Using TEMS Pocket. Johan Montelius



Similar documents
GSM: PHYSICAL & LOGICAL CHANNELS

GSM Channels. Physical & Logical Channels. Traffic and Control Mutltiframing. Frame Structure

Ch GSM PENN. Magda El Zarki - Tcom Spring 98

GSM GSM TECHNICAL July 1996 SPECIFICATION Version 5.1.0

GSM LOGICAL CHANNELS

Coverage measurement systems. Radio Network Analyzer R&S TSMU. Interferences a frequent impairment in radio networks

RELEASE NOTE. Recc)mmendation GSM Previously distributed version :3.7.0 ( Updated Release 1/90

Frequency [MHz] ! " # $ %& &'( " Use top & bottom as additional guard. guard band. Giuseppe Bianchi DOWNLINK BS MS UPLINK MS BS

Keysight Technologies Testing Mobile Station Cell Transitions and Handovers. Application Note

Global System for Mobile Communication (GSM)

GSM BASICS GSM HISTORY:

Global System for Mobile Communications (GSM)

GSM System. Global System for Mobile Communications

GSM Network and Services

GSM GSM TECHNICAL May 1996 SPECIFICATION Version 5.0.0

PW1 Monitoring a GSM network with a trace mobile

9.1 Introduction. 9.2 Roaming

GSM Radio Part 1: Physical Channel Structure

Evaluating GSM A5/1 security on hopping channels

Optimization. Log File Analysis GSM

GSM and Similar Architectures Lesson 07 GSM Radio Interface, Data bursts and Interleaving

CS Cellular and Mobile Network Security: GSM - In Detail

GSM VOICE CAPACITY EVOLUTION WITH VAMOS Strategic White Paper

Implementation of Mobile Measurement-based Frequency Planning in GSM

GSM - Global System for Mobile Communications

MicroNet dual band IMSI and IMEI catcher

How To Make A Cell Phone Network More Efficient

RADIUS. Brief brochure. Product Purpose

Voice services over Adaptive Multi-user Orthogonal Sub channels An Insight

Handoff in GSM/GPRS Cellular Systems. Avi Freedman Hexagon System Engineering

MRN 6 GSM part 1. Politecnico di Milano Facoltà di Ingegneria dell Informazione. Mobile Radio Networks Prof. Antonio Capone

How To Understand The Gsm And Mts Mobile Network Evolution

GSM Databases. Virginia Location Area HLR Vienna Cell Virginia BSC. Virginia MSC VLR

The GSM and GPRS network T /301

GSM Network and Services

CS263: Wireless Communications and Sensor Networks

SPYTEC 3000 The system for GSM communication monitoring

An investigation into the claims of IMSI catchers use in Oslo in late Centre for Resilient Networks and Applications Simula Research Laboratory

GSM GPRS. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides)

Global System for Mobile Communication Technology

GSM GSM TECHNICAL May 1996 SPECIFICATION Version 5.0.0

Mobile Communications TCS 455

GSM Architecture and Interfaces

General Packet Radio Service (GPRS): Mobility- and Session Management

2G/3G Mobile Communication Systems

Chapter 6 Wireless and Mobile Networks

GSM Air Interface & Network Planning

Location management Need Frequency Location updating

Dimensioning, configuration and deployment of Radio Access Networks. Lecture 2.1: Voice in GSM

3GPP Wireless Standard

Wireless Cellular Networks: 1G and 2G

ETSI TS V6.5.0 ( )

ASR 5x00 Series SGSN Authentication and PTMSI Reallocation Best Practices

Wireless Access of GSM

Attenuation (amplitude of the wave loses strength thereby the signal power) Refraction Reflection Shadowing Scattering Diffraction

GSM Frequency Planning with Band Segregation for the Broadcast Channel Carriers

Mobile Services (ST 2010)

Sierra Wireless AirCard Watcher Help for Mac OS X

Dimensioning and Deployment of GSM Networks

NTT DOCOMO Technical Journal. Core Network Infrastructure and Congestion Control Technology for M2M Communications

Wireless Networks. Reading: Sec5on 2.8. COS 461: Computer Networks Spring Mike Freedman

RESOURCE ALLOCATION FOR INTERACTIVE TRAFFIC CLASS OVER GPRS

Mobile Computing. Basic Call Calling terminal Network Called terminal 10/25/14. Public Switched Telephone Network - PSTN. CSE 40814/60814 Fall 2014

PART 4 GSM Radio Interface

2.0 System Description

Yu.M. Tulyakov, D.Ye. Shakarov, A.A. Kalashnikov. Keywords: Data broadcasting, cellular mobile systems, WCDMA, GSM.

