Wireshark-users: Re: [Wireshark-users] live data capture question
From: Guy Harris <[email protected]>
Date: Thu, 28 Feb 2008 18:22:07 -0800
On Feb 28, 2008, at 3:05 PM, stephen galowski wrote:

with regards to gsm and 3g protocols

can a mobile phone with usb cable be connected to a computer , and be able to track them
or would special equipment be needed to do this
If by "GSM and 3G protocols" you're referring to the over-the-air  
protocols used between mobile phones over the Um or Uu interface (or  
Xyzzy interface or whatever they call it), you would need special  
equipment to do that.
As far as I know, the USB connection to a normal mobile phone is used  
for stuff such as syncing information between the phone and a  
computer, and possibly for tethering the phone to a computer for use  
as a modem; it doesn't supply raw over-the-air packet information.
There apparently do exist Special Magical Phones - or Special Magical  
Phone Firmware - that might handle that, such as the TEMS Pocket  
software from Ericsson:
	http://www.ericsson.com/solutions/tems/realtime_diagnostics/downloads/TEMS_Pocket%20_6.0.pdf

although they say it "Supports FTP for network troubleshooting and logfile transfer", rather than allowing you to plug the z750i into a computer via USB and pass traffic to the computer in real time.
However, a Google for

	"um interface" capture

found

	http://thre.at/gsm/

(which raises the questions "which countries have the most interesting two-letter country codes for use in domain names?" :-)). It refers to something called a "USRP"; following the link from that page to
	http://wiki.thc.org/gsm

and then clicking on "The GSM/USRP Receiver Project" takes you to

	http://wiki.thc.org/gsm#head-9e2d9078d8e28d24f20e8fcd7971b2c376f8d0a9

which has a link to

	http://gnuradio.org/trac/wiki/USRP

as well as to "Ettus Research":

	http://www.ettus.com/

from whom you can buy the Universal Software Radio Peripheral.

So it appears you might be able to construct a GSM sniffer from a USRP board and a bunch of free software, including a Wireshark patch. (It appears that one of the pieces of free software required is called "Linux" or "GNU/Linux", depending on which side of that particular debate you're on :-), i.e. it works by using Linux's tunnel device to stuff packets into a fake network interface on which Wireshark can capture. If I had an unlimited amount of free time, it might be fun to see whether I could construct a libpcap add-on for this, to make it work on a variety of OSes as a GSM sniffer; unfortunately, I have substantially less free time than I'd like even for the stuff I'm already doing....)