Query related to Gr-gsm Capture

[Hamza]

I'm capturing a traffic on 938.2 Mhz(my sim is latched to this frequency) using USRP B210 but it hopped to 1855.8 Mhz,1856.2 Mhz &1860.6 Mhz respectively.(I've seen this in Assignment command message on SDCCH8)

The bandwidth limit of USRP B210 is 56 Mhz.

My question is how is it possible with Gr-gsm to capture a band of 900 Mhz that hopped to 1800 Mhz band?

Moreover I also used the mean of (1855.8 Mhz,1856.2 Mhz &1860.6 Mhz ) frequencies and use it as center frequency to capture the downlink traffic but all I got is an empty cfile with no packets to decode?

[Nikos Balkanas]

Well, you saw the assignment. Did you get any packets from 1800 Mhz?
Moreover, as far as I know, channel hopping changes. That means, if
you try again later,
you will not get the same bands:(

HTH
Nikos

> --
> You received this message because you are subscribed to the Google Groups "gr-gsm" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gr-gsm+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/99a0eed1-fd6a-4124-ae2d-fc54888401b7n%40googlegroups.com.

[Hamza]

I've seen instantaneous peaks on 1800Mhz but there are no packets to decode while monitoring with livemon. 

[Hamza]

Its been a week I am working on it and luckily the hopping frequency remains the same and isn't changing.

To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/208a0cbc-8d79-48c1-bf98-d7a6e82148a8n%40googlegroups.com.

[Nikos Balkanas]

If you don't see decoded packets in livemon, it ain't GSM probably.
PCS1900 is 1850-1900 Mhz
3G band III is 1807-1878 Mhz
4G band 3 is 1805 - 1880 Mhz
Lots of overlaps:(

> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/CAJL_9-0Y5CcwmArv%2B_VODuGBLDeqO92A%3DcMdfsTE0ZL6udA_Hg%40mail.gmail.com.

[Nikos Balkanas]

Also if you are looking at decrypted packets, grgsm understands A5.1 &
2, but not A5.3 (kazumi)

Nikos

[Hamza]

As far as  I know gsm call can't be hopped to PCS1900,3G or 4g band and remains on GSM band (correct me if I am wrong).

The 1800 frequency I am targeting is the same frequency I got in the LIST OF ARFCNS on SDCCH8 channel so it must be GSM data.

The reason GRGSM isn't showing any decoded packets on that frequency is because of unstable signal as it is a hopper signal.

Decryption isn't an issue because the telco I am targeting isn't using any encryption.

[Nikos Balkanas]

PCS1900 is a GSM band. Different band than the GSM900, but still gsm.
All 3 techs converge at ~1800 Mhz. livemon won't decode non gsm
traffic, but still display the frequency spikes:)

> To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/d99bd229-cbd6-4555-81ec-69a80f1181bbn%40googlegroups.com.

[Al Higgins]

Hamza,

Sounds like you are trying to capture a cell from a network employing hyper-band techniques, this means the cell Broadcast Control Channel (BCCH) is found on one band (in your case 938.2MHz / ARFCN 16) but allocates resources on another band. Most cells on GSM will actually have multiple frequencies allocated to them, with a single BCCH controlling access - the hopping pattern can only occur between the frequencies on the single cell, therefore the frequencies would be fixed. 

To be able to collect, you would need to cover all the cells allocated frequencies simultaneously along with the BCCH. Grgsm_scanner will tell you what the other frequencies are by using the -v function. It's worth noting that when you run grgsm_scanner you are only recording the BCCH and not dedicated traffic channels. 

With a network employing hyper-band techniques, collecting all the frequencies simultaneously would be difficult without running concurrent capture sessions using multiple SDR. I don't think this would be possible with gr-gsm, but am happy to be corrected. 

Regards,

Al

To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/CAAxXO2GyJep2KUuVfrpXZNu2_wbJLBbx-_bpiWKX5dputb9-4A%40mail.gmail.com.

[Hamza]

Nikos as you said PCS 1900 is a gsm band can we capture that band with grgsm?

Al Higgins Thanks for your response. There is a typing mistake I actually captured data on 938.4Mhz(17 Arfcn). Grgsm can scan all the GSM900 band(screen shot attached) but is unable to scan 1800 band.

I have used multiple SDRs to  capture both GSM900 and PCS1900  simultaneously. I received the  packets on GSM900 but unable to get anything on pcs1900 (in my case its ARFCN 765,767&785)

[Al Higgins]

Hamza, 

When running the scanner use: 

grgsm_scanner --band DCS1800

This will give you the 1800 band, you can't scan through multiple bands simultaneously as far as I know so you'll have to run separate scans. You can also use the -v device at the end if you want further info than displayed in your screen shot. 

Regards,

Al

To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/9c7c819f-9274-4230-9958-7eaa38c28627n%40googlegroups.com.

[Nikos Balkanas]

Hi Hamza,

How did you figure out that your connection at 900 Mhz jumped to 1800 Mhz?

The assignment packet, doesn't specify frequency, just that it hops (MAIO, etc).

Unless I am mistaken, i don't think that an ARFCN can hop outside its range (200 Khz).

Otherwise you would violate the spec and have 2 arfcns on the same channel!

BR,

Nikos

To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/CAOXerexYdZBXXv7DkjimFwRs0YuEJe1AyHPXRWty41jTPq5GNw%40mail.gmail.com.

[Hamza]

Hi Nikos,

Here you can see in the figure below the Hopping parameters i.e MAIO,HSN and available ARFCNS.

[Nikos Balkanas]

Thx, Hamza,

I was not aware of that. That's practically giving away the frequency:)

So, it is violating the spec, but it gives a list of available (empty) ARFCNs in the area.

And you said they are the same for the whole week?

I am still struggling to install the latest gr-gsm.

Hopefully I will have it done later today, and then I can take a look in your cfile.

Good to know,

Nikos

To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/e5438b70-2978-4106-915f-d4acb6a48cc9n%40googlegroups.com.

[Nikos Balkanas]

So, did you use a 4.6 Mhz sampling rate at 1902.9 Mhz for PCS1900 or 1762.8 Mhz for DCS1800?

No 1800 Mhz anywhere!

Nikos

[Nikos Balkanas]

*at least 4.4 Mhz sampling frequency

[Nikos Balkanas]

Since the arfcns overlap for DCS1800 & PCS1900, and the assignment packet doesn't specify which,

you should try both...

Nikos

[Hamza]

Al Higgins,

I am interested in ARFCN 765,767 &786 but Grgsm_Scanner is not scanning them.

PCS1900 is not available in our country.

GSM 900:

DCS1800:

.

[Al Higgins]

Hamza,

They're DCS1800 ARFCN so PCS1900 isn't an issue for you. 

You won't see them on grgsm_scanner as they appear to not be cell BCCH ARFCNs, it seems as they are both dedicated traffic channels with no signaling information. Scanner decodes BCCH signaling only. 

You should still be able to collect them using livemon and capture - livemon will show you these are active, you should see a signal bursting rather than constant.

Regards

Al

To view this discussion on the web visit https://groups.google.com/d/msgid/gr-gsm/49e86018-bb78-4ced-83bb-b06a6ff8c59en%40googlegroups.com.

[Hamza]

There is nothing on livemon on these frequencies. I only got traffic on 1832.8M and 1833.2M