peter Freyther

License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Failed to connect to '/tmp/osmocom_sap'.
Failed during sap_open(), no SIM reader
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214031385056117)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521)
<0001> app_ccch_scan.c:105 SI1 received.
<0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214031385056117)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909)
<0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1)
Dropping frame with 55 bit errors
<000c> l1ctl.c:238 Dropping frame with 55 bit errors
<000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR   8)
<000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR   8, UL, SACCH)
<000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR   5, SACCH)
<000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR   0)
<000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR   5)
<000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR   2)
<000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR   1)
<000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR   2, UL, SACCH)
<000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR   5, SACCH)
<000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR   3)
<000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR   2)
<000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR   3)
<000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR   0)
<000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL)
<000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255)
<000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR   6, UL)
<000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR   0)
<000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR   6, UL)

But it stop to capture frames, seems to be left in a standby state and I don't know why that is.
With gprsdecode I can see the next image in the wireshark:



If someone knows what is the problem, please tell me.

Thanks in advance.

Cheers,
Dani
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

Luca Melette

Hi Dani,

> After compiling osmocom-bb and apply sylvain/burst_ind branch and
> gprs_multi.patch, I execute it and try to sniff gprs traffic.
> I loaded the layer1 into my C139 and I obtained an ARFCN code (883).
> When I run ccch_scan -a 883 I get the next result:

Your output seems OK.

> But it stop to capture frames, seems to be left in a standby state
> and I don't know why that is.
> With gprsdecode I can see the next image in the wireshark:
>
> http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.png 

Quite small picture, but I guess there is some version
mismatch in GSMTAP constants in your wireshark.

Can you please "git pull" from gprsdecode git?
And tell me if the output in wireshark looks better.

Also, in case of other errors, you can attach the console
output of gprsdecode.

Cheers,

LM

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

canarion
In reply to this post by canarion
Thank you.

I applied the solution, but I can't be able to capture GPRS, obtaining the
next output:

root@bt:~/Desktop/gprs/osmocom-bb/src# ./host/layer23/src/misc/ccch_scan -a
530
Copyright (C) 2010 Harald Welte <[hidden email]>
Contributions by Holger Hans Peter Freyther

License GPLv2+: GNU GPL version 2 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Failed to connect to '/tmp/osmocom_sap'.
Failed during sap_open(), no SIM reader
<0001> app_ccch_scan.c:105 SI1 received.
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4269931095)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4202774177)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4286702193)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(872678026)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214040106539517)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3783462071)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214075526476063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3414382957)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3833791687)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(1409475324)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(268475078)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(939892912)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3246520066)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3850427223)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3900711156)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214075504876609)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3263284250)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4051765433)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214075526476063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3347308031)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3263371063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3984668881)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(268475078)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4202767825)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3749719268)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3951101257)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4169171856)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4202730769)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3330357239)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3481285555)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0xaa9e80ed)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xe10b81f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214075531810633)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x255783cf)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x1f1181dc)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(604556062)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214072000891299)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(872678026)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4051765433)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3464558834)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x8f0883e8)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xefc90050)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(3347308031)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(1342251192)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4236303009)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x7310734)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xb1b280f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(3263371063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3984668881)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0xfa970654)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x50f783f5)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(3749719268)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(134639596)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3951252283)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214075526302987)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4202730769)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0xcfec80ce)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x3e74042c)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(3330357239)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3515047757)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(738711998)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x2aec80e1)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xe10b81f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214075531810633)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3581947292)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3464558834)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0xe7c781eb)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xefc90050)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(3900901519)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3498307992)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3817066073)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4236303009)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x1f2f83e3)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xb1b280f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(872886535)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3380617244)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(1275217371)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3867157627)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x9fa80fc)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x50f783f5)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(1409718266)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0xa6a50744)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xec6f0608)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214070617536649)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214075517512698)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214250001000819)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3464555727)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(671523743)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3515047757)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(738711998)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3783322666)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3833642850)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3951258957)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3581984922)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3951151079)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(1342205199)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3380616628)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x970783d5)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x1f2f83e3)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214075507399140)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3380617244)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3783522049)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3867157627)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4236311049)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(1141351846)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214075517512698)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3967861041)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(671523743)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3900911398)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3347267645)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3733188761)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214070611052851)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3951258957)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(671550778)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3632528289)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x520b0528)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0xf6d0050)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214074612008401)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0xd20e0150)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x470a83ea)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi
M(3380616628)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4068523561)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214075507399140)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(134788057)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3380861225)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3548434234)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3967861041)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3900911398)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3900747386)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3967871191)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x92a580cc)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x99f083de)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214075501857562)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214070611052851)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214040106836804)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(671550778)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3548640369)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3364053752)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi
M(214074612008401)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI
M(0x498c80c5)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI
M(0x29be80f2)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi
M(214075502723259)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(134788057)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(4135830880)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi
M(3380861225)
<0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x7e, chan_nr=0x0c, HSN=59,
MAIO=3, TS=4, SS=0, TSC=5)
Dropping frame with 64 bit errors
<000c> l1ctl.c:238 Dropping frame with 64 bit errors
Dropping frame with 56 bit errors
<000c> l1ctl.c:238 Dropping frame with 56 bit errors
<0012> ../../../src/gsm/lapd_core.c:1452 I frame response not allowed
<0012> ../../../src/gsm/lapd_core.c:383 sending MDL-ERROR-IND cause 12
<0012> ../../../src/gsm/lapdm.c:392 sending MDL-ERROR-IND 12
<0000> rslms.c:137 unknown RSLms msg_discr 0x00
<0012> ../../../src/gsm/lapd_core.c:1452 I frame response not allowed
<0012> ../../../src/gsm/lapd_core.c:383 sending MDL-ERROR-IND cause 12
<0012> ../../../src/gsm/lapdm.c:392 sending MDL-ERROR-IND 12
<0000> rslms.c:137 unknown RSLms msg_discr 0x00
<0012> ../../../src/gsm/lapd_core.c:1452 I frame response not allowed
<0012> ../../../src/gsm/lapd_core.c:383 sending MDL-ERROR-IND cause 12
<0012> ../../../src/gsm/lapdm.c:392 sending MDL-ERROR-IND 12
<0000> rslms.c:137 unknown RSLms msg_discr 0x00
Dropping frame with 48 bit errors

