|
2G/GSM |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Packet Call
(1) RR : System Information Type
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 1 L2 Pseudo Length 0101 01.. = L2 Pseudo Length value: 21 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 1 Cell Channel Description 00.. 000. = Format Identifier: bit map 0 (0x00) List of ARFCNs = RACH Control Parameters 00.. .... = Max retrans: Maximum 1 retransmission (0) ..00 00.. = Tx-integer: 3 slots used to spread transmission (0) .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0) .... ...1 = RE: True 0000 0000 0000 0000 = ACC: 0x0000 SI 1 Rest Octets L... ....: NCH position: Not present .L.. ....: Band Indicator: 1800 Padding Bits: default padding HEX : 55 06 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 2B
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 2 L2 Pseudo Length 0101 10.. = L2 Pseudo Length value: 22 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 2 Neighbour Cell Description - BCCH Frequency List ..0. .... = EXT-IND: The information element carries the complete BA (0) ...0 .... = BA-IND: 0 00.. 000. = Format Identifier: bit map 0 (0x00) List of ARFCNs = NCC Permitted 1111 1111 = NCC Permitted: 0xff RACH Control Parameters 00.. .... = Max retrans: Maximum 1 retransmission (0) ..00 00.. = Tx-integer: 3 slots used to spread transmission (0) .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0) .... ...1 = RE: True 0000 0000 0000 0000 = ACC: 0x0000
HEX : 59 06 1A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 01 00 00
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 3 L2 Pseudo Length 0100 10.. = L2 Pseudo Length value: 18 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 3 Cell Identity - CI (0) Cell CI: 0x0000 (0) Location Area Identification (LAI) Location Area Identification (LAI) - 001/01/0 Mobile Country Code (MCC): Unknown (1) Mobile Network Code (MNC): Unknown (01) Location Area Code (LAC): 0x0000 (0) Control Channel Description 1... .... = MSCR: MSC is Release '99 onwards (1) .1.. .... = ATT: MSs in the cell shall apply IMSI attach and detach procedure (1) ..00 1... = BS_AG_BLKS_RES: 1 .... .000 = CCCH-CONF: 1 basic physical channel used for CCCH, not combined with SDCCHs(0) .00. .... = CBQ3: Iu mode not supported (0) .... .101 = BS-PA-MFRMS: 5 T3212: 0 Cell Options (BCCH) .1.. .... = PWRC: True ..10 .... = DTX (BCCH): The MSs shall not use uplink discontinuous transmission (2) .... 0011 = Radio Link Timeout: 16 (3) Cell Selection Parameters 001. .... = Cell Reselection Hysteresis: 1 ...0 1000 = MS TXPWR MAX CCH: 8 0... .... = ACS: False .0.. .... = NECI: 0 ..10 1001 = RXLEV-ACCESS-MIN: -70 <= x < -69 dBm (41) RACH Control Parameters 00.. .... = Max retrans: Maximum 1 retransmission (0) ..00 00.. = Tx-integer: 3 slots used to spread transmission (0) .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0) .... ...1 = RE: True 0000 0000 0000 0000 = ACC: 0x0000 SI 3 Rest Octets L... ....: Selection Parameters: Not present .L.. ....: Optional Power Offset: Not present ..L. ....: SYSTEM INFORMATION TYPE 2ter: Not Available ...L ....: Early Classmark Sending: Is forbidden .... L...: Scheduling if and where: Not present .... .H..: GPRS Indicator: Present GPRS Indicator .... ..00 1... .... = GPRS RA Colour: 1 .0.. .... = SI13 Position: SYSTEM INFORMATION TYPE 13 message is sent on BCCH Norm(0) ..L. ....: 3G Early Classmark Sending Restriction: Neither UTRAN, CDMA2000 nor GERAN IU MODE CLASSMARK CHANGE message shall be sent with the Early classmark sending ...H ....: SI2quater Indicator: Present .... 0... = SI2quater Position: SYSTEM INFORMATION TYPE 2 quater message is sent on BCCH Norm Padding Bits: Unknown extension detected or malformed PDU (Not decoded)
HEX : 49 06 1B 00 00 00 F1 10 00 00 C8 03 00 63 28 29 01 00 00 2C B7 2B 2B
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 4 L2 Pseudo Length 0011 00.. = L2 Pseudo Length value: 12 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 4 Location Area Identification (LAI) Location Area Identification (LAI) - 001/01/0 Mobile Country Code (MCC): Unknown (1) Mobile Network Code (MNC): Unknown (01) Location Area Code (LAC): 0x0000 (0) Cell Selection Parameters 001. .... = Cell Reselection Hysteresis: 1 ...0 1000 = MS TXPWR MAX CCH: 8 0... .... = ACS: False .1.. .... = NECI: 1 ..10 1001 = RXLEV-ACCESS-MIN: -70 <= x < -69 dBm (41) RACH Control Parameters 00.. .... = Max retrans: Maximum 1 retransmission (0) ..00 00.. = Tx-integer: 3 slots used to spread transmission (0) .... ..0. = CELL_BARR_ACCESS: The cell is not barred (0) .... ...1 = RE: True 0000 0000 0000 0000 = ACC: 0x0000 SI 4 Rest Octets SI4 Rest Octets_O L... ....: Selection Parameters: Not present .L.. ....: Optional Power Offset: Not present ..H. ....: GPRS Indicator: Present GPRS Indicator ...0 01.. = GPRS RA Colour: 1 .... ..0. = SI13 Position: SYSTEM INFORMATION TYPE 13 message is sent on BCCH Norm (0) .... ...L: SI4 Rest Octets_S: Not present L... ....: Break Indicator: Additional parameters "SI4 Rest Octets_S" are not sent in SYSTEM INFORMATION TYPE 7 and 8 Padding Bits: default padding
HEX : 31 06 1C 00 F1 10 00 00 28 69 01 00 00 05 2B 2B 2B 2B 2B 2B 2B 2B 2B
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 2quater L2 Pseudo Length 0101 00.. = L2 Pseudo Length value: 20 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 2quater SI 2quater Rest Octets 0... .... = BA-IND: 0 .0.. .... = 3G BA-IND: 0 ..0. .... = Measurement Parameter Change Mark: 0 ...0 000. = SI2quater Index: 0 .... ...0 000. .... = SI2quater Count: 0 ...0 ....: Measurement Parameters Description: Not Present .... 0...: GPRS Real Time Difference Description: Not Present .... .0..: GPRS BSIC Description: Not Present .... ..0.: GPRS Report Priority Description: Not Present .... ...0: GPRS Measurement Parameters Description: Not Present 1... ....: NC Measurement Parameters: Present NC Measurement Parameters .00. .... = Network Control Order: NC0 (0) .... 