This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

capturing mobile phone packets

0

I want to capture Http request and response packets which are created by going to a web site with my mobile phone(it is not an iphone). Can anyone tell me how to do it?

asked 24 Mar '11, 10:20

A%20B's gravatar image

A B
1101012
accept rate: 0%

retagged 14 Oct '13, 04:49

beroset's gravatar image

beroset
2261213

Does the phone connect through your home network (or other wifi) or via your cellular service provider's network (3G/4G, etc)? If it is the latter, you will need specialized hardware to monitor that traffic.

(24 Mar '11, 11:16) multipleinte...

Yes I want to use 3G/4G. What is the hardware?And how should I perform it?

(24 Mar '11, 13:22) A B

Last thing I heard on 27C3 someone said the hardware to record GSM traffic is about 5000€, approx. $7000. And of course you need to decrypt the communication after recording it.

Check http://en.wikipedia.org/wiki/Universal_Software_Radio_Peripheral and http://bb.osmocom.org/trac/, maybe it helps.

(25 Mar '11, 16:36) Jasper ♦♦

2 Answers:

1

You can use a packet capturing application, running on the phone. A couple examples:

Once this utility is installed, the basic steps to capture traffic to/from your phone would be:

  1. Start the packet capturing session.
  2. Browse the target web site, and perform the tasks you want to capture.
  3. Stop the packet capturing session (and save to file).
  4. Copy the capture file to your PC/Mac, and open it with Wireshark.

answered 25 Mar '11, 22:24

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

Hi, i wanted to know if these apps "Shark for Root" and "Microsoft Network Analyzer" are able to perform GSM packets capture on a cell phone? later to be transferred to a computer and analyzed on Wireshark.

(27 Sep '13, 00:01) Arslan

It depends on the cell phone.

Shark for Root is, as indicated, a tool for Android phones; if your phone isn't an Android smartphone, it won't work. It also won't capture GSM packets, in the sense of showing raw GSM traffic, just IP packets, in the sense of Internet traffic, as per kiloohm's answer.

Network Analyzer is, as indicated, a tool for Windows Mobile phones; if your phone isn't a Windows Mobile smartphone, it won't work. I doubt that it can capture raw GSM traffic, either; it probably has the same limitation as Shark for Root.

(27 Sep '13, 11:22) Guy Harris ♦♦

Hi, I installed 'shark for root' app in my phone, my phone is capable of root access. stil i get an error as "shark error..problem in launching sequence..Do you have root? DO you have 2MB free on data partition?"

(30 Jan '14, 02:34) Namrata

How to resolve this issue?

(30 Jan '14, 02:44) Namrata

please ask the developers of that App!

(30 Jan '14, 04:39) Kurt Knochner ♦

0

The standard packet capture tools won't allow you to capture "GSM" packets.

On an Android phone, once the cellular modem establishes a data session with the network, it will create an interface (rmnet0 or rmnet_usb0 for example). That interface is what the Android OS uses to exchange packets from the OS to the cellular modem in the phone.

Once it reaches the cellular modem, packets get encapsulated in GTP (for user data). The control packets (non-access stratum signalling for example) is generated at the cellular modem itself.

In order to capture these messages directly from the phone, you will need specialized equipment of software capable of connecting and interpreting the Qualcomm diagnostic monitor (DM) port on the phone. QXDM, TEMS Investigation and Swissqual are examples of tools capable of doing that.

I don't know of any free tool capable of interfacing correctly with the DM port but I'd be interested in one exist.

answered 27 Sep '13, 06:35

Kiloohm's gravatar image

Kiloohm
412
accept rate: 0%

As far as Swissqual is considered, i talked to Rohde & Schwarz guys and they say that audio codec being used during voice call information ain't available on it. I wanted to know if QxDM can really monitor this information because, i haven't gone through any document stating so, and their help center doesn't receives calls.

(01 Oct '13, 21:27) Arslan

One minor correction in Kiloohn's post: GTP encapsulation shouldn't be happening at all on the user device. That happens further upstream from BSC/RNC towards the Core network over Iu in the GPRS case, or from eNodeB toward S-Gw for the EPS case, but there's no establishment of GTP tunnels from the UE on the air interface, and no negotiation of TEIDs toward the UE. At that level it's just IP packets traveling within resource blocks, where GTP encapsulation is performed on those pakcets upstream.

This question is now a bit stale, but a few practical solutions would be:

  • If you control the server you're sending the packets to, use Wireshark at the server to see what the device sent at the HTTP level. You could even try hosting the same web service from your home Internet connection just to get the device packets coming in to trace them from the server side.
  • If you are the carrier, or if your carrier is really awesome and willing to do that for you, you could trace it off of virtually any user-plane interface other than the air interface, as it would either be unencrypted or in an IPSec tunnel for which the carrier should have the necessary key info to decrypt.
(14 Oct '13, 09:54) Quadratic