Osmocom didn't create any burst file, someone know why occurs it? I've
executed it on Backtrack 5 over VMWare.

If someone knows what is the problem, please tell me.

Thanks in advance.

Cheers,
Dani

--
View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3730167.html
Sent from the baseband-devel mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

canarion
In reply to this post by Luca Melette
Thank you.

I applied the solution, but I can't be able to capture GPRS, obtaining the next output:

root@bt:~/Desktop/gprs/osmocom-bb/src# ./host/layer23/src/misc/ccch_scan -a 530
Copyright (C) 2010 Harald Welte <laforge@gnumonks.org>
Contributions by Holger Hans Peter Freyther

License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Failed to connect to '/tmp/osmocom_sap'.
Failed during sap_open(), no SIM reader
<0001> app_ccch_scan.c:105 SI1 received.
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4269931095)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4202774177)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4286702193)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(872678026)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214040106539517)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3783462071)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214075526476063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3414382957)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3833791687)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1409475324)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(268475078)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(939892912)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3246520066)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3850427223)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3900711156)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214075504876609)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3263284250)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4051765433)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214075526476063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3347308031)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3263371063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3984668881)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(268475078)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4202767825)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3749719268)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3951101257)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4169171856)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4202730769)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3330357239)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3481285555)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0xaa9e80ed)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xe10b81f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214075531810633)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x255783cf)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1f1181dc)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(604556062)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214072000891299)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(872678026)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4051765433)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3464558834)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x8f0883e8)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xefc90050)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(3347308031)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1342251192)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4236303009)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x7310734)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xb1b280f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(3263371063)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3984668881)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0xfa970654)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x50f783f5)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(3749719268)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134639596)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3951252283)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214075526302987)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4202730769)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0xcfec80ce)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x3e74042c)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(3330357239)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3515047757)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(738711998)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x2aec80e1)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xe10b81f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214075531810633)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3581947292)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3464558834)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0xe7c781eb)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xefc90050)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(3900901519)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3498307992)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3817066073)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4236303009)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1f2f83e3)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xb1b280f4)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(872886535)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3380617244)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1275217371)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3867157627)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x9fa80fc)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x50f783f5)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(1409718266)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0xa6a50744)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xec6f0608)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214070617536649)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214075517512698)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214250001000819)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3464555727)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(671523743)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3515047757)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(738711998)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3783322666)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3833642850)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3951258957)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3581984922)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3951151079)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1342205199)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3380616628)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x970783d5)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1f2f83e3)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214075507399140)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3380617244)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3783522049)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3867157627)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4236311049)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1141351846)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214075517512698)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3967861041)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(671523743)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3900911398)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3347267645)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3733188761)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214070611052851)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3951258957)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(671550778)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3632528289)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x520b0528)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0xf6d0050)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214074612008401)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0xd20e0150)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x470a83ea)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to tmsi M(3380616628)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4068523561)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214075507399140)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134788057)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3380861225)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3548434234)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3967861041)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3900911398)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3900747386)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3967871191)
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x92a580cc)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x99f083de)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214075501857562)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214070611052851)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214040106836804)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(671550778)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3548640369)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3364053752)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214074612008401)
<0001> app_ccch_scan.c:451 PAGING of type 3 is not implemented.
<0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x498c80c5)
<0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x29be80f2)
<0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a  to imsi M(214075502723259)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134788057)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135830880)
<0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3380861225)
<0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x7e, chan_nr=0x0c, HSN=59, MAIO=3, TS=4, SS=0, TSC=5)
Dropping frame with 64 bit errors
<000c> l1ctl.c:238 Dropping frame with 64 bit errors
Dropping frame with 56 bit errors
<000c> l1ctl.c:238 Dropping frame with 56 bit errors
<0012> ../../../src/gsm/lapd_core.c:1452 I frame response not allowed
<0012> ../../../src/gsm/lapd_core.c:383 sending MDL-ERROR-IND cause 12
<0012> ../../../src/gsm/lapdm.c:392 sending MDL-ERROR-IND 12
<0000> rslms.c:137 unknown RSLms msg_discr 0x00
<0012> ../../../src/gsm/lapd_core.c:1452 I frame response not allowed
<0012> ../../../src/gsm/lapd_core.c:383 sending MDL-ERROR-IND cause 12
<0012> ../../../src/gsm/lapdm.c:392 sending MDL-ERROR-IND 12
<0000> rslms.c:137 unknown RSLms msg_discr 0x00
<0012> ../../../src/gsm/lapd_core.c:1452 I frame response not allowed
<0012> ../../../src/gsm/lapd_core.c:383 sending MDL-ERROR-IND cause 12
<0012> ../../../src/gsm/lapdm.c:392 sending MDL-ERROR-IND 12
<0000> rslms.c:137 unknown RSLms msg_discr 0x00
Dropping frame with 48 bit errors

