Packet Call - GSM

 

 

 

 

Step

Direction

Message

Channel

Comments

1

UE <-- NW

RR  : System Information Type 1,2,3,4,5,6 etc

BCCH

 

2

UE --> NW

RR  : Channel Request

RACH

 

3

UE <-- NW

RR  : Immediate Assignment

AGCH

 

4

UE --> NW

MM : Location Updating Request

SDCCH

 

5

UE <-- NW

MM : Authentication Request

SDCCH

 

6

UE --> NW

MM : Authentication Response

SDCCH

 

7

UE <-- NW

MM : Ciphering Mode Command

SDCCH

 

8

UE --> NW

MM : Ciphering Mode Complete

SDCCH

 

9

UE <-- NW

MM : Identity Request (IMSI)

SDCCH

 

10

UE --> NW

MM : Identity Response

SDCCH

 

11

UE <-- NW

MM : Location Updating Accept

SDCCH

 

12

UE --> NW

MM : TMSI ReAllocation Complete

SDCCH

 

13

UE <-- NW

MM  : INFORMATION

SDCCH

 

14

UE <-- NW

RR  : Channel Release

SACCH

 

15

UE --> NW

RR : Channel Request/Handover Access

SDCCH

 

16

UE <-- NW

RR  : Immediate Assignment

AGCH

 

17

UE --> NW

GPRS MM : Attach Request

PDTCH

 

18

UE <-- NW

GPRS MM : Authentication and Ciphering Request

PDTCH

 

19

UE --> NW

GPRS MM : Authentication and Ciphering Response

PDTCH

 

20

UE <-- NW

GPRS MM : Indentity Request

PDTCH

 

21

UE --> NW

GPRS MM : Indentity Response

PDTCH

 

22

UE <-- NW

GPRS MM : Attach Accept

PDTCH

 

23

UE --> NW

GPRS MM : Attach Complete

PDTCH

 

24

UE <-- NW

GPRS MM : GMM INFORMATION

PDTCH

 

25

UE --> NW

SM : Activate PDP Context Request

PDTCH

 

26

UE <-- NW

SM : Activate PDP Context Accept

PDTCH

 

27

UE <--> NW

  < Packet Traffic >

PDTCH

 

 

 

(1) RR  : System Information Type

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 1

    L2 Pseudo Length

        0101 01.. = L2 Pseudo Length value: 21

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 1

    Cell Channel Description

        00.. 000. = Format Identifier: bit map 0 (0x00)

        List of ARFCNs =

    RACH Control Parameters

        00.. .... = Max retrans: Maximum 1 retransmission (0)

        ..00 00.. = Tx-integer: 3 slots used to spread transmission (0)

        .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0)

        .... ...1 = RE: True

        0000 0000 0000 0000 = ACC: 0x0000

    SI 1 Rest Octets

        L... ....: NCH position: Not present

        .L.. ....: Band Indicator: 1800

        Padding Bits: default padding

 

HEX : 55 06 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 2B

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 2

    L2 Pseudo Length

        0101 10.. = L2 Pseudo Length value: 22

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 2

    Neighbour Cell Description - BCCH Frequency List

        ..0. .... = EXT-IND: The information element carries the complete BA (0)

        ...0 .... = BA-IND: 0

        00.. 000. = Format Identifier: bit map 0 (0x00)

        List of ARFCNs =

    NCC Permitted

        1111 1111 = NCC Permitted: 0xff

    RACH Control Parameters

        00.. .... = Max retrans: Maximum 1 retransmission (0)

        ..00 00.. = Tx-integer: 3 slots used to spread transmission (0)

        .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0)

        .... ...1 = RE: True

        0000 0000 0000 0000 = ACC: 0x0000

 

HEX : 59 06 1A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 01 00 00

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 3

    L2 Pseudo Length

        0100 10.. = L2 Pseudo Length value: 18

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 3

    Cell Identity - CI (0)

        Cell CI: 0x0000 (0)

    Location Area Identification (LAI)

        Location Area Identification (LAI) - 001/01/0

            Mobile Country Code (MCC): Unknown (1)

            Mobile Network Code (MNC): Unknown (01)

            Location Area Code (LAC): 0x0000 (0)

    Control Channel Description

        1... .... = MSCR: MSC is Release '99 onwards (1)

        .1.. .... = ATT: MSs in the cell shall apply IMSI attach and detach procedure (1)

        ..00 1... = BS_AG_BLKS_RES: 1

        .... .000 = CCCH-CONF: 1 basic physical channel used for CCCH, not combined with SDCCHs(0)

        .00. .... = CBQ3: Iu mode not supported (0)

        .... .101 = BS-PA-MFRMS: 5

        T3212: 0

    Cell Options (BCCH)

        .1.. .... = PWRC: True

        ..10 .... = DTX (BCCH): The MSs shall not use uplink discontinuous transmission (2)

        .... 0011 = Radio Link Timeout: 16 (3)

    Cell Selection Parameters

        001. .... = Cell Reselection Hysteresis: 1

        ...0 1000 = MS TXPWR MAX CCH: 8

        0... .... = ACS: False

        .0.. .... = NECI: 0

        ..10 1001 = RXLEV-ACCESS-MIN: -70 <= x < -69 dBm (41)

    RACH Control Parameters

        00.. .... = Max retrans: Maximum 1 retransmission (0)

        ..00 00.. = Tx-integer: 3 slots used to spread transmission (0)

        .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0)

        .... ...1 = RE: True

        0000 0000 0000 0000 = ACC: 0x0000

    SI 3 Rest Octets

        L... ....: Selection Parameters: Not present

        .L.. ....: Optional Power Offset: Not present

        ..L. ....: SYSTEM INFORMATION TYPE 2ter: Not Available

        ...L ....: Early Classmark Sending: Is forbidden

        .... L...: Scheduling if and where: Not present

        .... .H..: GPRS Indicator: Present

        GPRS Indicator

            .... ..00  1... .... = GPRS RA Colour: 1

            .0.. .... = SI13 Position: SYSTEM INFORMATION TYPE 13 message is sent on BCCH Norm(0)

        ..L. ....: 3G Early Classmark Sending Restriction: Neither UTRAN, CDMA2000

                   nor GERAN IU MODE CLASSMARK CHANGE message shall be sent with the Early

                   classmark sending

        ...H ....: SI2quater Indicator: Present

        .... 0... = SI2quater Position: SYSTEM INFORMATION TYPE 2 quater message is sent

                    on BCCH Norm

        Padding Bits: Unknown extension detected or malformed PDU (Not decoded)

 

HEX : 49 06 1B 00 00 00 F1 10 00 00 C8 03 00 63 28 29 01 00 00 2C B7 2B 2B

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 4

    L2 Pseudo Length

        0011 00.. = L2 Pseudo Length value: 12

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 4

    Location Area Identification (LAI)

        Location Area Identification (LAI) - 001/01/0

            Mobile Country Code (MCC): Unknown (1)

            Mobile Network Code (MNC): Unknown (01)

            Location Area Code (LAC): 0x0000 (0)

    Cell Selection Parameters

        001. .... = Cell Reselection Hysteresis: 1

        ...0 1000 = MS TXPWR MAX CCH: 8

        0... .... = ACS: False

        .1.. .... = NECI: 1

        ..10 1001 = RXLEV-ACCESS-MIN: -70 <= x < -69 dBm (41)

    RACH Control Parameters

        00.. .... = Max retrans: Maximum 1 retransmission (0)

        ..00 00.. = Tx-integer: 3 slots used to spread transmission (0)

        .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0)