2 System introduction

Nokia Siemens Networks LTE 1800 MHz Introducing LTE with maximum reuse of GSM assets

Architecture Overview NCHU CSE LTE - 1

CMU200: 2 2,5 Generation of Mobile Communication Systems GSM / GPRS / EGPRS. 2 MAR Re 1 1 CMU 200 GSM / GPRS / EGPRS

Basic Network Design

Interpreting the Information Element C/I

Wireless Phone GSM tracking. Denis Foo Kune, John Koelndorfer, Nick Hopper, Yongdae Kim

Mobility and cellular networks

Π1: Wireless Communication Systems

CS6956: Wireless and Mobile Networks Lecture Notes: 2/11/2015. IEEE Wireless Local Area Networks (WLANs)

Mobile Communications

Contents VULNERABILITIES OF MOBILE INTERNET (GPRS), 2014

Figure 1: cellular system architecture

Frequently Asked Questions: Home Networking, Wireless Adapters, and Powerline Adapters for the BRAVIA Internet Video Link

The Network Layer Layer 3

The Global System for Mobile communications (GSM) Overview

LoRaWAN. What is it? A technical overview of LoRa and LoRaWAN. Technical Marketing Workgroup 1.0

TEMS Pocket 5.3 Sony Ericsson K800i. User s Manual

Wireless Mobile Telephony

Indian Journal of Advances in Computer & Information Engineering Volume.1 Number.1 January-June 2013, Academic Research Journals.

GSM frequency planning

User Guide for Network Monitoring Menu EGSM900 DCS1800 PCS1900

Cisco IP Phone System Basic Features Model 7940 Durham, NC

Wireless systems GSM Simon Sörman

Firmware version: 1.10 Issue: 7 AUTODIALER GD30.2. Instruction Manual

Lecture 1. Introduction to Wireless Communications 1

GSM Network Architecture, Channelisation, Signalling and Call Processing

Rev GSM base station. Installation instructions

How To Use An Adh8012 Gsm Gprs Module With A Gsm (Gsm) Gpros (Gsp) Gpls (Geo) Gsp (Gpl) Gs

CS Cellular and Mobile Network Security: CDMA/UMTS Air Interface

NETWORK AND RF PLANNING

Scanning with Sony Ericsson TEMS Phones. Technical Paper

GSM Gateway Function Overview

Transcription:

Using TEMS Pocket Johan Montelius Introduction In this laboration you will get acquainted with the TEMS Pocket tool. You will examine both the Monaco network and a commercial network. Since this is your first laboration and we have not talked about the details during lectures yet, much of the information will look like Greek (unless you master Greek in which case it will look like some other incomprehensible language). Don t worry, we will go through the details during lectures as we proceed. 1 Getting started TEMS is a tool used to examine the performance of a mobile network from the mobile stations point of view. There are of course allot of statistics that can be gathered form the network it self but some information is only available or best collected using a mobile terminal. TEMS can be operated in two modes: either using Pocket which is operated using only the mobile or, connecting the mobile to a PC and logging all traffic for later examination. In this laboration you will use the Pocket tool and examine the Monaco network. To start the laboration you should have a T68 TEMS phone with a SIM card for the Monaco network. The IMSI number of the cards is written on the card and from this you can derive your MSISDN which is +4917299100xx where xx is the two last digits on your SIM card. Turn the phone on and try to call another group. If you see a lot of strange figures when you turn on the phone press the options key (below the YES button) and select Pocket View Off. You should also make sure that GPRS is properly configured. Create a data GPRS account called Monaco using the APN apn01.ericsson.com, no user name nor password. Also create a WAP profile that used the created account and the WAP gateway 192.168.186.100. Try to access a WAP site (wap.svd.se for example). You could also, from the options menu, choose Pocket View Help. This will give you a hint of what the figures in each display means. 2 A first look You re now ready to turn on Pocket. Press the options key and select Pocket View On. You should now see the first screen Serving Cell 1 with the basic information about the mobile network that you re connected 1

