Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] live data capture question

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 28 Feb 2008 18:22:07 -0800

On Feb 28, 2008, at 3:05 PM, stephen galowski wrote:

with regards to gsm and 3g protocols

can a mobile phone with usb cable be connected to a computer , and be able to track them
or would special equipment be needed to do this

If by "GSM and 3G protocols" you're referring to the over-the-air protocols used between mobile phones over the Um or Uu interface (or Xyzzy interface or whatever they call it), you would need special equipment to do that.

As far as I know, the USB connection to a normal mobile phone is used for stuff such as syncing information between the phone and a computer, and possibly for tethering the phone to a computer for use as a modem; it doesn't supply raw over-the-air packet information.

There apparently do exist Special Magical Phones - or Special Magical Phone Firmware - that might handle that, such as the TEMS Pocket software from Ericsson:

although they say it "Supports FTP for network troubleshooting and logfile transfer", rather than allowing you to plug the z750i into a computer via USB and pass traffic to the computer in real time.

However, a Google for

	"um interface" capture


(which raises the questions "which countries have the most interesting two-letter country codes for use in domain names?" :-)). It refers to something called a "USRP"; following the link from that page to

and then clicking on "The GSM/USRP Receiver Project" takes you to

which has a link to

as well as to "Ettus Research":

from whom you can buy the Universal Software Radio Peripheral.

So it appears you might be able to construct a GSM sniffer from a USRP board and a bunch of free software, including a Wireshark patch. (It appears that one of the pieces of free software required is called "Linux" or "GNU/Linux", depending on which side of that particular debate you're on :-), i.e. it works by using Linux's tunnel device to stuff packets into a fake network interface on which Wireshark can capture. If I had an unlimited amount of free time, it might be fun to see whether I could construct a libpcap add-on for this, to make it work on a variety of OSes as a GSM sniffer; unfortunately, I have substantially less free time than I'd like even for the stuff I'm already doing....)