        .... ...1 = RE: True

        0000 0000 0000 0000 = ACC: 0x0000

    SI 4 Rest Octets

        SI4 Rest Octets_O

            L... ....: Selection Parameters: Not present

            .L.. ....: Optional Power Offset: Not present

            ..H. ....: GPRS Indicator: Present

            GPRS Indicator

                ...0 01.. = GPRS RA Colour: 1

                .... ..0. = SI13 Position: SYSTEM INFORMATION TYPE 13 message is sent

                            on BCCH Norm (0)

        .... ...L: SI4 Rest Octets_S: Not present

        L... ....: Break Indicator: Additional parameters "SI4 Rest Octets_S" are not sent

                    in SYSTEM INFORMATION TYPE 7 and 8

        Padding Bits: default padding

 

HEX : 31 06 1C 00 F1 10 00 00 28 69 01 00 00 05 2B 2B 2B 2B 2B 2B 2B 2B 2B

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 2quater

    L2 Pseudo Length

        0101 00.. = L2 Pseudo Length value: 20

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 2quater

    SI 2quater Rest Octets

        0... .... = BA-IND: 0

        .0.. .... = 3G BA-IND: 0

        ..0. .... = Measurement Parameter Change Mark: 0

        ...0 000. = SI2quater Index: 0

        .... ...0  000. .... = SI2quater Count: 0

        ...0 ....: Measurement Parameters Description: Not Present

        .... 0...: GPRS Real Time Difference Description: Not Present

        .... .0..: GPRS BSIC Description: Not Present

        .... ..0.: GPRS Report Priority Description: Not Present

        .... ...0: GPRS Measurement Parameters Description: Not Present

        1... ....: NC Measurement Parameters: Present

        NC Measurement Parameters

            .00. .... = Network Control Order: NC0 (0)

            .... 000. = NC Non DRX Period: No non-DRX mode after a measurement report has

                        been sent (0)

            .... ...0  10.. .... = NC Reporting Period I: 1.92 s (2)

            ..01 0... = NC Reporting Period T: 1.92 s (2)

        ...1 ....: NC Periods: Present

        .... .0..: SI 2quater Extension Information: Not Present

        .... ..1.: 3G Neighbour Cell Description: Present

        3G Neighbour Cell Description

            .... ...0: Index Start 3G: Not Present

            0... ....: Absolute Index Start EMR: Not Present

            .1.. ....: UTRAN FDD Description: Present

            UTRAN FDD Description

                ..0. ....: Bandwidth FDD: Not Present

                ...1 ....: Repeated UMTS FDD Neighbour Cells: Present

                .... 0...: Bit reserved for earlier version of protocol: Current version

                .... .100  1100 1001  000. .... = FDD UARFCN: 9800

                ...0 ....: the FDD_CELL_INFORMATION parameter value '0000000000' :

                                          is not a member of the set

                Nr of FDD Cells : 1

                UTRAN FDD Description

                    Field is 10 bits long

                    Scrambling Code: 9

                    Diversity: 0

                ...0 ....: Repeated UMTS FDD Neighbour Cells: Not Present

            .... 0...: UTRAN TDD Description: Not Present

        .... .1..: 3G Measurement Parameters Description: Present

        3G Measurement Parameters Description

            .... ..01  11.. .... = Qsearch I: Always (7)

            ..0. .... = QSearch C Initial: use Qsearch I

            ...1 ....: FDD Information: Present

            .... 0110 = FDD Qoffset: -8 dB (6)

            0... .... = FDD Rep Quant: RSCP

            .01. .... = FDD Multirat Reporting: 1

            ...0 00.. = FDD Qmin: -20 dB (0)

            .... ..0.: TDD Information: Not Present

        .... ...1: GPRS 3G Measurement Parameters Description: Present

        GPRS 3G Measurement Parameters Description

            0111 .... = Qsearch P: Always (7)

            .... 1... = 3G Search Prio (ignored in Rel-8): 3G cells may be searched

                         when BSIC decoding is required

            .... .1..: FDD Parameters: Present

            .... ..0. = FDD Rep Quant: RSCP

            .... ..0.: Reporting Quantity: RSCP

            .... ...0  1... .... = FDD Multirat Reporting: 1

            .0.. ....: FDD Reporting Parameters: Not Present

            ..0. ....: TDD Multirat Reporting: Not Present

            ...0 ....: TDD Reporting Parameters: Not Present

        .... L...: Additions in Rel-5: Not present

        Padding Bits: default padding

 

HEX :  51 06 07 00 00 90 92 54 C9 00 81 25 D6 21 7C 8B 2B 2B 2B 2B 2B 2B 2B  

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 13

    L2 Pseudo Length

        0000 00.. = L2 Pseudo Length value: 0

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 13

    SI 13 Rest Octets

        H... ....: SI13 contents: Present

        .000 .... = BCCH Change Mark: 0

        .... 0000 = SI Change Field: Update of unspecified SI message or SI messages (0)

        0... ....: SI13 Change Mark: Not Present

        .0.. ....: PBCCH: Not Present In Cell

        ..10 0000  00.. .... = RAC: 128

        ..0. .... = SPGC CCCH Sup: SPLIT_PG_CYCLE is not supported on CCCH in this cell

        ...1 10.. = Priority Access Thr: Packet access is allowed for priority level 1 to 4 (6)

        .... ..00 = Network Control Order: NC0 (0)

        GPRS Cell Options

            01.. .... = NMO: Network Mode of Operation II (1)

            ..01 1... = T3168: 2000 ms (3)

            .... .010 = T3192: 1500 ms (2)

            000. .... = DRX Timer Max: 0 s (0)

            ...0 .... = Access Burst Type: 8-bit format shall be used

            .... 1... = Control Ack Type: Default format is RLC/MAC control block

            .... .100  0... .... = BS CV Max: 8

            .0.. ....: PAN bits: Not Present

            ..1. ....: Optional Extensions: Present

            GPRS Cell Options Extension Information

                Extension Length: 8

                ..1. .... = EGPRS Packet Channel Request: Use two phase packet access

                            with PACKET CHANNEL REQUEST message for uplink TBF establishment

                            on the PRACH

                ...1 000. = BEP Period: 15 (8)

                .... ...0 = PFC Feature Mode: The network does not support packet flow context

                            procedures

                0... .... = DTM Support: The cell does not support DTM procedures

                .0.. .... = BSS Paging Coordination: The cell does not support Circuit-Switched

                            paging coordination

            .1.. ....: EGPRS: Supported by cell

        GPRS Power Control Parameters

            ..00 00.. = Alpha: 0.0 (0)

            .... ..00  000. .... = T Avg W: 2^(0/2) / 6 multiframes (0)

            ...0 0000 = T Avg T: 2^(0/2) / 6 multiframes (0)

            0... .... = PC Meas Chan: Downlink measurements for power control shall be made

                        on BCCH

            .000 1... = N Avg I: 2^(1/2) (1)

        .... .H..: Additions in R99: Present

        .... ..1. = SGSNR: SGSN is Release '99 onwards

        .... ...L: Additions in Rel-4: Not present

        Padding Bits: default padding

 

HEX :  01 06 00 80 20 18 5A 0C 24 70 00 00 0F 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 5

    L2 Pseudo Length

        0100 10.. = L2 Pseudo Length value: 18

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 5

    Neighbour Cell Description - BCCH Frequency List

        ..0. .... = EXT-IND: The information element carries the complete BA (0)

        ...0 .... = BA-IND: 0

        00.. 000. = Format Identifier: bit map 0 (0x00)

        List of ARFCNs =

 

HEX :  49 06 1D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - System Information Type 6

    L2 Pseudo Length

        0010 11.. = L2 Pseudo Length value: 11

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: System Information Type 6

    Cell Identity - CI (0)

        Cell CI: 0x0000 (0)

    Location Area Identification (LAI)

        Location Area Identification (LAI) - 001/01/0

            Mobile Country Code (MCC): Unknown (1)

            Mobile Network Code (MNC): Unknown (01)

