Jump to content

Capture GSM traffice


Recommended Posts


I am building a solution which would track how people move around in a supermarket by capturing their mobile signal that is continuously exchanged with cell phone towers. I am not interested in reading actual data being transferred. I should be able to detect presence of a GSM cell phone and uniquely identify one signal from the other. I want plot this signal on the map of the supermarket. So i should be able to know the distance and direction of the signal with respect to the detector. What do you suggest is the best way to do this?

Link to comment
Share on other sites

As others have said first thing to do if to run it all past your lawyers before doing anything. The problem you would have with trying to track people via their GSM signals is that the majority of the kit to do that is quite expensive (though the prices are always dropping) and it would require quite a bit of specialist GSM knowledge, e.g. Is there an easy way to identify unique devices without encrypting the GSM signal? Of hand I don't know and would require quite a bit of research to be able to answer confidently.

Bluetooth used to be a very good option for this as everybody seemed to leave their devices as discoverable. These days there are less devices left as discoverable by default (though there is still too many to say that the issue has been truelly resolved).

Wifi would be the method of tracking that I would prefer to use as each packet will have a unique id in it (the MAC address).

As to the best way to track over a set area, you would have to decide how accurate you want to know their position. If you it narrowed down to the exact position then you would struggle. If you just want to narrow it down to a grid of 12 areas or so then you could simply set up 12 nodes (one at the centre of each grid location) listening to all the packets passing by and store a list of those MAC address they have seen and the signal level. A separate server could then poll each node asking for the details of those MACs the node has seen in the last X minutes. It could then simply assign each MAC seen to the node where its signal strength was the highest. Each node wouldn't be expensive, a raspberryPi with a USB wireless adaptor would be more than capable of doing the job.

Link to comment
Share on other sites

Hey Jason,

Thanks for the insight. I have few follow up questions:

1. Regarding tracking using GSM, you mentioned there are certain kits available. Could you point me to few?

2. Regarding tracking using Wifi - How can i make the mobile phone send packets to my tracking node? Do i have to setup a wifi hotspot of mine? And how will i know the signal strength?

Link to comment
Share on other sites

For GSM stuff I would start by looking at GNU Radio, Universal Software Radio Peripheral and OpenBTS.

For the WIFI tracking you wouldn't need to set up a hot spot or make the phone try to contact you. You would be just listen to all the packets being sent as even when the phone isn't connected by WIFI it will be sending broadcasts asking if specific networks are available (unless WIFI is actually turned off on the phone). Kismet would be my first port of call for this, at least at the research/proof of concept stage.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...