Sniffing GSM traffic with hackRF

This post is realted to my previous post, where the tools that should be pre installed are mentioned.


Gqrx which is preinstalled in the live DVD can be used to visualize the frequencies. Here are examples of gqrx  tuned to different frequencies observed from channels captured from hackrf_kalibrate. (see my earlier post)

Tuned to frequency 950.8MHz.

Tuned to 959.6MHz.


Then we need to run the grc script airprobe_rtlsdr.grc which is located at gr-gsm/apps folder found in the pre installed gr-gsm. Here is a screen shot of the flowgraph. I set the default value of gain to 40, which increases the packets captured from wireshark which is later explained.


Here is a screen shot when I run the flow graph.




Then we have to run wireshark from another terminal. Interface is loopback interface (lo).
Use the following command, which runs wireshark as root user with icmp and gsmtap filters.

sudo wireshark -k -Y 'gsmtap && !icmp' -i lo


Here is a screen shot of the packets captured.


Don't forget to read my next post on how to locate BTS .


Thank you!

Basic Reference: https://z4ziggy.wordpress.com/2015/05/17/sniffing-gsm-traffic-with-hackrf/




Comments

Popular posts from this blog

Install Requirements for GSM band observation with hackRF

The WTM Scholarship (Previously Google Anita Borg Scholarship) APAC 2016