Osmocom didn't create any burst file, someone know why occurs it? I've executed it on Backtrack 5 over VMWare.

If someone knows what is the problem, please tell me.

Thanks in advance.

Cheers,
Dani
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

Dario Lombardo
I'm still not able to sniff enough data to reconstruct TCP sessions.
I can get datagrams (even TCP), but they look like "sparse" datagrams. Even using 2 sniffing phones I have a slightly better result, but not enough to consider it satisfying.
Are there some other steps that can be done? 

Is there anyone, other that gprs decoder authors, able to make it completely working?

Thanks.
Dario.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

Sylvain Munaut
Hi,

> I'm still not able to sniff enough data to reconstruct TCP sessions.
> I can get datagrams (even TCP), but they look like "sparse" datagrams. Even
> using 2 sniffing phones I have a slightly better result, but not enough to
> consider it satisfying.
> Are there some other steps that can be done?

Sure ... debug the issue, fix it, submit a patch. You'll probably need
deep knowledge of GPRS RLC/MAC layers to do that properly.

> Is there anyone, other that gprs decoder authors, able to make it completely
> working?

I'm not even sure they do.

The code is more of a "demo" than a complete system, a lot is missing
to properly decode everything (for, it just "guesses" the GPRS channel
from a single assignement and then listen on all timeslot of that,
which mostly a short cut to grab stuff, proving it's possible but not
that much more, unless the cell has only 1 GPRS arfcn).

Also since it only support GPRS and not EDGE you can pretty easily
miss stuff ...

Cheers,

    Sylvain

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

Dario Lombardo


On Fri, Feb 17, 2012 at 11:50 AM, Sylvain Munaut <[hidden email]> wrote:
Hi,

> I'm still not able to sniff enough data to reconstruct TCP sessions.
> I can get datagrams (even TCP), but they look like "sparse" datagrams. Even
> using 2 sniffing phones I have a slightly better result, but not enough to
> consider it satisfying.
> Are there some other steps that can be done?

Sure ... debug the issue, fix it, submit a patch. You'll probably need
deep knowledge of GPRS RLC/MAC layers to do that properly.

I do it for sure, if I am able to.
 

> Is there anyone, other that gprs decoder authors, able to make it completely
> working?

I'm not even sure they do.

The code is more of a "demo" than a complete system, a lot is missing
to properly decode everything (for, it just "guesses" the GPRS channel
from a single assignement and then listen on all timeslot of that,
which mostly a short cut to grab stuff, proving it's possible but not
that much more, unless the cell has only 1 GPRS arfcn).


It would be nice to have a result like their 


where I can find reconstructed HTTP sessions.
 
Also since it only support GPRS and not EDGE you can pretty easily
miss stuff ...


That's an interesting point I can check...
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

Luca Bongiorni-2
In reply to this post by Dario Lombardo
Hi Dario,

which is the environment that you are using for the tests? (eg. OpenBSC or a PLMN: in this case which one? 01, 10, 88)

Are you trying to just sniff the air or also stimulating the traffic with your own ME?

