Table of Contents

GSM Sniffing with RTLSDR
- Installation
- Usage
  - Scan
  - Sniff TN0
- BTSs

GSM Sniffing with RTLSDR

Installation

Use the manual installation as described in the Wiki. The automatic one is strange.

On Gentoo, at least the following packages are required:

net-libs/libosmocore

git clone https://github.com/ptrkrysik/gr-gsm.git
cd gr-gsm
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
wget -O /etc/udev/rules.d/rtl-sdr.rules http://git.osmocom.org/rtl-sdr/plain/rtl-sdr.rules
 
mv ../../gr-gsm /opt
chown -R root.root /opt/gr-gsm

Usage

Scan

Scanning the Channels does not work like this :

sudo sysctl kernel.shmmni=32000
for b in  P-GSM DCS1800 PCS1900 E-GSM R-GSM GSM450 GSM480 GSM850 ; do
    echo $b
    PYTHONPATH=/usr/local/lib64/python2.7/site-packages python2 airprobe_rtlsdr_scanner.py -g 30 -b $b -p 0 -v --speed 1
done

Ugly hack (change ARFCN in seq, here it's given for Europe):

for a in `seq 0 124` `seq 955 1023` `seq 512 885` ; do
    if [ `PYTHONPATH=/usr/local/lib64/python2.7/site-packages airprobe_rtlsdr_capture.py -a $a -c /dev/null -v -T 1 2>/dev/null | wc -l` -gt 1 ] ; then
        echo $a
    fi
done

Sniff TN0

wireshark -k -Y '!icmp && gsmtap' -i lo
PYTHONPATH=/usr/local/lib64/python2.7/site-packages gnuradio-companion ../apps/airprobe_rtlsdr.grc

BTSs

List of BTSs (Internal)