to. If you use the navigation button you can switch to different pages (twelve in total) even more cryptic names and content but we will start by looking at the Serving Cell. 2.1 Serving Cell The B in the beginning of the first row means that the row is the information of the broadcast control channel (BCCH). This is logical channel that the mobile is currently listening to for information of the network or paging messages. The numbers to the right of the B are carrier number (or the Absolute Radio Frequency Channel Number - ARFCN), the Base Station Identity Code (BSIC) and, the received signal strength in dbm. All carriers in the GSM spectrum are numbered by the ARFCN. The numbers 1-124 are used in the 900-band, 512-885 in the 1800-band. If you know the ARFCN you can calculate exactly which frequency that is used. One interesting thing to observe is if the frequency used is in the 900-band or the 1800-band. The BSIC consist of a 3-bit Network Color Code (NCC) and a 3-bit Base Transceiver Station Color Code (BCC). These codes are only internal to a mobile operator and a BSIC does not uniquely identify a base station. However base stations in range of each other that uses the same frequencies must have different color codes. This means that operators need to synchronize their BSIC values close to national borders where they are in range of another operator using the same frequencies. The received signal strength should between -60dBm and -90dBm. If it s above -70dBm the signal strength is very good while below -90dBm is poor. The network can set a limit on how weak a signal could be while still allow a mobile to attach to the system but this limit is normally set to less than -100dBm. When you later take a walk you will check this figure to examine how the signal strength varies depending on your location. The third line shows the Carrier to Interference ratio (C/I) of the current active channel in db. In idle mode this mean that it shows the value for the channel indicated by the first row. If we set up a call the value will pertain to the traffic channel that we are using. We will get back to this row later since it will show more information once we have a traffic channel in operation. On the fourth line we have a two figures 10/10 or similar. This is the Downlink Signaling Failure Counter (DSC), the current value and the max value. When a signaling packet is successfully received on the broadcasting channel the counter is incremented by one (but never above the max value). When a signaling packet is lost the current value is decremented with four. If the current value reaches 0 it s high time to perform a cell re-selection. You could check this value later when you take a walk. 2

2.2 Mobile Network Codes In the two last rows on the screen you will see the Mobile Country Code (MCC) which is 240 for Sweden and the Mobile Network Code (MNC) which we have chosen to be 98. The last figure on the row is the Location Area Code (LAC). The last row shows the Routing Area Code (RA) and the Cell Identity (CI). The routing area code is used for GPRS and divides the location area into smaller sections. The cell identity is used by the Serving GPRS Support Node (SGSN) to identify the cell used by a GPRS terminal. 2.3 The Neighborhood Switching to the second page we will take a look at the Neighbor List. This page is for our network utterly boring since we do not have any neighbors. There is only one dummy neighbor defined and since this neighbor is only in our minds it does not transmit with very high power. If you have your own SIM card you can switch cards and look at a real network. A real network will list six neighbors giving their frequency numbers (ARFCN), Base Station Identity Codes (BSIC) and, receiving signal strength. Note that the mobile is probably listening to the strongest signal (the first row) but that is probably has several base stations to select from. The following page, the Cell Selection page is the same set of neighbors but now ranked according to the Path Loss Criterion and Cell Reselection Criterion. The path loss criterion is a better value to watch when doing a cell selection, the reason is that is take into account not only the receiving signal strength but also the required signal strength to connect to the cell and the maximal transmitting power allowed. To complicate matters even further the Cell Reselection Criterion is the value that is actually used when the cells are compared. The re-selection criterion is very similar and often identical to the cell selection value. The re-selection criteria however also weigh in a time factor to avoid selecting string cells that have only been visible for a short time. A penalty could also be given by the network to prevent mobiles from selecting certain cells such as macro cells that should be reserved for fast moving terminals. If you want to learn the details study TS 23.022. 2.4 The current channel Page number four show similar selection criteria using GPRS information and page five is a collection of the six strongest neighbors. The sixth page, Current Channel gives us a little bit more information about the broadcasting channel. The two first rows are only shown when the phone is idle. The first row shows: 3