000. = NC Non DRX Period: No non-DRX mode after a measurement report has been sent (0) .... ...0 10.. .... = NC Reporting Period I: 1.92 s (2) ..01 0... = NC Reporting Period T: 1.92 s (2) ...1 ....: NC Periods: Present .... .0..: SI 2quater Extension Information: Not Present .... ..1.: 3G Neighbour Cell Description: Present 3G Neighbour Cell Description .... ...0: Index Start 3G: Not Present 0... ....: Absolute Index Start EMR: Not Present .1.. ....: UTRAN FDD Description: Present UTRAN FDD Description ..0. ....: Bandwidth FDD: Not Present ...1 ....: Repeated UMTS FDD Neighbour Cells: Present .... 0...: Bit reserved for earlier version of protocol: Current version .... .100 1100 1001 000. .... = FDD UARFCN: 9800 ...0 ....: the FDD_CELL_INFORMATION parameter value '0000000000' : is not a member of the set Nr of FDD Cells : 1 UTRAN FDD Description Field is 10 bits long Scrambling Code: 9 Diversity: 0 ...0 ....: Repeated UMTS FDD Neighbour Cells: Not Present .... 0...: UTRAN TDD Description: Not Present .... .1..: 3G Measurement Parameters Description: Present 3G Measurement Parameters Description .... ..01 11.. .... = Qsearch I: Always (7) ..0. .... = QSearch C Initial: use Qsearch I ...1 ....: FDD Information: Present .... 0110 = FDD Qoffset: -8 dB (6) 0... .... = FDD Rep Quant: RSCP .01. .... = FDD Multirat Reporting: 1 ...0 00.. = FDD Qmin: -20 dB (0) .... ..0.: TDD Information: Not Present .... ...1: GPRS 3G Measurement Parameters Description: Present GPRS 3G Measurement Parameters Description 0111 .... = Qsearch P: Always (7) .... 1... = 3G Search Prio (ignored in Rel-8): 3G cells may be searched when BSIC decoding is required .... .1..: FDD Parameters: Present .... ..0. = FDD Rep Quant: RSCP .... ..0.: Reporting Quantity: RSCP .... ...0 1... .... = FDD Multirat Reporting: 1 .0.. ....: FDD Reporting Parameters: Not Present ..0. ....: TDD Multirat Reporting: Not Present ...0 ....: TDD Reporting Parameters: Not Present .... L...: Additions in Rel-5: Not present Padding Bits: default padding
HEX : 51 06 07 00 00 90 92 54 C9 00 81 25 D6 21 7C 8B 2B 2B 2B 2B 2B 2B 2B
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 13 L2 Pseudo Length 0000 00.. = L2 Pseudo Length value: 0 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 13 SI 13 Rest Octets H... ....: SI13 contents: Present .000 .... = BCCH Change Mark: 0 .... 0000 = SI Change Field: Update of unspecified SI message or SI messages (0) 0... ....: SI13 Change Mark: Not Present .0.. ....: PBCCH: Not Present In Cell ..10 0000 00.. .... = RAC: 128 ..0. .... = SPGC CCCH Sup: SPLIT_PG_CYCLE is not supported on CCCH in this cell ...1 10.. = Priority Access Thr: Packet access is allowed for priority level 1 to 4 (6) .... ..00 = Network Control Order: NC0 (0) GPRS Cell Options 01.. .... = NMO: Network Mode of Operation II (1) ..01 1... = T3168: 2000 ms (3) .... .010 = T3192: 1500 ms (2) 000. .... = DRX Timer Max: 0 s (0) ...0 .... = Access Burst Type: 8-bit format shall be used .... 1... = Control Ack Type: Default format is RLC/MAC control block .... .100 0... .... = BS CV Max: 8 .0.. ....: PAN bits: Not Present ..1. ....: Optional Extensions: Present GPRS Cell Options Extension Information Extension Length: 8 ..1. .... = EGPRS Packet Channel Request: Use two phase packet access with PACKET CHANNEL REQUEST message for uplink TBF establishment on the PRACH ...1 000. = BEP Period: 15 (8) .... ...0 = PFC Feature Mode: The network does not support packet flow context procedures 0... .... = DTM Support: The cell does not support DTM procedures .0.. .... = BSS Paging Coordination: The cell does not support Circuit-Switched paging coordination .1.. ....: EGPRS: Supported by cell GPRS Power Control Parameters ..00 00.. = Alpha: 0.0 (0) .... ..00 000. .... = T Avg W: 2^(0/2) / 6 multiframes (0) ...0 0000 = T Avg T: 2^(0/2) / 6 multiframes (0) 0... .... = PC Meas Chan: Downlink measurements for power control shall be made on BCCH .000 1... = N Avg I: 2^(1/2) (1) .... .H..: Additions in R99: Present .... ..1. = SGSNR: SGSN is Release '99 onwards .... ...L: Additions in Rel-4: Not present Padding Bits: default padding
HEX : 01 06 00 80 20 18 5A 0C 24 70 00 00 0F 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 5 L2 Pseudo Length 0100 10.. = L2 Pseudo Length value: 18 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 5 Neighbour Cell Description - BCCH Frequency List ..0. .... = EXT-IND: The information element carries the complete BA (0) ...0 .... = BA-IND: 0 00.. 000. = Format Identifier: bit map 0 (0x00) List of ARFCNs =
HEX : 49 06 1D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - System Information Type 6 L2 Pseudo Length 0010 11.. = L2 Pseudo Length value: 11 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: System Information Type 6 Cell Identity - CI (0) Cell CI: 0x0000 (0) Location Area Identification (LAI) Location Area Identification (LAI) - 001/01/0 Mobile Country Code (MCC): Unknown (1) Mobile Network Code (MNC): Unknown (01) Location Area Code (LAC): 0x0000 (0) Cell Options (SACCH) .1.. .... = PWRC: True 0.10 .... = DTX (SACCH): The MS shall not use uplink discontinuous transmission on a TCH-F. The MS shall not use uplink discontinuous transmission on TCH-H (2) .... 0011 = Radio Link Timeout: 16 (3) NCC Permitted 1111 1111 = NCC Permitted: 0xff SI 6 Rest Octets L... ....: PCH and NCH Info: Not present .L.. ....: VBS/VGCS options: Not present ..L. ....: DTM: Not Supported in Serving cell ...L ....: Band Indicator: 1800 .... L...: GPRS MS PWR MAX CCCH: Not present .... .L..: MBMS Procedures: Not supported .... ..L.: Additions in Rel-7: Not present Padding Bits: default padding
HEX : 2D 06 1E 00 00 00 F1 10 00 00 63 FF 2B 2B 2B 2B 2B 2B 2B
(2) RR : Channel Request
Channel Request has various functionalities and the one right after power-on is is equivalent to RACH process of UMTS and LTE. Simply put, this message is to tell the network "I want to camp on you, please allocate me a radio resource that I initiate the connection process".
The one for the initial registration is as follows. (In good channel condition and in open space, the first Channel Request would reach the NW and get the immdediate Assignement with only one Channel Request. Following is a kind of worst case where the initial channel request fail to decoded by NW or UE fails to decode initial immediate assignements)
Note : T3126 starts when the last retransmission of 'Channel Request' and it stops when UE gets 'Immediate Assignement'. If UE does not get 'Immediate Assignement' until T3126 expires, UE starts cell reselection.
