Wireshark-users: Re: [Wireshark-users] live data capture question
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 28 Feb 2008 18:22:07 -0800

On Feb 28, 2008, at 3:05 PM, stephen galowski wrote:


with regards to gsm and 3g protocols
can a mobile phone with usb cable be connected to a computer , and be able to track them 
or would special equipment be needed to do this
If by "GSM and 3G protocols" you're referring to the over-the-air protocols used between mobile phones over the Um or Uu interface (or Xyzzy interface or whatever they call it), you would need special equipment to do that.
As far as I know, the USB connection to a normal mobile phone is used for stuff such as syncing information between the phone and a computer, and possibly for tethering the phone to a computer for use as a modem; it doesn't supply raw over-the-air packet information.
There apparently do exist Special Magical Phones - or Special Magical Phone Firmware - that might handle that, such as the TEMS Pocket software from Ericsson: 

	http://www.ericsson.com/solutions/tems/realtime_diagnostics/downloads/TEMS_Pocket%20_6.0.pdf
although they say it "Supports FTP for network troubleshooting and logfile transfer", rather than allowing you to plug the z750i into a computer via USB and pass traffic to the computer in real time. 

However, a Google for

	"um interface" capture

found

	http://thre.at/gsm/
(which raises the questions "which countries have the most interesting two-letter country codes for use in domain names?" :-)). It refers to something called a "USRP"; following the link from that page to 

	http://wiki.thc.org/gsm

and then clicking on "The GSM/USRP Receiver Project" takes you to

	http://wiki.thc.org/gsm#head-9e2d9078d8e28d24f20e8fcd7971b2c376f8d0a9

which has a link to

	http://gnuradio.org/trac/wiki/USRP

as well as to "Ettus Research":

	http://www.ettus.com/

from whom you can buy the Universal Software Radio Peripheral.
So it appears you might be able to construct a GSM sniffer from a USRP board and a bunch of free software, including a Wireshark patch. (It appears that one of the pieces of free software required is called "Linux" or "GNU/Linux", depending on which side of that particular debate you're on :-), i.e. it works by using Linux's tunnel device to stuff packets into a fake network interface on which Wireshark can capture. If I had an unlimited amount of free time, it might be fun to see whether I could construct a libpcap add-on for this, to make it work on a variety of OSes as a GSM sniffer; unfortunately, I have substantially less free time than I'd like even for the stuff I'm already doing....)