Can we use wireshark to sniff 3G/4G packets from nearby cellphones ?
asked 15 Oct '14, 02:44
No, you can't, Wireshark does not have the ability to tap into 3G/4G wireless networks.
answered 15 Oct '14, 02:46
If the question is meant in the paranoid sense, as "Is it possible for other people to see my traffic over the radio network?", it's likely not going to be possible for them because virtually all operators negotiate encryption with your phone for both your IP payload as well as most signaling exchanges, however a few things to keep in mind:
1) With specialized tools, it is possible to 'listen' to the radio interface on licensed frequency bands (like Wifi, these are broadcasted messages over the air so there's no stopping that).
2) While I've never seen it done outside of lab/test environments, it is possible to avoid encryption altogether for these radio types, including both signaling (RRC/NAS) and payload. Those are separately negotiated between the phone and the network, though again I would be surprised if too many networks allow unciphered connections.
3) It is always possible for other people to intercept IMSI numbers (unique ID of a SIM card, similar to a MAC address) over the radio network because that is used prior to encryption negotiation. That is minimized somewhat because networks will assign temporary identifiers ("GUTIs" for LTE networks, or just "TMSIs/P-TMSIs" for legacy networks), meaning subsequent connections can use these temporarily assigned numbers in plain-text rather than the SIM's IMSI number. Also note that while IMSIs are interceptable they are not enough to impersonate, since they are virtually always (and in a real-world network, literally always) challenged by the network when they connect.
4) The phone's IMEI wouldn't be authenticated (at least, not within the 3GPP standardized call flows), however they are not transmitted over the network until after signaling encryption is negotiated so they should not be vulnerable to over-the-air interception.
answered 15 Oct '14, 18:57
edited 15 Oct '14, 19:01