            Location Area Code (LAC): 0x0000 (0)

    Cell Options (SACCH)

        .1.. .... = PWRC: True

        0.10 .... = DTX (SACCH): The MS shall not use uplink discontinuous transmission

                    on a TCH-F. The MS shall not use uplink discontinuous transmission

                    on TCH-H (2)

        .... 0011 = Radio Link Timeout: 16 (3)

    NCC Permitted

        1111 1111 = NCC Permitted: 0xff

    SI 6 Rest Octets

        L... ....: PCH and NCH Info: Not present

        .L.. ....: VBS/VGCS options: Not present

        ..L. ....: DTM: Not Supported in Serving cell

        ...L ....: Band Indicator: 1800

        .... L...: GPRS MS PWR MAX CCCH: Not present

        .... .L..: MBMS Procedures: Not supported

        .... ..L.: Additions in Rel-7: Not present

        Padding Bits: default padding

 

HEX : 2D 06 1E 00 00 00 F1 10 00 00 63 FF 2B 2B 2B 2B 2B 2B 2B

 

 

(2) RR  : Channel Request

 

Channel Request has various functionalities and the one right after power-on is is equivalent to RACH process of UMTS and LTE. Simply put, this message is to tell the network "I want to camp on you, please allocate me a radio resource that I initiate the connection process".

 

The one for the initial registration is as follows. (In good channel condition and in open space, the first Channel Request would reach the NW and get the immdediate Assignement with only one Channel Request. Following is a kind of worst case where the initial channel request fail to decoded by NW or UE fails to decode initial immediate assignements)

 

 

Note : T3126 starts when the last retransmission of 'Channel Request' and it stops when UE gets 'Immediate Assignement'. If UE does not get 'Immediate Assignement' until T3126 expires, UE starts cell reselection.

 

The exact functionality of a channel request is determined by the first 8 bits of its message and the description of the first byte is specified by the following table in 44.018.

 

 

< 44.018 - Table 9.1.8.1: CHANNEL REQUEST message content >

 

 

(3) RR  : Immediate Assignment

 

Immediate Assignement is the answering message to the initial "Channel Request" explained above. This is to say to MS "OK, I will accept your 'channel request' and here goes the radio resource you can use for the following steps".

 

One of the Channel Request example would be as follows. The most important thing you have to notice is that Immediate Assignment should play back the whole Channel Request message. All MS(UE) trying to connect a cell would receive the same 'Immediate Assignement', but if the 'Channel Request' portion contained in 'Immediate Assignement' does not match the Channel Request Bytes it sent, UE should discard the Immediate Assignement message since it is not for itself.

 

 

DLT: 147, Payload: gsm_a_ccch (GSM CCCH)

GSM CCCH - Immediate Assignment

    L2 Pseudo Length

        0010 11.. = L2 Pseudo Length value: 11

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    Message Type: Immediate Assignment

    Page Mode

        .... 0000 = Page Mode: Normal paging (0)

    Dedicated mode or TBF

        0000 .... = Dedicated mode or TBF: This message assigns a dedicated mode resource (0)

    Channel Description

        0100 0... = SDCCH/8 + SACCH/C8 or CBCH (SDCCH/8), Subchannel 0

        .... .100 = Timeslot: 4

        001. .... = Training Sequence: 1

        ...0 .... = Hopping channel: No

        .... 00.. = Spare

        Single channel : ARFCN 1

    Request Reference

        Random Access Information (RA): 6

        0011 1... = T1': 7

        .... .010 010. .... = T3: 18

        ...1 0110 = T2: 22

        [RFN: 10422]

    Timing Advance

        Timing advance value: 0

    Mobile Allocation

        Length: 0

    IA Rest Octets

        L... ....: First Discriminator Bit: Low

        .L.. ....: Second Discriminator Bit: Low

        ..L. ....: A compressed version of the INTER RAT HANDOVER INFO message : shall not be used

        Padding Bits: default padding

 

HEX : 2D 06 3F 00 44 20 01 06 3A 56 00 00 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B

 

 

(4) MM : Location Updating Request

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Location Updating Request

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    00.. .... = Sequence number: 0

    ..00 1000 = DTAP Mobility Management Message Type: Location Updating Request (0x08)

    Ciphering Key Sequence Number

        0... .... = Spare bit(s): 0

        .000 .... = Ciphering Key Sequence Number: 0

    Location Updating Type - IMSI attach

        .... 0... = Follow-On Request (FOR): No follow-on request pending

        .... .0.. = Spare bit(s): 0

        .... ..10 = Updating Type: IMSI attach

    Location Area Identification (LAI)

        Location Area Identification (LAI) - 001/01/0

            Mobile Country Code (MCC): Unknown (1)

            Mobile Network Code (MNC): Unknown (01)

            Location Area Code (LAC): 0x0000 (0)

    Mobile Station Classmark 1

        Mobile Station Classmark 1

            0... .... = Spare: 0

            .10. .... = Revision Level: Used by mobile stations supporting R99 or

                        later versions of the protocol (2)

            ...1 .... = ES IND: Controlled Early Classmark Sending option is implemented in the MS

            .... 0... = A5/1 algorithm supported: encryption algorithm A5/1 available

            .... .011 = RF Power Capability: class 4 (3)

    Mobile Identity - TMSI/P-TMSI (0x0000)

        Length: 5

        1111 .... = Unused: 0x0f

        .... 0... = Odd/even indication: Even number of identity digits

        .... .100 = Mobile Identity Type: TMSI/P-TMSI/M-TMSI (4)

        TMSI/P-TMSI: 0x00000000

 

HEX : 05 08 02 00 F1 10 00 00 53 05 F4 00 00 00 00

 

 

(5) MM : Authentication Request 

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Authentication Request

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    00.. .... = Sequence number: 0

    ..01 0010 = DTAP Mobility Management Message Type: Authentication Request (0x12)

    0000 .... = Spare bit(s): 0

    Ciphering Key Sequence Number

        .... 0... = Spare bit(s): 0

        .... .000 = Ciphering Key Sequence Number: 0

    Authentication Parameter RAND - UMTS challenge or GSM challenge

        RAND value: 32353339313337303132353339313337

    Authentication Parameter AUTN (UMTS and EPS authentication challenge)

        Element ID: 0x20

        Length: 16

        AUTN value: 0a75665147b900003224110a75665147

            SQN xor AK: 0a75665147b9

            AMF: 0000

            MAC: 3224110a75665147

 

HEX : 05 12 00 32 35 33 39 31 33 37 30 31 32 35 33 39 31 33 37 20 10 0A 75 66 51 47 B9 00 00

      32 24 11 0A 75 66 51 47

 

 

(6) MM : Authentication Response

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Authentication Response

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    01.. .... = Sequence number: 1

    ..01 0100 = DTAP Mobility Management Message Type: Authentication Response (0x14)

    Authentication Response Parameter

        SRES value: 3224110a

    Authentication Response Parameter (extension) (UMTS authentication challenge only)

        Element ID: 0x21

        Length: 12

        XRES value: 75665147b9ab9f88f5ecddc8

 

HEX : 05 54 32 24 11 0A 21 0C 75 66 51 47 B9 AB 9F 88 F5 EC DD C8  

 

 

(7) MM : Ciphering Mode Command

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Ciphering Mode Command

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP Radio Resources Management Message Type: Ciphering Mode Command (0x35)

    Cipher Mode Setting

        .... ...0 = SC: No ciphering (0)

    Cipher Mode Response

        ...0 .... = CR: IMEISV shall not be included (0)

 

HEX : 06 35 00

 

 

(8) MM : Ciphering Mode Complete

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Ciphering Mode Complete

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP Radio Resources Management Message Type: Ciphering Mode Complete (0x32)

 

HEX : 06 32

 

 

(9) MM : Identity Request (IMSI)