The exact functionality of a channel request is determined by the first 8 bits of its message and the description of the first byte is specified by the following table in 44.018.
< 44.018 - Table 9.1.8.1: CHANNEL REQUEST message content >
(3) RR : Immediate Assignment
Immediate Assignement is the answering message to the initial "Channel Request" explained above. This is to say to MS "OK, I will accept your 'channel request' and here goes the radio resource you can use for the following steps".
One of the Channel Request example would be as follows. The most important thing you have to notice is that Immediate Assignment should play back the whole Channel Request message. All MS(UE) trying to connect a cell would receive the same 'Immediate Assignement', but if the 'Channel Request' portion contained in 'Immediate Assignement' does not match the Channel Request Bytes it sent, UE should discard the Immediate Assignement message since it is not for itself.
DLT: 147, Payload: gsm_a_ccch (GSM CCCH) GSM CCCH - Immediate Assignment L2 Pseudo Length 0010 11.. = L2 Pseudo Length value: 11 Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) Message Type: Immediate Assignment Page Mode .... 0000 = Page Mode: Normal paging (0) Dedicated mode or TBF 0000 .... = Dedicated mode or TBF: This message assigns a dedicated mode resource (0) Channel Description 0100 0... = SDCCH/8 + SACCH/C8 or CBCH (SDCCH/8), Subchannel 0 .... .100 = Timeslot: 4 001. .... = Training Sequence: 1 ...0 .... = Hopping channel: No .... 00.. = Spare Single channel : ARFCN 1 Request Reference Random Access Information (RA): 6 0011 1... = T1': 7 .... .010 010. .... = T3: 18 ...1 0110 = T2: 22 [RFN: 10422] Timing Advance Timing advance value: 0 Mobile Allocation Length: 0 IA Rest Octets L... ....: First Discriminator Bit: Low .L.. ....: Second Discriminator Bit: Low ..L. ....: A compressed version of the INTER RAT HANDOVER INFO message : shall not be used Padding Bits: default padding
HEX : 2D 06 3F 00 44 20 01 06 3A 56 00 00 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B
(4) MM : Location Updating Request
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Location Updating Request Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 00.. .... = Sequence number: 0 ..00 1000 = DTAP Mobility Management Message Type: Location Updating Request (0x08) Ciphering Key Sequence Number 0... .... = Spare bit(s): 0 .000 .... = Ciphering Key Sequence Number: 0 Location Updating Type - IMSI attach .... 0... = Follow-On Request (FOR): No follow-on request pending .... .0.. = Spare bit(s): 0 .... ..10 = Updating Type: IMSI attach Location Area Identification (LAI) Location Area Identification (LAI) - 001/01/0 Mobile Country Code (MCC): Unknown (1) Mobile Network Code (MNC): Unknown (01) Location Area Code (LAC): 0x0000 (0) Mobile Station Classmark 1 Mobile Station Classmark 1 0... .... = Spare: 0 .10. .... = Revision Level: Used by mobile stations supporting R99 or later versions of the protocol (2) ...1 .... = ES IND: Controlled Early Classmark Sending option is implemented in the MS .... 0... = A5/1 algorithm supported: encryption algorithm A5/1 available .... .011 = RF Power Capability: class 4 (3) Mobile Identity - TMSI/P-TMSI (0x0000) Length: 5 1111 .... = Unused: 0x0f .... 0... = Odd/even indication: Even number of identity digits .... .100 = Mobile Identity Type: TMSI/P-TMSI/M-TMSI (4) TMSI/P-TMSI: 0x00000000
HEX : 05 08 02 00 F1 10 00 00 53 05 F4 00 00 00 00
(5) MM : Authentication Request
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Authentication Request Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 00.. .... = Sequence number: 0 ..01 0010 = DTAP Mobility Management Message Type: Authentication Request (0x12) 0000 .... = Spare bit(s): 0 Ciphering Key Sequence Number .... 0... = Spare bit(s): 0 .... .000 = Ciphering Key Sequence Number: 0 Authentication Parameter RAND - UMTS challenge or GSM challenge RAND value: 32353339313337303132353339313337 Authentication Parameter AUTN (UMTS and EPS authentication challenge) Element ID: 0x20 Length: 16 AUTN value: 0a75665147b900003224110a75665147 SQN xor AK: 0a75665147b9 AMF: 0000 MAC: 3224110a75665147
HEX : 05 12 00 32 35 33 39 31 33 37 30 31 32 35 33 39 31 33 37 20 10 0A 75 66 51 47 B9 00 00 32 24 11 0A 75 66 51 47
(6) MM : Authentication Response
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Authentication Response Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 01.. .... = Sequence number: 1 ..01 0100 = DTAP Mobility Management Message Type: Authentication Response (0x14) Authentication Response Parameter SRES value: 3224110a Authentication Response Parameter (extension) (UMTS authentication challenge only) Element ID: 0x21 Length: 12 XRES value: 75665147b9ab9f88f5ecddc8
HEX : 05 54 32 24 11 0A 21 0C 75 66 51 47 B9 AB 9F 88 F5 EC DD C8
(7) MM : Ciphering Mode Command
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Ciphering Mode Command Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP Radio Resources Management Message Type: Ciphering Mode Command (0x35) Cipher Mode Setting .... ...0 = SC: No ciphering (0) Cipher Mode Response ...0 .... = CR: IMEISV shall not be included (0)
HEX : 06 35 00
(8) MM : Ciphering Mode Complete
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Ciphering Mode Complete Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP Radio Resources Management Message Type: Ciphering Mode Complete (0x32)
HEX : 06 32
(9) MM : Identity Request (IMSI)
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Identity Request Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 00.. .... = Sequence number: 0 ..01 1000 = DTAP Mobility Management Message Type: Identity Request (0x18) 0000 .... = Spare bit(s): 0 Identity Type .... 0... = Spare bit(s): 0 .... .001 = Type of identity: IMSI
HEX : 05 18 01
(10) MM : Identity Response
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Identity Response Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 10.. .... = Sequence number: 2 ..01 1001 = DTAP Mobility Management Message Type: Identity Response (0x19) Mobile Identity - IMSI (001010123456789) Length: 8 0000 .... = Identity Digit 1: 0 .... 1... = Odd/even indication: Odd number of identity digits .... .001 = Mobile Identity Type: IMSI (1) BCD Digits: 001010123456789
HEX : 05 99 08 09 10 10 10 32 54 76 98
(11) MM : Location Updating Accept
