LTESniffer, an open source tool to intercept traffic in 4G LTE networks

Darkcrizt

4 minutes

LTE sniffer a tool that can passively capture LTE traffic

Few days ago, researchers from the Korea Institute of Advanced Technology announced the release of a tool called “LTESniffer” which is open source and allows users to monitor LTE networks and analyze traffic. LTESniffer is designed to work with a variety of LTE devices, including smartphones, tablets, and modems, and can be used to capture and analyze data transmitted over LTE networks.

LTE (Long-Term Evolution) is a standard for broadband wireless communication that is widely used in mobile networks around the world. LTE networks are designed to provide fast and reliable data transfer, but they are not immune to security threats.

One of the most significant security risks associated with LTE networks is eavesdropping. LTE eavesdropping refers to the interception and analysis of data transmitted over LTE networks without the knowledge or consent of the parties involved.

About LTESniffer

LTESniffer, allows you to passively organize (without sending signals on the air) eavesdropping and intercepting traffic between a base station and a cell phone in 4G LTE networks, as well as providing utilities for orchestrating traffic interception and an API implementation for using the LTESniffer functionality in third-party applications.

One of the features ltesniffer key is its ability to capture and decode LTE control plane messages. LTE devices use these messages to establish and maintain connections to the network and contain important information about the device and the network. By capturing and analyzing these messages, LTESniffer can provide valuable information about the operation of LTE networks and the behavior of LTE devices.

LTESniffer provides decoding of the physical channel PDCCH (Physical Downlink Control Channel) for get information about base station traffic (DCI, Downlink Control Information) and temporary network identifiers (RNTI, Radio Network Temporary Identifier).

The definition of DCI and RNTI also allows decoding data from the PDSCH (Physical Downlink Shared Channel) and PUSCH (Physical Uplink Shared Channel) channels to gain access to incoming and outgoing traffic. At the same time, LTESniffer does not decrypt encrypted messages transmitted between a mobile phone and a base station, but provides access only to information transmitted in clear text. For example, messages sent by the base station in broadcast mode and initial connection messages are transmitted without encryption, allowing you to collect information about which number.

Of the features that stand out from LTESniffer, the following are mentioned:

  • Real-time decoding of outgoing and incoming LTE control channels
  • Support for LTE Advanced (4G) and LTE Advanced Pro (5G, 256-QAM) specifications.
  • DCI format compatibility
  • Support for data transfer modes: 1, 2, 3, 4.
  • Support for frequency division duplex (FDD) channels.
  • Support for base stations using frequencies up to 20 MHz.
  • Automatic detection of modulation schemes used for incoming and outgoing data (16QAM, 64QAM, 256QAM).
  • Automatic detection of the physical layer configuration for each phone.
  • LTE security API support: RNTI-TMSI mapping, IMSI collection, profiling.

Interception requires additional equipment. To intercept traffic from the base station alone, a USRP B210 programmable transceiver (SDR) with two antennas is sufficient, costing about $2000.

A more expensive USRP X310 SDR card is required to intercept traffic from the mobile phone to the base station with two additional transceivers (kit costs about $11,000), since passive detection of packets sent by phones requires precise time synchronization between the frames sent and received and the simultaneous reception of signals in two different frequency bands.

A computer powerful enough to decode the protocol is also required, for example, to analyze traffic from a base station with 150 active users, an Intel i7 CPU system and 16 GB of RAM are recommended.

LTESniffer is also highly customizable. and can be configured to capture specific types of traffic or filter unwanted traffic. This makes it a powerful tool for network administrators, security researchers, and anyone else who needs to monitor LTE networks and analyze traffic. In the next section, we will discuss how to use LTESniffer to monitor LTE networks and analyze traffic.

If you are interested in learning more about it, you can consult and/or obtain the tool code at the following link.

Last but not least, it should be mentioned that LTE listening can be used for a variety of purposes, both legitimate and illegitimate, so the use of the tool is at the discretion of the user and the laws of their country.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.