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Identity Request

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    00.. .... = Sequence number: 0

    ..01 1000 = DTAP Mobility Management Message Type: Identity Request (0x18)

    0000 .... = Spare bit(s): 0

    Identity Type

        .... 0... = Spare bit(s): 0

        .... .001 = Type of identity: IMSI

 

HEX : 05 18 01

 

 

(10) MM : Identity Response

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Identity Response

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    10.. .... = Sequence number: 2

    ..01 1001 = DTAP Mobility Management Message Type: Identity Response (0x19)

    Mobile Identity - IMSI (001010123456789)

        Length: 8

        0000 .... = Identity Digit 1: 0

        .... 1... = Odd/even indication: Odd number of identity digits

        .... .001 = Mobile Identity Type: IMSI (1)

        BCD Digits: 001010123456789

 

HEX : 05 99 08 09 10 10 10 32 54 76 98

 

 

(11) MM : Location Updating Accept

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Location Updating Accept

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    00.. .... = Sequence number: 0

    ..00 0010 = DTAP Mobility Management Message Type: Location Updating Accept (0x02)

    Location Area Identification (LAI)

        Location Area Identification (LAI) - 001/01/0

            Mobile Country Code (MCC): Unknown (1)

            Mobile Network Code (MNC): Unknown (01)

            Location Area Code (LAC): 0x0000 (0)

    Mobile Identity - TMSI/P-TMSI (0x0000)

        Element ID: 0x17

        Length: 5

        1111 .... = Unused: 0x0f

        .... 0... = Odd/even indication: Even number of identity digits

        .... .100 = Mobile Identity Type: TMSI/P-TMSI/M-TMSI (4)

        TMSI/P-TMSI: 0x00000000

 

HEX : 05 02 00 F1 10 00 00 17 05 F4 00 00 00 00

 

 

(12) MM : TMSI ReAllocation Complete

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - TMSI Reallocation Complete

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    11.. .... = Sequence number: 3

    ..01 1011 = DTAP Mobility Management Message Type: TMSI Reallocation Complete (0x1b)

 

HEX : 05 DB

 

 

(13) MM  : INFORMATION

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - MM Information

    Protocol Discriminator: Mobility Management messages

        .... 0101 = Protocol discriminator: Mobility Management messages (0x05)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    00.. .... = Sequence number: 0

    ..11 0010 = DTAP Mobility Management Message Type: MM Information (0x32)

    Network Name - Full Name

        Element ID: 0x43

        Length: 18

        1... .... = Extension: No Extension

        .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet,

                    language unspecified, defined in 3GPP TS 23.038

        .... 0... = Add CI: The MS should not add the letters for the Country's Initials to

                    the text string

        .... .011 = Number of spare bits in last octet: bits 6 to 8(inclusive) are spare and

                    set to '0' in octet n

        Text String: MD8475A_SmartStudio

    Network Name - Short Name

        Element ID: 0x45

        Length: 8

        1... .... = Extension: No Extension

        .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet,

                    language unspecified, defined in 3GPP TS 23.038

        .... 0... = Add CI: The MS should not add the letters for the Country's Initials

                    to the text string

        .... .000 = Number of spare bits in last octet: this field carries no information  

                    about the number of spare bits in octet n

        Text String: MD8475A@

    Time Zone and Time - Universal Time and Local Time Zone

        Element ID: 0x47

        Year 16, Month 05, Day 10

        Hour 18, Minutes 13, Seconds 41

        Timezone: GMT - 4 hours 0 minutes

    Daylight Saving Time

        Element ID: 0x49

        Length: 1

        0000 00.. = Spare bit(s): 0

        .... ..01 = +1 hour adjustment for Daylight Saving Time

 

HEX : 05 32 43 12 83 4D 22 8E 76 AB 05 23 D3 76 58 4E 9F D2 EB E4 F4 1B 45 08 80 4D 22 8E 76 AB

      05 01 47 61 50 01 81 31 14 69 49 01 01

 

 

(14) RR  : Channel Release

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Channel Release

    Protocol Discriminator: Radio Resources Management messages

        .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP Radio Resources Management Message Type: Channel Release (0x0d)

    RR Cause

        RR cause value: Normal event (0)

 

HEX : 06 0D 00

 

 

(15) RR  : Channel Request/Handover Access

 

 

(16) RR  : Immediate Assignment

 

 

(17) GPRS MM  : Attach Request

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Attach Request

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: Attach Request (0x01)

    MS Network Capability

        Length: 3

        1... .... = GEA/1: Encryption algorithm available

        .1.. .... = SM capabilities via dedicated channels: Mobile station supports mobile

                    terminated point to point SMS via dedicated signalling channels

        ..1. .... = SM capabilities via GPRS channels: Mobile station supports mobile terminated

                    point to point SMS via GPRS packet data channels

        ...0 .... = UCS2 support: Mobile station does not support mobile terminated point to point

                    SMS via GPRS packet data channels

        .... 01.. = SS Screening Indicator: capability of handling of ellipsis notation and

                    phase 2 error handling (0x01)

        .... ..0. = SoLSA Capability: The ME does not support SoLSA

        .... ...1 = Revision level indicator: Used by a mobile station supporting R99 or

                    later versions of the protocol

        1... .... = PFC feature mode: Mobile station does support BSS packet flow procedures

        .110 000. = Extended GEA bits: 0x30

            .1.. .... = GEA/2: Encryption algorithm available

            ..1. .... = GEA/3: Encryption algorithm available

            ...0 .... = GEA/4: Encryption algorithm not available

            .... 0... = GEA/5: Encryption algorithm not available

            .... .0.. = GEA/6: Encryption algorithm not available

            .... ..0. = GEA/7: Encryption algorithm not available

        .... ...0 = LCS VA capability: LCS value added location request notification capability

                    not supported

        0... .... = PS inter-RAT HO from GERAN to UTRAN Iu mode capability: PS inter-RAT HO

                    to UTRAN Iu mode not supported

        .0.. .... = PS inter-RAT HO from GERAN to E-UTRAN S1 mode capability: PS inter-RAT HO

                    to E-UTRAN S1 mode not supported

        ..1. .... = EMM Combined procedures capability: Mobile station supports

                    EMM combined procedures

        ...1 .... = ISR support: The mobile station supports ISR

        .... 0... = SRVCC to GERAN/UTRAN capability: SRVCC from UTRAN HSPA or E-UTRAN

                    to GERAN/UTRAN not supported

        .... .1.. = EPC capability: EPC supported

        .... ..0. = NF capability: Mobile station does not support the notification procedure

        .... ...0 = GERAN network sharing capability: Mobile station does not support

                    GERAN network sharing

    Attach Type

        0000 .... = Ciphering key sequence number: 0

        Attach Type

            .... 0... = Follow-on request pending: False

            .... .001 = Type of attach: GPRS attach (1)

    DRX Parameter

        DRX Parameter

            Split PG Cycle Code: Reserved, interpreted as 1 (10)

            0000 .... = CN Specific DRX cycle length coefficient: CN Specific DRX cycle length

                        coefficient / value not specified by the MS (0)

            .... 0... = SPLIT on CCCH: Split pg cycle on CCCH is not supported

                        by the mobile station

            .... .000 = Non-DRX timer: no non-DRX mode after transfer state (0)

    Mobile Identity - IMSI (001010123456789)

        Length: 8

        0000 .... = Identity Digit 1: 0

        .... 1... = Odd/even indication: Odd number of identity digits

        .... .001 = Mobile Identity Type: IMSI (1)

        BCD Digits: 001010123456789

    Routing Area Identification - Old routing area identification - RAI: 1-1-0-128

        Routing area identification: 1-1-0-128

            Mobile Country Code (MCC): Unknown (1)

            Mobile Network Code (MNC): Unknown (01)