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Location Updating Accept Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 00.. .... = Sequence number: 0 ..00 0010 = DTAP Mobility Management Message Type: Location Updating Accept (0x02) Location Area Identification (LAI) Location Area Identification (LAI) - 001/01/0 Mobile Country Code (MCC): Unknown (1) Mobile Network Code (MNC): Unknown (01) Location Area Code (LAC): 0x0000 (0) Mobile Identity - TMSI/P-TMSI (0x0000) Element ID: 0x17 Length: 5 1111 .... = Unused: 0x0f .... 0... = Odd/even indication: Even number of identity digits .... .100 = Mobile Identity Type: TMSI/P-TMSI/M-TMSI (4) TMSI/P-TMSI: 0x00000000
HEX : 05 02 00 F1 10 00 00 17 05 F4 00 00 00 00
(12) MM : TMSI ReAllocation Complete
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - TMSI Reallocation Complete Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 11.. .... = Sequence number: 3 ..01 1011 = DTAP Mobility Management Message Type: TMSI Reallocation Complete (0x1b)
HEX : 05 DB
(13) MM : INFORMATION
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - MM Information Protocol Discriminator: Mobility Management messages .... 0101 = Protocol discriminator: Mobility Management messages (0x05) 0000 .... = Skip Indicator: No indication of selected PLMN (0) 00.. .... = Sequence number: 0 ..11 0010 = DTAP Mobility Management Message Type: MM Information (0x32) Network Name - Full Name Element ID: 0x43 Length: 18 1... .... = Extension: No Extension .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet, language unspecified, defined in 3GPP TS 23.038 .... 0... = Add CI: The MS should not add the letters for the Country's Initials to the text string .... .011 = Number of spare bits in last octet: bits 6 to 8(inclusive) are spare and set to '0' in octet n Text String: MD8475A_SmartStudio Network Name - Short Name Element ID: 0x45 Length: 8 1... .... = Extension: No Extension .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet, language unspecified, defined in 3GPP TS 23.038 .... 0... = Add CI: The MS should not add the letters for the Country's Initials to the text string .... .000 = Number of spare bits in last octet: this field carries no information about the number of spare bits in octet n Text String: MD8475A@ Time Zone and Time - Universal Time and Local Time Zone Element ID: 0x47 Year 16, Month 05, Day 10 Hour 18, Minutes 13, Seconds 41 Timezone: GMT - 4 hours 0 minutes Daylight Saving Time Element ID: 0x49 Length: 1 0000 00.. = Spare bit(s): 0 .... ..01 = +1 hour adjustment for Daylight Saving Time
HEX : 05 32 43 12 83 4D 22 8E 76 AB 05 23 D3 76 58 4E 9F D2 EB E4 F4 1B 45 08 80 4D 22 8E 76 AB 05 01 47 61 50 01 81 31 14 69 49 01 01
(14) RR : Channel Release
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Channel Release Protocol Discriminator: Radio Resources Management messages .... 0110 = Protocol discriminator: Radio Resources Management messages (0x06) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP Radio Resources Management Message Type: Channel Release (0x0d) RR Cause RR cause value: Normal event (0)
HEX : 06 0D 00
(15) RR : Channel Request/Handover Access
(16) RR : Immediate Assignment
(17) GPRS MM : Attach Request
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Attach Request Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Attach Request (0x01) MS Network Capability Length: 3 1... .... = GEA/1: Encryption algorithm available .1.. .... = SM capabilities via dedicated channels: Mobile station supports mobile terminated point to point SMS via dedicated signalling channels ..1. .... = SM capabilities via GPRS channels: Mobile station supports mobile terminated point to point SMS via GPRS packet data channels ...0 .... = UCS2 support: Mobile station does not support mobile terminated point to point SMS via GPRS packet data channels .... 01.. = SS Screening Indicator: capability of handling of ellipsis notation and phase 2 error handling (0x01) .... ..0. = SoLSA Capability: The ME does not support SoLSA .... ...1 = Revision level indicator: Used by a mobile station supporting R99 or later versions of the protocol 1... .... = PFC feature mode: Mobile station does support BSS packet flow procedures .110 000. = Extended GEA bits: 0x30 .1.. .... = GEA/2: Encryption algorithm available ..1. .... = GEA/3: Encryption algorithm available ...0 .... = GEA/4: Encryption algorithm not available .... 0... = GEA/5: Encryption algorithm not available .... .0.. = GEA/6: Encryption algorithm not available .... ..0. = GEA/7: Encryption algorithm not available .... ...0 = LCS VA capability: LCS value added location request notification capability not supported 0... .... = PS inter-RAT HO from GERAN to UTRAN Iu mode capability: PS inter-RAT HO to UTRAN Iu mode not supported .0.. .... = PS inter-RAT HO from GERAN to E-UTRAN S1 mode capability: PS inter-RAT HO to E-UTRAN S1 mode not supported ..1. .... = EMM Combined procedures capability: Mobile station supports EMM combined procedures ...1 .... = ISR support: The mobile station supports ISR .... 0... = SRVCC to GERAN/UTRAN capability: SRVCC from UTRAN HSPA or E-UTRAN to GERAN/UTRAN not supported .... .1.. = EPC capability: EPC supported .... ..0. = NF capability: Mobile station does not support the notification procedure .... ...0 = GERAN network sharing capability: Mobile station does not support GERAN network sharing Attach Type 0000 .... = Ciphering key sequence number: 0 Attach Type .... 0... = Follow-on request pending: False .... .001 = Type of attach: GPRS attach (1) DRX Parameter DRX Parameter Split PG Cycle Code: Reserved, interpreted as 1 (10) 0000 .... = CN Specific DRX cycle length coefficient: CN Specific DRX cycle length coefficient / value not specified by the MS (0) .... 0... = SPLIT on CCCH: Split pg cycle on CCCH is not supported by the mobile station .... .000 = Non-DRX timer: no non-DRX mode after transfer state (0) Mobile Identity - IMSI (001010123456789) Length: 8 0000 .... = Identity Digit 1: 0 .... 1... = Odd/even indication: Odd number of identity digits .... .001 = Mobile Identity Type: IMSI (1) BCD Digits: 001010123456789 Routing Area Identification - Old routing area identification - RAI: 1-1-0-128 Routing area identification: 1-1-0-128 Mobile Country Code (MCC): Unknown (1) Mobile Network Code (MNC): Unknown (01) Location Area Code (LAC): 0x0000 (0) Routing Area Code (RAC): 0x80 (128) MS Radio Access Capability Length: 33 MS RA capability 1 0001 .... = Access Technology Type: GSM E --note that GSM E covers GSM P (1) .... 