[Gsmmap] Question regarding SnoopSnitch and Xgoldmon traces
pedrocab at gmail.com
Wed Sep 7 18:04:01 CEST 2016
I've been playing with Xgoldmon for long time on a samsung S3 and S2,
analyzing Spanish operators UMTS traces. A few days ago, I have the
opportunity to install SnoopSnitch on a samsung A3 and activate the raw
radio data and pcap files. The biggest surprise come from the use of
encryption algorithm, the UEA0 and UEA1;
- In the UMTS Xgoldmon traces, "SecurityModeCommand" messages always
establishing UEA1 as the ciphering algorithm, but after that, from time to
time, a "RadioBearerSetup" or "RadioBearerReconfiguration" message,
establish UEA0 as the new ciph. algorithm. .
- In the UMTS SnoopSnitch traces, I only
see "SecurityModeCommand" messages, again always establishing UEA1 as the
While analyzing this results, I doubt about the root cause of this
difference; Is because the two software I used or the two phones?
I would like to share with all of you my conclusion as I'm not sure, to
explain that; I guess the two phones have a different baseband chip, so
both Xgoldmon and SnoopSnitch traces are valid and just shows what really
happens in the network.
Thank all of you for your time,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gsmmap