            Location Area Code (LAC): 0x0000 (0)

            Routing Area Code (RAC): 0x80 (128)

    MS Radio Access Capability

        Length: 33

        MS RA capability 1

            0001 .... = Access Technology Type: GSM E --note that GSM E covers GSM P (1)

            .... 1011  100. .... = Length in bits: 0x5c (92)

            ...1 00.. RF Power Capability, GMSK Power Class: 2 W (33 dBm) (4)

            A5 Bits: A5 bits follow (1)

            A5/1: encryption algorithm available (1)

            A5/2: encryption algorithm not available (0)

            A5/3: encryption algorithm available (1)

            A5/4: encryption algorithm not available (0)

            A5/5: encryption algorithm not available (0)

            A5/6: encryption algorithm not available (0)

            A5/7: encryption algorithm not available (0)

            .... ..1. = Controlled early Classmark Sending: Implemented

            .... ...1 = Pseudo Synchronisation: Present

            0... .... = Voice Group Call Service: no VGCS capability or no notifications wanted

            .0.. .... = Voice Broadcast Service: no VBS capability or no notifications wanted

            ..1. .... = Multislot capability struct: Present

                HSCSD multislot class: Bits are not available (0)

                SMS/SM values: Bits are not available (0)

                ECSD multislot class: Bits are not available (0)

                DTM GPRS Multi Slot Class: Bits are not available (0)

            .... .011  00.. .... = GPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA:

                                   4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12)

            ..1. .... = GPRS Extended Dynamic Allocation Capability: Implemented

            .... ..01  100. .... = EGPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA:

                                   4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12)

            ...1 .... = EGPRS Extended Dynamic Allocation Capability: Implemented

            .... .1.. = 8PSK Power Capability Bits: Present

            8PSK Power Capability: Power class E2 (2)

            0... .... = COMPACT Interference Measurement Capability: Not Implemented

            .1.. .... = Revision Level Indicator: The ME is Release '99 onwards

            ..1. .... = UMTS FDD Radio Access Technology Capability: Supported

            ...0 .... = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported

            .... 0... = CDMA 2000 Radio Access Technology Capability: Not supported

            .... .0.. = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported

            .... ..1. = GERAN Feature Package 1: Supported

            Extended DTM (E)GPRS Multi Slot Class: Bits are not available (0)

            0... .... = Modulation based multislot class support: Not supported

            High Multislot Capability: Bits are not available (0)

            ..0. .... = GERAN Iu mode: Not supported

            GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 0 (0)

            8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 0 (0)

            .... ...0 = Multiple TBF Capability: Not supported

            01.. .... = Downlink Advanced Receiver Performance: Downlink Advanced Receiver

                        Performance - phase I supported (1)

            ..0. .... = Extended RLC/MAC Control Message Segmentation Capability: Not supported

            ...0 .... = DTM Enhancements Capability: The mobile station does not support

                        enhanced DTM CS establishment and enhanced DTM CS release procedures

            .... .0.. = PS Handover Capability: Not supported

            .... ..0. = DTM Handover Capability: Not supported

            0... .... = Flexible Timeslot Assignment: Not supported

            .0.. .... = GAN PS Handover Capability: Not supported

            ..0. .... = RLC Non-persistent Mode: Not supported

            ...0 .... = Reduced Latency Capability: Not supported

            .... 00.. = Uplink EGPRS2: The mobile station does not support either EGPRS2-A or

                        EGPRS2-B in the uplink (0)

            .... ..00 = Downlink EGPRS2: The mobile station does not support either EGPRS2-A or

                        EGPRS2-B in the downlink (0)

            1... .... = E-UTRA FDD support: Supported

            .0.. .... = E-UTRA TDD support: Not supported

            ..01 .... = GERAN to E-UTRA support in GERAN packet transfer mode: E-UTRAN Neighbour

                        Cell measurements and MS autonomous cell reselection to

                        E-UTRAN supported (1)

            .... 1... = Priority-based reselection support: Supported

            .... ..0. = Indication of Upper Layer PDU Start Capability for RLC UM: Not supported

            .... ...0 = Enhanced Multiplexing for Single TBF Capability: Not supported

            0... .... = Multiple TTI Capability: Not supported

            .0.. .... = Reporting of UTRAN CSG cells in packet transfer mode: Not supported

            ..0. .... = Reporting of E-UTRAN CSG cells in packet transfer mode: Not supported

            ...0 .... = Dynamic Timeslot Reduction Capability: Not supported

            .... 0... = Enhanced Multiplexing for Single RLC Entity Capability: Not supported

            .... .0.. = Fast Downlink Frequency Switching Capability: Not supported

            .... ..00 = TIGHTER Capability: TIGHTER not supported (0)

            0... .... = Fast Ack/Nack Reporting Capability: Not supported

            .0.. .... = Immediate Packet Assignment Capability: Not supported

        MS RA capability 2

            ...0 001. = Access Technology Type: GSM E --note that GSM E covers GSM P (1)

            .... ...1  0111 10.. = Length in bits: 0x5e (94)

            .... ..00  0... .... RF Power Capability, GMSK Power Class: Not specified (0)

            A5 Bits: Same values apply for parameters as in the immediately preceding Access

                       capabilities field within this IE (0)

            ..1. .... = Controlled early Classmark Sending: Implemented

            ...1 .... = Pseudo Synchronisation: Present

            .... 0... = Voice Group Call Service: no VGCS capability or no notifications wanted

            .... .0.. = Voice Broadcast Service: no VBS capability or no notifications wanted

            .... ..0. = Multislot capability struct: Not Present

            .... ...1 = 8PSK Power Capability Bits: Present

            8PSK Power Capability: Power class E2 (2)

            ..0. .... = COMPACT Interference Measurement Capability: Not Implemented

            ...0 .... = Revision Level Indicator: The ME is Release '98 or older

            .... 1... = UMTS FDD Radio Access Technology Capability: Supported

            .... .1.. = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Supported

            .... ..0. = CDMA 2000 Radio Access Technology Capability: Not supported

            .... ...0 = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported

            1... .... = GERAN Feature Package 1: Supported

            Extended DTM (E)GPRS Multi Slot Class: Bits are not available (0)

            ..0. .... = Modulation based multislot class support: Not supported

            High Multislot Capability: Bits are not available (0)

            .... 0... = GERAN Iu mode: Not supported

            GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 0 (0)

            8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 0 (0)

            .0.. .... = Multiple TBF Capability: Not supported

            ..00 .... = Downlink Advanced Receiver Performance: Downlink Advanced Receiver

                        Performance not supported (0)

            .... 0... = Extended RLC/MAC Control Message Segmentation Capability: Not supported

            .... .0.. = DTM Enhancements Capability: The mobile station does not support enhanced

                        DTM CS establishment and enhanced DTM CS release procedures

            .... ...0 = PS Handover Capability: Not supported

            1... .... = DTM Handover Capability: Supported

            ..0. .... = Flexible Timeslot Assignment: Not supported

            ...0 .... = GAN PS Handover Capability: Not supported

            .... 0... = RLC Non-persistent Mode: Not supported

            .... .0.. = Reduced Latency Capability: Not supported

            .... ..00 = Uplink EGPRS2: The mobile station does not support either EGPRS2-A or

                        EGPRS2-B in the uplink (0)

            00.. .... = Downlink EGPRS2: The mobile station does not support either EGPRS2-A or

                        EGPRS2-B in the downlink (0)

            ..0. .... = E-UTRA FDD support: Not supported

            ...0 .... = E-UTRA TDD support: Not supported

            .... 00.. = GERAN to E-UTRA support in GERAN packet transfer mode: None (0)

            .... ..0. = Priority-based reselection support: Not supported

            0... .... = Indication of Upper Layer PDU Start Capability for RLC UM: Not supported