1011 100. .... = Length in bits: 0x5c (92) ...1 00.. RF Power Capability, GMSK Power Class: 2 W (33 dBm) (4) A5 Bits: A5 bits follow (1) A5/1: encryption algorithm available (1) A5/2: encryption algorithm not available (0) A5/3: encryption algorithm available (1) A5/4: encryption algorithm not available (0) A5/5: encryption algorithm not available (0) A5/6: encryption algorithm not available (0) A5/7: encryption algorithm not available (0) .... ..1. = Controlled early Classmark Sending: Implemented .... ...1 = Pseudo Synchronisation: Present 0... .... = Voice Group Call Service: no VGCS capability or no notifications wanted .0.. .... = Voice Broadcast Service: no VBS capability or no notifications wanted ..1. .... = Multislot capability struct: Present HSCSD multislot class: Bits are not available (0) SMS/SM values: Bits are not available (0) ECSD multislot class: Bits are not available (0) DTM GPRS Multi Slot Class: Bits are not available (0) .... .011 00.. .... = GPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA: 4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12) ..1. .... = GPRS Extended Dynamic Allocation Capability: Implemented .... ..01 100. .... = EGPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA: 4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12) ...1 .... = EGPRS Extended Dynamic Allocation Capability: Implemented .... .1.. = 8PSK Power Capability Bits: Present 8PSK Power Capability: Power class E2 (2) 0... .... = COMPACT Interference Measurement Capability: Not Implemented .1.. .... = Revision Level Indicator: The ME is Release '99 onwards ..1. .... = UMTS FDD Radio Access Technology Capability: Supported ...0 .... = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported .... 0... = CDMA 2000 Radio Access Technology Capability: Not supported .... .0.. = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported .... ..1. = GERAN Feature Package 1: Supported Extended DTM (E)GPRS Multi Slot Class: Bits are not available (0) 0... .... = Modulation based multislot class support: Not supported High Multislot Capability: Bits are not available (0) ..0. .... = GERAN Iu mode: Not supported GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 0 (0) 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 0 (0) .... ...0 = Multiple TBF Capability: Not supported 01.. .... = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase I supported (1) ..0. .... = Extended RLC/MAC Control Message Segmentation Capability: Not supported ...0 .... = DTM Enhancements Capability: The mobile station does not support enhanced DTM CS establishment and enhanced DTM CS release procedures .... .0.. = PS Handover Capability: Not supported .... ..0. = DTM Handover Capability: Not supported 0... .... = Flexible Timeslot Assignment: Not supported .0.. .... = GAN PS Handover Capability: Not supported ..0. .... = RLC Non-persistent Mode: Not supported ...0 .... = Reduced Latency Capability: Not supported .... 00.. = Uplink EGPRS2: The mobile station does not support either EGPRS2-A or EGPRS2-B in the uplink (0) .... ..00 = Downlink EGPRS2: The mobile station does not support either EGPRS2-A or EGPRS2-B in the downlink (0) 1... .... = E-UTRA FDD support: Supported .0.. .... = E-UTRA TDD support: Not supported ..01 .... = GERAN to E-UTRA support in GERAN packet transfer mode: E-UTRAN Neighbour Cell measurements and MS autonomous cell reselection to E-UTRAN supported (1) .... 1... = Priority-based reselection support: Supported .... ..0. = Indication of Upper Layer PDU Start Capability for RLC UM: Not supported .... ...0 = Enhanced Multiplexing for Single TBF Capability: Not supported 0... .... = Multiple TTI Capability: Not supported .0.. .... = Reporting of UTRAN CSG cells in packet transfer mode: Not supported ..0. .... = Reporting of E-UTRAN CSG cells in packet transfer mode: Not supported ...0 .... = Dynamic Timeslot Reduction Capability: Not supported .... 0... = Enhanced Multiplexing for Single RLC Entity Capability: Not supported .... .0.. = Fast Downlink Frequency Switching Capability: Not supported .... ..00 = TIGHTER Capability: TIGHTER not supported (0) 0... .... = Fast Ack/Nack Reporting Capability: Not supported .0.. .... = Immediate Packet Assignment Capability: Not supported MS RA capability 2 ...0 001. = Access Technology Type: GSM E --note that GSM E covers GSM P (1) .... ...1 0111 10.. = Length in bits: 0x5e (94) .... ..00 0... .... RF Power Capability, GMSK Power Class: Not specified (0) A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0) ..1. .... = Controlled early Classmark Sending: Implemented ...1 .... = Pseudo Synchronisation: Present .... 0... = Voice Group Call Service: no VGCS capability or no notifications wanted .... .0.. = Voice Broadcast Service: no VBS capability or no notifications wanted .... ..0. = Multislot capability struct: Not Present .... ...1 = 8PSK Power Capability Bits: Present 8PSK Power Capability: Power class E2 (2) ..0. .... = COMPACT Interference Measurement Capability: Not Implemented ...0 .... = Revision Level Indicator: The ME is Release '98 or older .... 1... = UMTS FDD Radio Access Technology Capability: Supported .... .1.. = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Supported .... ..0. = CDMA 2000 Radio Access Technology Capability: Not supported .... ...0 = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported 1... .... = GERAN Feature Package 1: Supported Extended DTM (E)GPRS Multi Slot Class: Bits are not available (0) ..0. .... = Modulation based multislot class support: Not supported High Multislot Capability: Bits are not available (0) .... 0... = GERAN Iu mode: Not supported GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 0 (0) 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 0 (0) .0.. .... = Multiple TBF Capability: Not supported ..00 .... = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance not supported (0) .... 0... = Extended RLC/MAC Control Message Segmentation Capability: Not supported .... .0.. = DTM Enhancements Capability: The mobile station does not support enhanced DTM CS establishment and enhanced DTM CS release procedures .... ...0 = PS Handover Capability: Not supported 1... .... = DTM Handover Capability: Supported ..0. .... = Flexible Timeslot Assignment: Not supported ...0 .... = GAN PS Handover Capability: Not supported .... 0... = RLC Non-persistent Mode: Not supported .... .0.. = Reduced Latency Capability: Not supported .... ..00 = Uplink EGPRS2: The mobile station does not support either EGPRS2-A or EGPRS2-B in the uplink (0) 00.. .... = Downlink EGPRS2: The mobile station does not support either EGPRS2-A or EGPRS2-B in the downlink (0) ..0. .... = E-UTRA FDD support: Not supported ...0 .... = E-UTRA TDD support: Not supported .... 