the Common Control Channel (CCCH) configuration, a 0 means that we have one CCCH that is not combined with any Stand-alone Dedicated Control Channel (SDCCH), a 1 means that the CCCH is combined with a SDCCH BS-PA-MFRMS, the numbers of multiframes between paging groups (2-9), this is for how long the mobile has to wait in between paging messages from the network BS-AG-BLKS-RES, the number of Common Control Channel (CCCH) blocks (0-7) that are reserved for the Access Grant Channel (AGCH) if attach and detach is enabled (0/1) The second row shows: MT-TXPWR-MAX-CCH, the maximum power (in dbm) the mobile is allowed to use when performing a random access RXLEV-ACESS-MIN, the minimum required signal strength required for accessing the cell T3212, a timer, current/max, that defines when the mobile has to do a location update (not set in the Monaco network) The lower three rows shows the current channel type, which is BCCH if the phone is idle. Set up a call between two phones and see how the phones first switch over to a Stand-alone Dedicated Control Channel (SDCCH) and then over to a Traffic Channel (TCH). The traffic channel will be one of: FR, full-rate voice mode HR, half-rate voice mode EFR, enhanced full-rate voice mode D24,... different kinds of data modes The number after the channel mode is a sub-channel number which is for example needed for half-rate voice mode. Notice that the two phones can have different voice modes, one can be in full-rate and the other in half-rate. The voice mode is only valid between the mobile phone and the Transceiver Rate Adaption Unit (TRAU) which will recode the voice into a 64kps voice stream. The two lowest low show information for frequency hopping or ciphering. This is not used in the Monaco network at the moment but if you insert an operator SIM card you will be able to discover which frequency hopping patter and ciphering algorithms that are used. 4

2.5 Paging and random access Moving on to the next page we find information about the paging and random access channels. The first row shows: the Common Control Channel (CCCH) group the paging multiframe group the paging block index These entries will become clear once we learn about paging of mobiles for incoming call. The next two lines show the Temporary Mobile Subscriber Identity (TMSI) and Packet Temporary Mobile Subscriber Identity (PTMSI). These are temporary addresses used by the network when identifying a subscriber. These numbers can change and are partly there to hide the true identity of subscribers. The five figures in the middle shows information that is related to the random access channel, how many retransmissions are allowed (third figure) and number of re-transmissions performed in the last attempt (fourth figure). 2.6 More on the current cell Pages eight and nine show more information about which frequencies are used by the current cell, the CA List, and which are used by neighboring cells, the BA list. In the Monaco network the CA list should show two entries since we have a base station with one cell that uses two frequencies (1 and 4). In a large network you would typically see more entries especially in urban environment. 2.7 GPRS information The following two pages are related to GPRS traffic and we will not go in to them on this laboration. But if you do some waping you will see that your are allocated a IP number. 2.8 The last page The last page shows some Channel/Interference numbers for the carriers that are currently used. In idle mode this is only the value of the carrier of Broadcasting Control Channel but in dedicated mode it could show several carriers that are used in a frequency hopping scheme. 5

3 Take a walk Ok, so let s take a walk. Remember to be back well in time for the next group. Also before you go make a phone call to another group so you have their phone number stored in the mobile. 3.1 The Monaco network You use a Monaco SIM card, walk through the building and toward Kista IP. Since we only have one base station the mobile will be forced to talk to this station and can not switch over to any alternative stations (you could force the TEMS phone to lock on station if you want). Observe the signals strength on page one and how it changes in the building. The base station is on the roof so try go down in the garage to observe some low values. If values get low check the Downlink Signaling Failure Counter (page one fourth row). Does it move? Now set up a call to the other group and observe the information on the first page. You will see how a signaling channel is first allocated and then how a traffic channel is set up once the call is connected. If you keep the call open the second row shows information about the traffic channel. The third figure is the time slot that you are using (if we all make calls it will get crowded but it should work). The last figure in that row shows the transmit power in dbm. The power level should change as conditions changes but I don t know if this is turned on properly. The third row shows the channel to interference ratio, it should show good values since we do not have any other base station transmitting in the same frequency band anywhere near Kista. When you walk toward Kista IP you will notice how the signal gets weaker but you have to walk very far to get our of range of the base station. One figure to keep track on is the Timing Advance information that is shown on the first page during a call. It s the first figure on the fourth row, inside the Forum building it will show 0 but as you get close to Kista IP it will turn to 1. Can you walk far enough to get a timing advance of 2? 3.2 A commercial network If you have SIM card from one of the real operators you can plug it in and examine their network. You will see a lot more base stations and if you set up a call you will see how they use frequency hopping to provide better signal quality. If you walk through Kista you can keep your eyes on the broadcast control channel shown on the first page. As the signal strength of the carrier get lower the terminal will choose another carrier to camp on. If you take 6

the terminal on a sub-way ride you will see how it does locations updates but there is no time for this today. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information