            .0.. .... = Enhanced Multiplexing for Single TBF Capability: Not supported

            ..1. .... = Multiple TTI Capability: Supported

            ...1 .... = Reporting of UTRAN CSG cells in packet transfer mode: Supported

            .... 0... = Reporting of E-UTRAN CSG cells in packet transfer mode: Not supported

            .... .0.. = Dynamic Timeslot Reduction Capability: Not supported

            .... ..0. = Enhanced Multiplexing for Single RLC Entity Capability: Not supported

            .... ...0 = Fast Downlink Frequency Switching Capability: Not supported

            00.. .... = TIGHTER Capability: TIGHTER not supported (0)

            ..0. .... = Fast Ack/Nack Reporting Capability: Not supported

            ...0 .... = Immediate Packet Assignment Capability: Not supported

        MS RA capability 3

            .... .000  0... .... = Access Technology Type: GSM P (0)

            .000 0110 = Length in bits: 0x06 (6)

            011. .... RF Power Capability, GMSK Power Class: 4 W (36 dBm) (3)

            A5 Bits: Same values apply for parameters as in the immediately preceding Access

                        capabilities field within this IE (0)

            .... 0... = Controlled early Classmark Sending: Not Implemented

            .... .0.. = Pseudo Synchronisation: Not Present

            .... ..0. = Voice Group Call Service: no VGCS capability or no notifications wanted

            .... ...0 = Voice Broadcast Service: no VBS capability or no notifications wanted

            1... .... = Multislot capability struct: Present

            .1.. .... = 8PSK Power Capability Bits: Present

            8PSK Power Capability: Power class E2 (2)

            .... 1... = COMPACT Interference Measurement Capability: Implemented

            .... .0.. = Revision Level Indicator: The ME is Release '98 or older

            .... ..1. = UMTS FDD Radio Access Technology Capability: Supported

            .... ...1 = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Supported

            0... .... = CDMA 2000 Radio Access Technology Capability: Not supported

            .0.. .... = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported

            ..0. .... = GERAN Feature Package 1: Not supported

            Extended DTM (E)GPRS Multi Slot Class: Bits are not available (0)

            .... 1... = Modulation based multislot class support: Supported

            High Multislot Capability: Bits are not available (0)

            .... ..0. = GERAN Iu mode: Not supported

            GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 0 (0)

            8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 0 (0)

            ...0 .... = Multiple TBF Capability: Not supported

            .... 10.. = Downlink Advanced Receiver Performance: Downlink Advanced Receiver

                        Performance - phase II supported (2)

            .... ..0. = Extended RLC/MAC Control Message Segmentation Capability: Not supported

            .... ...0 = DTM Enhancements Capability: The mobile station does not support enhanced

                        DTM CS establishment and enhanced DTM CS release procedures

            .0.. .... = PS Handover Capability: Not supported

            ..0. .... = DTM Handover Capability: Not supported

            .... 0... = Flexible Timeslot Assignment: Not supported

            .... .0.. = GAN PS Handover Capability: Not supported

            .... ..0. = RLC Non-persistent Mode: Not supported

            .... ...1 = Reduced Latency Capability: Supported

            00.. .... = Uplink EGPRS2: The mobile station does not support either EGPRS2-A or

                        EGPRS2-B in the uplink (0)

            ..00 .... = Downlink EGPRS2: The mobile station does not support either EGPRS2-A or

                        EGPRS2-B in the downlink (0)

            .... 0... = E-UTRA FDD support: Not supported

            .... .0.. = E-UTRA TDD support: Not supported

            .... ..00 = GERAN to E-UTRA support in GERAN packet transfer mode: None (0)

            0... .... = Priority-based reselection support: Not supported

            ..0. .... = Indication of Upper Layer PDU Start Capability for RLC UM: Not supported

            ...0 .... = Enhanced Multiplexing for Single TBF Capability: Not supported

            .... 0... = Multiple TTI Capability: Not supported

            .... .0.. = Reporting of UTRAN CSG cells in packet transfer mode: Not supported

            .... ..1. = Reporting of E-UTRAN CSG cells in packet transfer mode: Supported

            .... ...0 = Dynamic Timeslot Reduction Capability: Not supported

            0... .... = Enhanced Multiplexing for Single RLC Entity Capability: Not supported

            .1.. .... = Fast Downlink Frequency Switching Capability: Supported

            ..10 .... = TIGHTER Capability: TIGHTER supported for speech and signalling channels

                        and for GPRS and EGPRS, but not for EGPRS2 (2)

            .... 0... = Fast Ack/Nack Reporting Capability: Not supported

            .... .0.. = Immediate Packet Assignment Capability: Not supported

    GPRS Timer - Ready Timer

        Element ID: 0x17

        GPRS Timer: 44 sec

            000. .... = Unit: value is incremented in multiples of 2 seconds (0)

            ...1 0110 = Timer value: 22

    UE network capability

        Element ID: 0x58

        Length: 5

        1... .... = EEA0: Supported

        .1.. .... = 128-EEA1: Supported

        ..1. .... = 128-EEA2: Supported

        ...1 .... = 128-EEA3: Supported

        .... 0... = EEA4: Not Supported

        .... .0.. = EEA5: Not Supported

        .... ..0. = EEA6: Not Supported

        .... ...0 = EEA7: Not Supported

        0... .... = EIA0: Not Supported

        .1.. .... = 128-EIA1: Supported

        ..1. .... = 128-EIA2: Supported

        ...1 .... = 128-EIA3: Supported

        .... 0... = EIA4: Not Supported

        .... .0.. = EIA5: Not Supported

        .... ..0. = EIA6: Not Supported

        .... ...0 = EIA7: Not Supported

        1... .... = UEA0: Supported

        .1.. .... = UEA1: Supported

        ..0. .... = UEA2: Not Supported

        ...0 .... = UEA3: Not Supported

        .... 0... = UEA4: Not Supported

        .... .0.. = UEA5: Not Supported

        .... ..0. = UEA6: Not Supported

        .... ...0 = UEA7: Not Supported

        0... .... = UCS2 support (UCS2): The UE has a preference for the default alphabet

        .1.. .... = UMTS integrity algorithm UIA1: Supported

        ..0. .... = UMTS integrity algorithm UIA2: Not Supported

        ...0 .... = UMTS integrity algorithm UIA3: Not Supported

        .... 0... = UMTS integrity algorithm UIA4: Not Supported

        .... .0.. = UMTS integrity algorithm UIA5: Not Supported

        .... ..0. = UMTS integrity algorithm UIA6: Not Supported

        .... ...0 = UMTS integrity algorithm UIA7: Not Supported

        00.. .... = Spare bit(s): 0x00

        ..0. .... = H.245-ASH capability: H.245 after SRVCC handover capability not supported

        ...1 .... = ACC-CSFB capability: eNodeB-based access class control for CSFB supported

        .... 0... = LPP capability: LTE Positioning Protocol not supported

        .... .0.. = LCS capability: Location services notification mechanisms not supported

        .... ..0. = 1xSRVCC capability: SRVCC from E-UTRAN to cdma2000 1x CS not supported

        .... ...0 = NF capability: Notification procedure not supported

    Voice domain preference and UE's usage setting

        Element ID: 0x5d

        Length: 1

        0000 0... = Spare bit(s): 0

        .... .0.. = UE's usage setting: Voice centric

        .... ..11 = Voice domain preference for E-UTRAN: IMS PS voice preferred,

                    CS Voice as secondary (3)

 

HEX : 08 01 03 E5 E0 34 01 0A 00 08 09 10 10 10 32 54 76 98 00 F1 10 00 00 80 21 1B 93 43 2B

      25 96 62 00 40 00 98 00 03 78 71 8C C4 00 80 01 30 00 06 70 CB 19 88 01 00 02 60 00 08

      17 16 58 05 F0 70 C0 40 10 5D 01 03

 

