Categories
EUTRAN LTE Mobile Networks

Viewing the SIB – The LTE System Information Block with SDRs

Using SDR hardware to view the LTE System Information Block’s contents.

Categories
EUTRAN LTE Mobile Networks

Working with LTE MAC traces in Wireshark

Using Wireshark to view and analyze MAC layer LTE traffic

Categories
EPC EUTRAN LTE Mobile Networks

Multi Operator Core-Networks (MOCN) for RAN Sharing

Multi-tenancy on the RAN side of the network, allowing an eNB to broadcast multiple PLMN IDs (MCC/MNC) in the System Information Block (SIB).

Categories
EUTRAN LTE Mobile Networks

BaiCells Neutrino eNB Setup

Configuring BaiCells Neutrino eNB

Categories
EUTRAN LTE Mobile Networks Software

SRS LTE – Software Defined LTE Stack with BladeRF x40

Using SRS LTE Stack with the BladeRF x40 Software Defined Radio (SDR)

Categories
EPC EUTRAN LTE Mobile Networks Python RFCs & Standards SIM Cards Software

PLMN Identifier Calculation (MCC & MNC to PLMN)

How to encode and decode MCC and MNC as PLMN Identifiers

Categories
EPC EUTRAN GSM LTE Mobile Networks RFCs & Standards Security SIM Cards

Querying Auth Credentials from USIM/SIM cards

Using osmo-sim-auth to query USIM/SIM cards authentication mechanism.

Categories
EPC EUTRAN LTE Mobile Networks RF Security SIM Cards

HSS & USIM Authentication in LTE/NR (4G & 5G)

Exploring the how and why of Authentication in LTE & NR networks.

Categories
EPC EUTRAN LTE Mobile Networks

LTE / EUTRAN – Idle Detach

Overview of the packet flow for a UE Idle detach from the network.

Categories
EPC EUTRAN LTE Mobile Networks

Subscribed-Periodic-RAU-TAU-Timer

Periodic Tracking Area Update timer purpose

Categories
EPC EUTRAN LTE Mobile Networks RF

Qos in LTE (4G) – ARP

ARP in LTE is not the Ethernet standard for address resolution, but rather the Allocation and Retention Policy. A scenario may arise where on a congested cell another bearer is requested to be setup. The P-GW, S-GW or eNB have to make a decision to either drop an existing bearer, or to refuse the request […]

Categories
EPC EUTRAN LTE Mobile Networks RF

QoS in LTE (4G) – MBR/AMBR/APN-MBR

MBR stands for Maximum Bit Rate, and it defines the maximum rate traffic can flow between a UE and the network. It can be defined on several levels: MBR per Bearer This is the maximum bit rate per bearer, this rate can be exceeded but if it is exceeded it’s QoS (QCI) values for the […]

Categories
EPC EUTRAN LTE Mobile Networks RF

QoS in LTE (4G) – QCI

The QCI (Quality Class Indicator) is a value of 0-9 to denote the service type and the maximum delays, packet loss and throughput the service requires. Different data flows have different service requirements, let’s look at some examples: A VoLTE call requires low latency and low packet loss, without low latency it’ll be impossible to […]

Categories
EPC EUTRAN LTE Mobile Networks RF

QoS in LTE (4G) – GBR & Non-GBR Bearers

GBR is a confusing concept at the start when looking at LTE but it’s actually kind of simple when we break it down. GBR stands for Guaranteed Bit Rate, meaning the UE is guaranteed a set bit rate for the bearer. The default bearer is always a non-GBR bearer, with best effort data rates. Let’s […]

Categories
EPC EUTRAN LTE Mobile Networks Notes RF

LTE (4G) – TMSI & GUTI

We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers and how the key hierarchy works for encryption of user data and control plane data. If the IMSI was broadcast in the clear over the air, anyone listening would have the unique identifier of the subscriber nearby […]

Categories
LTE Mobile Networks RF RFCs & Standards Security SIM Cards

LTE (4G) – EUTRAN – Key Distribution and Hierarchy

We’ve talked a bit in the past few posts about keys, K and all it’s derivatives, such as Kenc, Kint, etc. Each of these is derived from our single secret key K, known only to the HSS and the USIM. To minimise the load on the HSS, the HSS transfers some of the key management […]

Categories
LTE Mobile Networks RF RFCs & Standards Security

LTE (4G) – Ciphering & Integrity of Messages

We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers. Those functions are done “in the clear” meaning anyone listening can get a copy of the data transmitted, and responses could be spoofed or faked. To prevent this, we want to ensure the data is ciphered (encrypted) […]

Categories
EPC EUTRAN LTE Mobile Networks Notes RF

IMTx: NET02x (4G Network Essentials) – Management of Sporadic Data Flows – 4. UE Triggered Service Request

These are my lecture notes from IMT’s NET02x (4G Network Essentials) course, I thought I’d post them here as they may be useful to someone. You can find my complete notes here. As we just saw when a terminal moves to ECC-Idle while in EMM-Registered state, it releases it’s radio resources, so what happens when […]

Categories
EPC EUTRAN LTE Mobile Networks Notes RF

IMTx: NET02x (4G Network Essentials) – Management of Sporadic Data Flows – 2. UE Connection to the Network

These are my lecture notes from IMT’s NET02x (4G Network Essentials) course, I thought I’d post them here as they may be useful to someone. You can find my complete notes here. One of the common themes we cover over and over in the 4G discussion is the desire to preserve energy on the UE […]

Categories
EPC EUTRAN LTE Mobile Networks Notes RF

IMTx: NET02x (4G Network Essentials) – Management of Sporadic Data Flows – 1. Attach and Detach Procedures

These are my lecture notes from IMT’s NET02x (4G Network Essentials) course, I thought I’d post them here as they may be useful to someone. You can find my complete notes here. A LTE UE has permanent IP connectivity for as long as it is connected. As soon as the UE powers up it requests […]