00.. = GERAN to E-UTRA support in GERAN packet transfer mode: None (0) .... ..0. = Priority-based reselection support: Not supported 0... .... = Indication of Upper Layer PDU Start Capability for RLC UM: Not supported .0.. .... = Enhanced Multiplexing for Single TBF Capability: Not supported ..1. .... = Multiple TTI Capability: Supported ...1 .... = Reporting of UTRAN CSG cells in packet transfer mode: Supported .... 0... = Reporting of E-UTRAN CSG cells in packet transfer mode: Not supported .... .0.. = Dynamic Timeslot Reduction Capability: Not supported .... ..0. = Enhanced Multiplexing for Single RLC Entity Capability: Not supported .... ...0 = Fast Downlink Frequency Switching Capability: Not supported 00.. .... = TIGHTER Capability: TIGHTER not supported (0) ..0. .... = Fast Ack/Nack Reporting Capability: Not supported ...0 .... = Immediate Packet Assignment Capability: Not supported MS RA capability 3 .... .000 0... .... = Access Technology Type: GSM P (0) .000 0110 = Length in bits: 0x06 (6) 011. .... RF Power Capability, GMSK Power Class: 4 W (36 dBm) (3) A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0) .... 0... = Controlled early Classmark Sending: Not Implemented .... .0.. = Pseudo Synchronisation: Not Present .... ..0. = Voice Group Call Service: no VGCS capability or no notifications wanted .... ...0 = Voice Broadcast Service: no VBS capability or no notifications wanted 1... .... = Multislot capability struct: Present .1.. .... = 8PSK Power Capability Bits: Present 8PSK Power Capability: Power class E2 (2) .... 1... = COMPACT Interference Measurement Capability: Implemented .... .0.. = Revision Level Indicator: The ME is Release '98 or older .... ..1. = UMTS FDD Radio Access Technology Capability: Supported .... ...1 = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Supported 0... .... = CDMA 2000 Radio Access Technology Capability: Not supported .0.. .... = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported ..0. .... = GERAN Feature Package 1: Not supported Extended DTM (E)GPRS Multi Slot Class: Bits are not available (0) .... 1... = Modulation based multislot class support: Supported High Multislot Capability: Bits are not available (0) .... ..0. = GERAN Iu mode: Not supported GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 0 (0) 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 0 (0) ...0 .... = Multiple TBF Capability: Not supported .... 10.. = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase II supported (2) .... ..0. = Extended RLC/MAC Control Message Segmentation Capability: Not supported .... ...0 = DTM Enhancements Capability: The mobile station does not support enhanced DTM CS establishment and enhanced DTM CS release procedures .0.. .... = PS Handover Capability: Not supported ..0. .... = DTM Handover Capability: Not supported .... 0... = Flexible Timeslot Assignment: Not supported .... .0.. = GAN PS Handover Capability: Not supported .... ..0. = RLC Non-persistent Mode: Not supported .... ...1 = Reduced Latency Capability: Supported 00.. .... = Uplink EGPRS2: The mobile station does not support either EGPRS2-A or EGPRS2-B in the uplink (0) ..00 .... = Downlink EGPRS2: The mobile station does not support either EGPRS2-A or EGPRS2-B in the downlink (0) .... 0... = E-UTRA FDD support: Not supported .... .0.. = E-UTRA TDD support: Not supported .... ..00 = GERAN to E-UTRA support in GERAN packet transfer mode: None (0) 0... .... = Priority-based reselection support: Not supported ..0. .... = Indication of Upper Layer PDU Start Capability for RLC UM: Not supported ...0 .... = Enhanced Multiplexing for Single TBF Capability: Not supported .... 0... = Multiple TTI Capability: Not supported .... .0.. = Reporting of UTRAN CSG cells in packet transfer mode: Not supported .... ..1. = Reporting of E-UTRAN CSG cells in packet transfer mode: Supported .... ...0 = Dynamic Timeslot Reduction Capability: Not supported 0... .... = Enhanced Multiplexing for Single RLC Entity Capability: Not supported .1.. .... = Fast Downlink Frequency Switching Capability: Supported ..10 .... = TIGHTER Capability: TIGHTER supported for speech and signalling channels and for GPRS and EGPRS, but not for EGPRS2 (2) .... 0... = Fast Ack/Nack Reporting Capability: Not supported .... .0.. = Immediate Packet Assignment Capability: Not supported GPRS Timer - Ready Timer Element ID: 0x17 GPRS Timer: 44 sec 000. .... = Unit: value is incremented in multiples of 2 seconds (0) ...1 0110 = Timer value: 22 UE network capability Element ID: 0x58 Length: 5 1... .... = EEA0: Supported .1.. .... = 128-EEA1: Supported ..1. .... = 128-EEA2: Supported ...1 .... = 128-EEA3: Supported .... 0... = EEA4: Not Supported .... .0.. = EEA5: Not Supported .... ..0. = EEA6: Not Supported .... ...0 = EEA7: Not Supported 0... .... = EIA0: Not Supported .1.. .... = 128-EIA1: Supported ..1. .... = 128-EIA2: Supported ...1 .... = 128-EIA3: Supported .... 0... = EIA4: Not Supported .... .0.. = EIA5: Not Supported .... ..0. = EIA6: Not Supported .... ...0 = EIA7: Not Supported 1... .... = UEA0: Supported .1.. .... = UEA1: Supported ..0. .... = UEA2: Not Supported ...0 .... = UEA3: Not Supported .... 0... = UEA4: Not Supported .... .0.. = UEA5: Not Supported .... ..0. = UEA6: Not Supported .... ...0 = UEA7: Not Supported 0... .... = UCS2 support (UCS2): The UE has a preference for the default alphabet .1.. .... = UMTS integrity algorithm UIA1: Supported ..0. .... = UMTS integrity algorithm UIA2: Not Supported ...0 .... = UMTS integrity algorithm UIA3: Not Supported .... 0... = UMTS integrity algorithm UIA4: Not Supported .... .0.. = UMTS integrity algorithm UIA5: Not Supported .... ..0. = UMTS integrity algorithm UIA6: Not Supported .... ...0 = UMTS integrity algorithm UIA7: Not Supported 00.. .... = Spare bit(s): 0x00 ..0. .... = H.245-ASH capability: H.245 after SRVCC handover capability not supported ...1 .... = ACC-CSFB capability: eNodeB-based access class control for CSFB supported .... 0... = LPP capability: LTE Positioning Protocol not supported .... .0.. = LCS capability: Location services notification mechanisms not supported .... ..0. = 1xSRVCC capability: SRVCC from E-UTRAN to cdma2000 1x CS not supported .... ...0 = NF capability: Notification procedure not supported Voice domain preference and UE's usage setting Element ID: 0x5d Length: 1 0000 0... = Spare bit(s): 0 .... .0.. = UE's usage setting: Voice centric .... ..11 = Voice domain preference for E-UTRAN: IMS PS voice preferred, CS Voice as secondary (3)