 

(18) GPRS MM  :  Authentication and Ciphering Request

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Authentication and Ciphering Req

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: Authentication and Ciphering Req (0x12)

    IMEISV Request

        0... .... = Spare bit(s): 0

        .000 .... = IMEISV request: IMEISV not requested (0)

    Cipher Algorithm

        .... 0... = Spare bit(s): 0

        .... .000 = Type of ciphering algorithm: ciphering not used (0)

    A&C Reference Number

        0001 .... = A&C reference number: 1

    Force to Standby

        .... 0... = Spare bit(s): 0

        .... .000 = Force to standby: Force to standby not indicated (0)

    Authentication Parameter RAND

        Element ID: 0x21

        RAND value: 32353339313739393132353339313739

    Ciphering key sequence number: 0x00 (0)

    Authentication Parameter AUTN (UMTS and EPS authentication challenge)

        Element ID: 0x28

        Length: 16

        AUTN value: 0a75625f4eb900003224110a75625f4e

            SQN xor AK: 0a75625f4eb9

            AMF: 0000

            MAC: 3224110a75625f4e

 

HEX : 08 12 00 10 21 32 35 33 39 31 37 39 39 31 32 35 33 39 31 37 39 80 28 10 0A 75 62 5F 4E

      B9 00 00 32 24 11 0A 75 62 5F 4E

 

 

(19) GPRS MM  :  Authentication and Ciphering Response

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Authentication and Ciphering Resp

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: Authentication and Ciphering Resp (0x13)

    Spare Half Octet

        0000 .... = Spare Nibble: 0 (0x00)

    A&C Reference Number

        .... 0001 = A&C reference number: 1

    Authentication Response Parameter

        Element ID: 0x22

        SRES value: 3224110a

    Authentication Response Parameter (extension) (UMTS authentication challenge only)

        Element ID: 0x29

        Length: 12

        XRES value: 75625f4eb9ab9f88f5ecd9c6

 

HEX : 08 13 01 22 32 24 11 0A 29 0C 75 62 5F 4E B9 AB 9F 88 F5 EC D9 C6

 

 

(20) GPRS MM  :  Indentity Request

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Identity Request

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: Identity Request (0x15)

    Force to Standby

        0... .... = Spare bit(s): 0

        .000 .... = Force to standby: Force to standby not indicated (0)

    Identity Type 2

        .... 0... = Spare bit(s): 0

        .... .001 = Type of identity: IMSI (1)

 

HEX : 08 15 01

 

 

(21) GPRS MM  :  Indentity Response

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Identity Response

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: Identity Response (0x16)

    Mobile Identity - IMSI (001010123456789)

        Length: 8

        0000 .... = Identity Digit 1: 0

        .... 1... = Odd/even indication: Odd number of identity digits

        .... .001 = Mobile Identity Type: IMSI (1)

        BCD Digits: 001010123456789

 

HEX : 08 16 08 09 10 10 10 32 54 76 98  

 

 

(22) GPRS MM  :  Attach Accept

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Attach Accept

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: Attach Accept (0x02)

    Force to Standby

        0... .... = Spare bit(s): 0

        .000 .... = Force to standby: Force to standby not indicated (0)

    Attach Result

        .... 0... = Follow-on proceed: False

        .... .001 = Result of attach: GPRS only attached (1)

    GPRS Timer

        GPRS Timer: timer is deactivated

            111. .... = Unit: value indicates that the timer is deactivated (7)

            ...0 0000 = Timer value: 0

    Radio Priority 2 - Radio priority for TOM8

        Radio Priority (TOM8): priority level 4 (lowest) (0)

    Radio Priority - Radio priority for SMS

        Radio Priority (PDP or SMS): priority level 1 (highest) (1)

    Routing Area Identification - RAI: 1-1-0-128

        Routing area identification: 1-1-0-128

            Mobile Country Code (MCC): Unknown (1)

            Mobile Network Code (MNC): Unknown (01)

            Location Area Code (LAC): 0x0000 (0)

            Routing Area Code (RAC): 0x80 (128)

    GPRS Timer - Negotiated Ready Timer

        Element ID: 0x17

        GPRS Timer: timer is deactivated

            111. .... = Unit: value indicates that the timer is deactivated (7)

            ...0 0000 = Timer value: 0

    Mobile Identity - Allocated P-TMSI - TMSI/P-TMSI (0x0080)

        Element ID: 0x18

        Length: 5

        1111 .... = Unused: 0x0f

        .... 0... = Odd/even indication: Even number of identity digits

        .... .100 = Mobile Identity Type: TMSI/P-TMSI/M-TMSI (4)

        TMSI/P-TMSI: 0x00000080

    GPRS Timer 2 - T3302 value

        Element ID: 0x2a

        Length: 1

        GPRS Timer: timer is deactivated

            111. .... = Unit: value indicates that the timer is deactivated (7)

            ...0 0000 = Timer value: 0

 

HEX : 08 02 01 E0 01 00 F1 10 00 00 80 17 E0 18 05 F4 00 00 00 80 2A 01 E0  

 

 

(23) GPRS MM  :  Attach Complete

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Attach Complete

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: Attach Complete (0x03)

 

HEX : 08 03

 

 

(24) GPRS MM: GMM  INFORMATION

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - GMM Information

    Protocol Discriminator: GPRS mobility management messages

        .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08)

        0000 .... = Skip Indicator: No indication of selected PLMN (0)

    DTAP GPRS Mobility Management Message Type: GMM Information (0x21)

    Network Name - Full Name

        Element ID: 0x43

        Length: 18

        1... .... = Extension: No Extension

        .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet,

                    language unspecified, defined in 3GPP TS 23.038

        .... 0... = Add CI: The MS should not add the letters for the Country's Initials

                    to the text string

        .... .011 = Number of spare bits in last octet: bits 6 to 8(inclusive) are spare and

                    set to '0' in octet n

        Text String: Test_Network

    Network Name - Short Name

        Element ID: 0x45

        Length: 8

        1... .... = Extension: No Extension

        .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet,

                    language unspecified, defined in 3GPP TS 23.038

        .... 0... = Add CI: The MS should not add the letters for the Country's Initials

                    to the text string

        .... .000 = Number of spare bits in last octet: this field carries no information

                    about the number of spare bits in octet n

        Text String: MD8475A@

    Time Zone and Time

        Element ID: 0x47

        Year 16, Month 05, Day 10

        Hour 18, Minutes 13, Seconds 49

        Timezone: GMT - 4 hours 0 minutes

    Daylight Saving Time

        Element ID: 0x49

        Length: 1

        0000 00.. = Spare bit(s): 0

        .... ..01 = +1 hour adjustment for Daylight Saving Time

 

HEX : 08 21 43 12 83 4D 22 8E 76 AB 05 23 D3 76 58 4E 9F D2 EB E4 F4 1B 45 08 80 4D 22 8E 76

      AB 05 01 47 61 50 01 81 31 94 69 49 01 01

 

 

(25) SM: Activate PDP Context Request

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Activate PDP Context Request

    Protocol Discriminator: GPRS session management messages

        .... 1010 = Protocol discriminator: GPRS session management messages (0x0a)

        0... .... = TI flag: allocated by sender

        .000 .... = TIO: 0

    01.. .... = Sequence number: 1

    DTAP GPRS Session Management Message Type: Activate PDP Context Request (0x41)

    Network Service Access Point Identifier - Requested NSAPI

        NSAPI: 0x05 (5)

    LLC Service Access Point Identifier - Requested LLC SAPI

        0000 .... = Spare bit(s): 0

        .... 0011 = LLC SAPI: SAPI 3 (3)