Good results depends from many factors:
- If the "session" is hopping through chans or not;
- If the ME supports only GPRS or not;
- If you are making tests on your own lab's environment or a PLMN;
- an other related with the osmocombb's ME and the cable used.

In case you don't use OpenBSC with nanobts or BS-11, i would suggest use to use an old ME that supports only GPRS and not EDGE, thus u will avoid it to use EDGE's coding-schemes (eg. i obtained good results with an old gprs usb modem on PLMNs). Then i would suggest you to find an ARFCN of a PLMN that doesn't hop: i found some good ones by checking with a Blackberry's Field Test [1].

[1] http://i41.tinypic.com/20huagj.jpg

Cheers,
Luca



> I'm still not able to sniff enough data to reconstruct TCP sessions.
> I can get datagrams (even TCP), but they look like "sparse" datagrams. Even using 2 sniffing phones I have a slightly better result, but not enough to consider it satisfying.
> Are there some other steps that can be done?
>
> Is there anyone, other that gprs decoder authors, able to make it completely working?
>
> Thanks.
> Dario.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

Dario Lombardo


On Fri, Feb 17, 2012 at 12:15 PM, Luca Bongiorni <[hidden email]> wrote:
Hi Dario,

which is the environment that you are using for the tests? (eg. OpenBSC or a PLMN: in this case which one? 01, 10, 88)

PLMN
 

Are you trying to just sniff the air or also stimulating the traffic with your own ME?

stimulating
 

Good results depends from many factors:
- If the "session" is hopping through chans or not;
- If the ME supports only GPRS or not;
- If you are making tests on your own lab's environment or a PLMN;
- an other related with the osmocombb's ME and the cable used.

In case you don't use OpenBSC with nanobts or BS-11, i would suggest use to use an old ME that supports only GPRS and not EDGE, thus u will avoid it to use EDGE's coding-schemes (eg. i obtained good results with an old gprs usb modem on PLMNs). Then i would suggest you to find an ARFCN of a PLMN that doesn't hop: i found some good ones by checking with a Blackberry's Field Test [1].


My stimulating ME supports edge, so my fake traffic is not good for tracking. I must find the right phone... do you have some model to suggest? I can find very old phones or very new, but it's hard to find some "medium" that support GPRS and not EDGE :).
 
[1] http://i41.tinypic.com/20huagj.jpg


That sounds very interesting, since I have a BB. How can you check that your arfcn is not hopping from this menu?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

Luca Bongiorni-2
Dario,

My stimulating ME supports edge, so my fake traffic is not good for tracking. I must find the right phone... do you have some model to suggest? I can find very old phones or very new, but it's hard to find some "medium" that support GPRS and not EDGE :).

Just find an old one that doesn't support GPRS: phones or usb keys.

 
[1] http://i41.tinypic.com/20huagj.jpg


That sounds very interesting, since I have a BB. How can you check that your arfcn is not hopping from this menu?

As you can see on the "last GPRS TBF:" section, the only arfcn used for that session was the 983, it means that was not hopping.

About how to activate the field test, just google for it.

P.S.: 
Please reply directly on the ml. 
About the ARFCN allocation around Italy, is MNO related, so it could just allocate the 983 here as non-hopping and in your city as hopping one. You are on your own about checking which is the best ARFCN (non-hopping) to make tests.

Cheers,
Luca
mad
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

mad
In reply to this post by Dario Lombardo
Hi Dario,

> My stimulating ME supports edge, so my fake traffic is not good for
> tracking. I must find the right phone... do you have some model to suggest?
> I can find very old phones or very new, but it's hard to find some "medium"
> that support GPRS and not EDGE :).

I would recommend you to try to get hold of an old Siemens S45, SL45 or ME45. They support only non-EDGE GPRS and have some nice monitor features available when activated (instructions are easy to find). Amongst other things it's possible to attach/detach GPRS, activate/deactivate PDP context, IP ack/unack, and so on, via menu. And using a serial cable these phones support the at+crsm-command so you have read access to TMSI, Kc and other files on the SIM during operation.


Regards,
  Mad

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sniffing GPRS

ddvv
This post has NOT been accepted by the mailing list yet.
In reply to this post by canarion
dear all,
    When I test sylvain/burst_ind branch ,everything looks like well.
    But when run gprsdecode ,I got these output:
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
Type not handled! 40
...
    I'm not sure if there is no gprs packet captured or something wrong with my operate.
    Cloud anyone offer me the sample data file that used by srlabs?
    It looks like : http://srlabs.de/dl/gprs_262_80_0001_0000_20110710_2252_875_514147_0f.dat
    This url has been removed.
Loading...