HEX : 08 01 03 E5 E0 34 01 0A 00 08 09 10 10 10 32 54 76 98 00 F1 10 00 00 80 21 1B 93 43 2B 25 96 62 00 40 00 98 00 03 78 71 8C C4 00 80 01 30 00 06 70 CB 19 88 01 00 02 60 00 08 17 16 58 05 F0 70 C0 40 10 5D 01 03
(18) GPRS MM : Authentication and Ciphering Request
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Authentication and Ciphering Req Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Authentication and Ciphering Req (0x12) IMEISV Request 0... .... = Spare bit(s): 0 .000 .... = IMEISV request: IMEISV not requested (0) Cipher Algorithm .... 0... = Spare bit(s): 0 .... .000 = Type of ciphering algorithm: ciphering not used (0) A&C Reference Number 0001 .... = A&C reference number: 1 Force to Standby .... 0... = Spare bit(s): 0 .... .000 = Force to standby: Force to standby not indicated (0) Authentication Parameter RAND Element ID: 0x21 RAND value: 32353339313739393132353339313739 Ciphering key sequence number: 0x00 (0) Authentication Parameter AUTN (UMTS and EPS authentication challenge) Element ID: 0x28 Length: 16 AUTN value: 0a75625f4eb900003224110a75625f4e SQN xor AK: 0a75625f4eb9 AMF: 0000 MAC: 3224110a75625f4e
HEX : 08 12 00 10 21 32 35 33 39 31 37 39 39 31 32 35 33 39 31 37 39 80 28 10 0A 75 62 5F 4E B9 00 00 32 24 11 0A 75 62 5F 4E
(19) GPRS MM : Authentication and Ciphering Response
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Authentication and Ciphering Resp Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Authentication and Ciphering Resp (0x13) Spare Half Octet 0000 .... = Spare Nibble: 0 (0x00) A&C Reference Number .... 0001 = A&C reference number: 1 Authentication Response Parameter Element ID: 0x22 SRES value: 3224110a Authentication Response Parameter (extension) (UMTS authentication challenge only) Element ID: 0x29 Length: 12 XRES value: 75625f4eb9ab9f88f5ecd9c6
HEX : 08 13 01 22 32 24 11 0A 29 0C 75 62 5F 4E B9 AB 9F 88 F5 EC D9 C6
(20) GPRS MM : Indentity Request
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Identity Request Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Identity Request (0x15) Force to Standby 0... .... = Spare bit(s): 0 .000 .... = Force to standby: Force to standby not indicated (0) Identity Type 2 .... 0... = Spare bit(s): 0 .... .001 = Type of identity: IMSI (1)
HEX : 08 15 01
(21) GPRS MM : Indentity Response
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Identity Response Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Identity Response (0x16) Mobile Identity - IMSI (001010123456789) Length: 8 0000 .... = Identity Digit 1: 0 .... 1... = Odd/even indication: Odd number of identity digits .... .001 = Mobile Identity Type: IMSI (1) BCD Digits: 001010123456789
HEX : 08 16 08 09 10 10 10 32 54 76 98
(22) GPRS MM : Attach Accept
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Attach Accept Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Attach Accept (0x02) Force to Standby 0... .... = Spare bit(s): 0 .000 .... = Force to standby: Force to standby not indicated (0) Attach Result .... 0... = Follow-on proceed: False .... .001 = Result of attach: GPRS only attached (1) GPRS Timer GPRS Timer: timer is deactivated 111. .... = Unit: value indicates that the timer is deactivated (7) ...0 0000 = Timer value: 0 Radio Priority 2 - Radio priority for TOM8 Radio Priority (TOM8): priority level 4 (lowest) (0) Radio Priority - Radio priority for SMS Radio Priority (PDP or SMS): priority level 1 (highest) (1) Routing Area Identification - RAI: 1-1-0-128 Routing area identification: 1-1-0-128 Mobile Country Code (MCC): Unknown (1) Mobile Network Code (MNC): Unknown (01) Location Area Code (LAC): 0x0000 (0) Routing Area Code (RAC): 0x80 (128) GPRS Timer - Negotiated Ready Timer Element ID: 0x17 GPRS Timer: timer is deactivated 111. .... = Unit: value indicates that the timer is deactivated (7) ...0 0000 = Timer value: 0 Mobile Identity - Allocated P-TMSI - TMSI/P-TMSI (0x0080) Element ID: 0x18 Length: 5 1111 .... = Unused: 0x0f .... 0... = Odd/even indication: Even number of identity digits .... .100 = Mobile Identity Type: TMSI/P-TMSI/M-TMSI (4) TMSI/P-TMSI: 0x00000080 GPRS Timer 2 - T3302 value Element ID: 0x2a Length: 1 GPRS Timer: timer is deactivated 111. .... = Unit: value indicates that the timer is deactivated (7) ...0 0000 = Timer value: 0
HEX : 08 02 01 E0 01 00 F1 10 00 00 80 17 E0 18 05 F4 00 00 00 80 2A 01 E0
(23) GPRS MM : Attach Complete
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Attach Complete Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: Attach Complete (0x03)
HEX : 08 03
(24) GPRS MM: GMM INFORMATION
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - GMM Information Protocol Discriminator: GPRS mobility management messages .... 1000 = Protocol discriminator: GPRS mobility management messages (0x08) 0000 .... = Skip Indicator: No indication of selected PLMN (0) DTAP GPRS Mobility Management Message Type: GMM Information (0x21) Network Name - Full Name Element ID: 0x43 Length: 18 1... .... = Extension: No Extension .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet, language unspecified, defined in 3GPP TS 23.038 .... 0... = Add CI: The MS should not add the letters for the Country's Initials to the text string .... .011 = Number of spare bits in last octet: bits 6 to 8(inclusive) are spare and set to '0' in octet n Text String: Test_Network Network Name - Short Name Element ID: 0x45 Length: 8 1... .... = Extension: No Extension .000 .... = Coding Scheme: Cell Broadcast data coding scheme, GSM default alphabet, language unspecified, defined in 3GPP TS 23.038 .... 0... = Add CI: The MS should not add the letters for the Country's Initials to the text string .... .000 = Number of spare bits in last octet: this field carries no information about the number of spare bits in octet n Text String: MD8475A@ Time Zone and Time Element ID: 0x47 Year 16, Month 05, Day 10 Hour 18, Minutes 13, Seconds 49 Timezone: GMT - 4 hours 0 minutes Daylight Saving Time Element ID: 0x49 Length: 1 0000 00.. = Spare bit(s): 0 .... ..01 = +1 hour adjustment for Daylight Saving Time
HEX : 08 21 43 12 83 4D 22 8E 76 AB 05 23 D3 76 58 4E 9F D2 EB E4 F4 1B 45 08 80 4D 22 8E 76 AB 05 01 47 61 50 01 81 31 94 69 49 01 01
(25) SM: Activate PDP Context Request