    Quality Of Service - Requested QoS

        Length: 14

        00.. .... = Spare bit(s): 0

        ..00 0... = Quality of Service Delay class: Subscribed delay class

                    (in MS to network direction) (0)

        .... .000 = Reliability class: Subscribed reliability class (in MS to network direction)

        0000 .... = Peak throughput: Subscribed peak throughput/reserved (0)

        .... 0... = Spare bit(s): 0

        .... .000 = Precedence class: Subscribed precedence/reserved (0)

        000. .... = Spare bit(s): 0

        ...0 0000 = Mean throughput: Subscribed peak throughput/reserved (0)

        000. .... = Traffic class: Subscribed traffic class/Reserved (0)

        ...0 0... = Delivery order: Subscribed delivery order/Reserved (0)

        .... .000 = Delivery of erroneous SDUs: Subscribed delivery of erroneous SDUs/Reserved

        Maximum SDU size: Subscribed maximum SDU size/reserved (0)

        Maximum bitrate for uplink: Subscribed maximum bit rate for uplink/reserved (0)

        Maximum bitrate for downlink: Subscribed maximum bit rate for downlink/reserved (0)

        0000 .... = Residual Bit Error Rate (BER): Subscribed residual BER/Reserved (0)

        .... 0000 = SDU error ratio: Subscribed SDU error ratio/Reserved (0)

        0000 00.. = Transfer delay: Subscribed transfer delay/reserved (0)

        .... ..00 = Traffic handling priority: Subscribed traffic handling priority/Reserved (0)

        Guaranteed bitrate for uplink: Subscribed guaranteed bit rate for uplink/reserved (0)

        Guaranteed bitrate for downlink: Subscribed guaranteed bit rate for downlink/reserved (0)

        000. .... = Spare bit(s): 0

        ...0 .... = Signalling indication: Not optimised for signalling traffic

        .... 0000 = Source statistics description: unknown (0)

        Maximum bitrate for downlink (extended): Use the value indicated

                    by the Maximum bit rate for downlink (0)

        Guaranteed bitrate for downlink (extended): Use the value indicated

                    by the Guaranteed bit rate for downlink (0)

    Packet Data Protocol Address - Requested PDP address

        Length: 2

        0000 .... = Spare bit(s): 0

        .... 0001 = PDP type organization: IETF allocated address (1)

        PDP type number: IPv4 address (33)

        Dynamic addressing

    Access Point Name

        Element ID: 0x28

        Length: 4

        APN: apn

    Protocol Configuration Options

        Element ID: 0x27

        Length: 29

        [Link direction: MS to network (0)]

        1... .... = Extension: True

        Configuration Protocol: PPP for use with IP PDP type or IP PDN type (0)

        Protocol or Container ID: Internet Protocol Control Protocol (0x8021)

            Length: 0x10 (16)

            PPP IP Control Protocol

                Code: Configuration Request (1)

                Identifier: 0 (0x00)

                Length: 16

                Options: (12 bytes), Primary DNS Server IP Address, Secondary DNS Server IP Address

                    Primary DNS Server IP Address: 0.0.0.0

                        Type: Primary DNS Server IP Address (129)

                        Length: 6

                        Primary DNS Address: 0.0.0.0 (0.0.0.0)

                    Secondary DNS Server IP Address: 0.0.0.0

                        Type: Secondary DNS Server IP Address (131)

                        Length: 6

                        Secondary DNS Address: 0.0.0.0 (0.0.0.0)

        Protocol or Container ID: DNS Server IPv4 Address Request (0x000d)

            Length: 0x00 (0)

        Protocol or Container ID: IP address allocation via NAS signalling (0x000a)

            Length: 0x00 (0)

        Protocol or Container ID: MS Support of Network Requested Bearer Control indicator (0x0005)

            Length: 0x00 (0)

 

HEX :  0A 41 05 03 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 21 28 04 03 61 70 6E 27

       1D 80 80 21 10 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 00 0D 00 00 0A 00 00 05 00

 

 

(26) SM: Activate PDP Context Accept

 

DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP)

GSM A-I/F DTAP - Activate PDP Context Accept

    Protocol Discriminator: GPRS session management messages

        .... 1010 = Protocol discriminator: GPRS session management messages (0x0a)

        1... .... = TI flag: allocated by receiver

        .000 .... = TIO: 0

    01.. .... = Sequence number: 1

    DTAP GPRS Session Management Message Type: Activate PDP Context Accept (0x42)

    LLC Service Access Point Identifier - Negotiated LLC SAPI

        0000 .... = Spare bit(s): 0

        .... 0011 = LLC SAPI: SAPI 3 (3)

    Quality Of Service - Negotiated QoS

        Length: 11

        00.. .... = Spare bit(s): 0

        ..10 0... = Quality of Service Delay class: Delay class 4 (best effort) (4)

        .... .011 = Reliability class: Unacknowledged GTP/LLC, Ack RLC, Protected data (3)

        1001 .... = Peak throughput: Up to 256 000 octet/s (9)

        .... 0... = Spare bit(s): 0

        .... .010 = Precedence class: Normal priority (2)

        000. .... = Spare bit(s): 0

        ...0 1010 = Mean throughput: 100 000 octet/h (10)

        100. .... = Traffic class: Background class (4)

        ...1 0... = Delivery order: Without delivery order ('no') (2)

        .... .011 = Delivery of erroneous SDUs: Erroneous SDUs are not delivered('No') (3)

        Maximum SDU size: 1500 octets (150)

        Maximum bitrate for uplink: 64 kbps (64)

        Maximum bitrate for downlink: 384 kbps (104)

        0111 .... = Residual Bit Error Rate (BER): 1*10-5 (7)

        .... 0100 = SDU error ratio: 1*10-4 (4)

        0000 00.. = Transfer delay: Subscribed transfer delay/reserved (0)

        .... ..00 = Traffic handling priority: Subscribed traffic handling priority/Reserved (0)

        Guaranteed bitrate for uplink: 64 kbps (64)

        Guaranteed bitrate for downlink: 568 kbps (127)

    Radio Priority

        Radio Priority (PDP or SMS): priority level 1 (highest) (1)

    Packet Data Protocol Address - PDP address

        Element ID: 0x2b

        Length: 6

        0000 .... = Spare bit(s): 0

        .... 0001 = PDP type organization: IETF allocated address (1)

        PDP type number: IPv4 address (33)

        IPv4 address: 192.168.1.11 (192.168.1.11)

    Protocol Configuration Options

        Element ID: 0x27

        Length: 27

        [Link direction: Network to MS (1)]

        1... .... = Extension: True

        Configuration Protocol: PPP for use with IP PDP type or IP PDN type (0)

        Protocol or Container ID: Internet Protocol Control Protocol (0x8021)

            Length: 0x10 (16)

            PPP IP Control Protocol

                Code: Configuration Nak (3)

                Identifier: 0 (0x00)

                Length: 16

                Options: (12 bytes), Primary DNS Server IP Address, Secondary DNS Server IP Address

                    Primary DNS Server IP Address: 192.168.1.2

                        Type: Primary DNS Server IP Address (129)

                        Length: 6

                        Primary DNS Address: 192.168.1.2 (192.168.1.2)

                    Secondary DNS Server IP Address: 192.168.1.2

                        Type: Secondary DNS Server IP Address (131)

                        Length: 6

                        Secondary DNS Address: 192.168.1.2 (192.168.1.2)

        Protocol or Container ID: DNS Server IPv4 Address (0x000d)

            Length: 0x04 (4)

            IPv4: 192.168.1.2

 

HEX : 8A 42 03 0B 23 92 0A 93 96 40 68 74 00 40 7F 01 2B 06 01 21 C0 A8 01 0B 27 1B 80 80 21

      10 03 00 00 10 81 06 C0 A8 01 02 83 06 C0 A8 01 02 00 0D 04 C0 A8 01 02