[Gsmmap] Question regarding SnoopSnitch and Xgoldmon traces

Pedro Cabrera pedrocab at gmail.com
Wed Sep 7 18:04:01 CEST 2016

Hello all,

I've been playing with Xgoldmon for long time on a samsung S3 and S2,
analyzing Spanish operators UMTS traces. A few days ago, I have the
opportunity to install SnoopSnitch on a samsung A3 and activate the raw
radio data and pcap files. The biggest surprise come from the use of
encryption algorithm, the UEA0 and UEA1;

- In the UMTS Xgoldmon traces, "SecurityModeCommand" messages always
establishing UEA1 as the ciphering algorithm, but after that, from time to
time, a "RadioBearerSetup" or "RadioBearerReconfiguration" message,
establish UEA0 as the new ciph. algorithm. .

- In the UMTS SnoopSnitch traces, I only
see "SecurityModeCommand" messages, again always establishing UEA1 as the
ciphering algorithm.

While analyzing this results, I doubt about the root cause of this
difference; Is because the two software I used or the two phones?

I would like to share with all of you my conclusion as I'm not sure, to
explain that; I guess the two phones have a different baseband chip, so
both Xgoldmon and SnoopSnitch traces are valid and just shows what really
happens in the network.

Thank all of you for your time,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/gsmmap/attachments/20160907/d94e7a23/attachment.html>

More information about the Gsmmap mailing list