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Activate PDP Context Request Protocol Discriminator: GPRS session management messages .... 1010 = Protocol discriminator: GPRS session management messages (0x0a) 0... .... = TI flag: allocated by sender .000 .... = TIO: 0 01.. .... = Sequence number: 1 DTAP GPRS Session Management Message Type: Activate PDP Context Request (0x41) Network Service Access Point Identifier - Requested NSAPI NSAPI: 0x05 (5) LLC Service Access Point Identifier - Requested LLC SAPI 0000 .... = Spare bit(s): 0 .... 0011 = LLC SAPI: SAPI 3 (3) Quality Of Service - Requested QoS Length: 14 00.. .... = Spare bit(s): 0 ..00 0... = Quality of Service Delay class: Subscribed delay class (in MS to network direction) (0) .... .000 = Reliability class: Subscribed reliability class (in MS to network direction) 0000 .... = Peak throughput: Subscribed peak throughput/reserved (0) .... 0... = Spare bit(s): 0 .... .000 = Precedence class: Subscribed precedence/reserved (0) 000. .... = Spare bit(s): 0 ...0 0000 = Mean throughput: Subscribed peak throughput/reserved (0) 000. .... = Traffic class: Subscribed traffic class/Reserved (0) ...0 0... = Delivery order: Subscribed delivery order/Reserved (0) .... .000 = Delivery of erroneous SDUs: Subscribed delivery of erroneous SDUs/Reserved Maximum SDU size: Subscribed maximum SDU size/reserved (0) Maximum bitrate for uplink: Subscribed maximum bit rate for uplink/reserved (0) Maximum bitrate for downlink: Subscribed maximum bit rate for downlink/reserved (0) 0000 .... = Residual Bit Error Rate (BER): Subscribed residual BER/Reserved (0) .... 0000 = SDU error ratio: Subscribed SDU error ratio/Reserved (0) 0000 00.. = Transfer delay: Subscribed transfer delay/reserved (0) .... ..00 = Traffic handling priority: Subscribed traffic handling priority/Reserved (0) Guaranteed bitrate for uplink: Subscribed guaranteed bit rate for uplink/reserved (0) Guaranteed bitrate for downlink: Subscribed guaranteed bit rate for downlink/reserved (0) 000. .... = Spare bit(s): 0 ...0 .... = Signalling indication: Not optimised for signalling traffic .... 0000 = Source statistics description: unknown (0) Maximum bitrate for downlink (extended): Use the value indicated by the Maximum bit rate for downlink (0) Guaranteed bitrate for downlink (extended): Use the value indicated by the Guaranteed bit rate for downlink (0) Packet Data Protocol Address - Requested PDP address Length: 2 0000 .... = Spare bit(s): 0 .... 0001 = PDP type organization: IETF allocated address (1) PDP type number: IPv4 address (33) Dynamic addressing Access Point Name Element ID: 0x28 Length: 4 APN: apn Protocol Configuration Options Element ID: 0x27 Length: 29 [Link direction: MS to network (0)] 1... .... = Extension: True Configuration Protocol: PPP for use with IP PDP type or IP PDN type (0) Protocol or Container ID: Internet Protocol Control Protocol (0x8021) Length: 0x10 (16) PPP IP Control Protocol Code: Configuration Request (1) Identifier: 0 (0x00) Length: 16 Options: (12 bytes), Primary DNS Server IP Address, Secondary DNS Server IP Address Primary DNS Server IP Address: 0.0.0.0 Type: Primary DNS Server IP Address (129) Length: 6 Primary DNS Address: 0.0.0.0 (0.0.0.0) Secondary DNS Server IP Address: 0.0.0.0 Type: Secondary DNS Server IP Address (131) Length: 6 Secondary DNS Address: 0.0.0.0 (0.0.0.0) Protocol or Container ID: DNS Server IPv4 Address Request (0x000d) Length: 0x00 (0) Protocol or Container ID: IP address allocation via NAS signalling (0x000a) Length: 0x00 (0) Protocol or Container ID: MS Support of Network Requested Bearer Control indicator (0x0005) Length: 0x00 (0)
HEX : 0A 41 05 03 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 21 28 04 03 61 70 6E 27 1D 80 80 21 10 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 00 0D 00 00 0A 00 00 05 00
(26) SM: Activate PDP Context Accept
DLT: 147, Payload: gsm_a_dtap (GSM A-I/F DTAP) GSM A-I/F DTAP - Activate PDP Context Accept Protocol Discriminator: GPRS session management messages .... 1010 = Protocol discriminator: GPRS session management messages (0x0a) 1... .... = TI flag: allocated by receiver .000 .... = TIO: 0 01.. .... = Sequence number: 1 DTAP GPRS Session Management Message Type: Activate PDP Context Accept (0x42) LLC Service Access Point Identifier - Negotiated LLC SAPI 0000 .... = Spare bit(s): 0 .... 0011 = LLC SAPI: SAPI 3 (3) Quality Of Service - Negotiated QoS Length: 11 00.. .... = Spare bit(s): 0 ..10 0... = Quality of Service Delay class: Delay class 4 (best effort) (4) .... .011 = Reliability class: Unacknowledged GTP/LLC, Ack RLC, Protected data (3) 1001 .... = Peak throughput: Up to 256 000 octet/s (9) .... 0... = Spare bit(s): 0 .... .010 = Precedence class: Normal priority (2) 000. .... = Spare bit(s): 0 ...0 1010 = Mean throughput: 100 000 octet/h (10) 100. .... = Traffic class: Background class (4) ...1 0... = Delivery order: Without delivery order ('no') (2) .... .011 = Delivery of erroneous SDUs: Erroneous SDUs are not delivered('No') (3) Maximum SDU size: 1500 octets (150) Maximum bitrate for uplink: 64 kbps (64) Maximum bitrate for downlink: 384 kbps (104) 0111 .... = Residual Bit Error Rate (BER): 1*10-5 (7) .... 0100 = SDU error ratio: 1*10-4 (4) 0000 00.. = Transfer delay: Subscribed transfer delay/reserved (0) .... ..00 = Traffic handling priority: Subscribed traffic handling priority/Reserved (0) Guaranteed bitrate for uplink: 64 kbps (64) Guaranteed bitrate for downlink: 568 kbps (127) Radio Priority Radio Priority (PDP or SMS): priority level 1 (highest) (1) Packet Data Protocol Address - PDP address Element ID: 0x2b Length: 6 0000 .... = Spare bit(s): 0 .... 0001 = PDP type organization: IETF allocated address (1) PDP type number: IPv4 address (33) IPv4 address: 192.168.1.11 (192.168.1.11) Protocol Configuration Options Element ID: 0x27 Length: 27 [Link direction: Network to MS (1)] 1... .... = Extension: True Configuration Protocol: PPP for use with IP PDP type or IP PDN type (0) Protocol or Container ID: Internet Protocol Control Protocol (0x8021) Length: 0x10 (16) PPP IP Control Protocol Code: Configuration Nak (3) Identifier: 0 (0x00) Length: 16 Options: (12 bytes), Primary DNS Server IP Address, Secondary DNS Server IP Address Primary DNS Server IP Address: 192.168.1.2 Type: Primary DNS Server IP Address (129) Length: 6 Primary DNS Address: 192.168.1.2 (192.168.1.2) Secondary DNS Server IP Address: 192.168.1.2 Type: Secondary DNS Server IP Address (131) Length: 6 Secondary DNS Address: 192.168.1.2 (192.168.1.2) Protocol or Container ID: DNS Server IPv4 Address (0x000d) Length: 0x04 (4) IPv4: 192.168.1.2
HEX : 8A 42 03 0B 23 92 0A 93 96 40 68 74 00 40 7F 01 2B 06 01 21 C0 A8 01 0B 27 1B 80 80 21 10 03 00 00 10 81 06 C0 A8 01 02 83 06 C0 A8 01 02 00 0D 04 C0 A8 01 02
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
