helo,
i was playing with N900, i installed debian and wireshark. It is possible to sniff from phonet0 interface but output is hard to understandmfor me, so i have couple of questions:
does n900 really sniff gsm traffic. If it does, can I see all traffic somehow (I mean kind of monitor mode for gsm) or I'm limited to traffic of my IMEI?

do you know any application suitable to read such output. If it is encrypted does any bruteforcer or other cracker exist?

Sory for possibly stupid first post but I have limited knowledge about gsm.

I was wondering the same thing, hopefully someone will chime in...

Wireshark will only be able to sniff packets going to and from your phone via the data connection. I don't expect you will see any GSM specific packets, since that's all handled by the base band. If you turn off data services the interface will go down and you won't be able to attach to any interface.

You will definitely not receive packets intended for other phones.

As far as i can see there are two gsm interfaces:
gprs0 - it is data transmission
phonet0 - I'm capturing something here when gprs connection is disabled and i'm getting or reciving sms (haven't try calls)

Wireshark is not recognizing the protocol, instead it identifies it as here http://wiki.wireshark.org/SLL
At info section there are 2 types of packets:
1)Unicast to us
2)Sent by us

and of course some hexadecimal value.
I'm guessing that it can see gsm probably encrypted packets (I have read that encryption is weak somewhere)

So do you have any idea how to make those packets more human-readable?

Indeed the phonet0 interface does show stuff scrolling by using Wireshark or Tcpdump, but as hardkorek stated, the data does not seem human-readable (except for the name of the mobile operator appearing in clear text in the hex dump).

Anyone's input is appreciated.

You are seeing the "Phonet" protocol that Nokia uses for controlling the GSM software in the phone side of the device from the computer side of the device. You are not seeing GSM messages themselves -- just commands the computer sends to the GSM processor to do things for it (like send an SMS, or set up a data session, or switch networks or tell it about the current cell). For those who remember modems, it is like the AT commands a computer uses to control a modem.

As far as I know, Phonet is not documented and is proprietary to Nokia. It is unlikely you can do much with it that is not exposed using more convenient interfaces (such as the DBus interface to CSD). I am quite sure you can't use it to interact directly with the GSM network, although you may well be able to use it to crash the phone side of the device.

Graham

The last post by Graham Cobb was most useful.

Now, if we could only figure out the proprietary Phonet system system, or how it communicates with the GSM module that would be great...

Any thoughts?

http://ofono.org/

The web site listed above (http://ofono.org/) looks very interesting, I wonder if there is anything we can use from that site to help understand the N900's GSM communication at a deeper level.

I guess the isi backend for oFono could be of use here.