9 (3). Cell Site Analysis Flashcards
What is a cell site?
A cell site is a term for a BTS (Base Transciever Station)
This can be an antenna on a building
or a tower / mast.
BTS can also be called eNodeB (4G network)
What is a Distributed Antenna System (DAS)?
A DAS is when a cell site consists of multiple antenna. Important in terms of cell site analysis because you can often see one Cell ID but different long and lats associated with it.
e.g an arena cell site may have one cell ID but multiple antenna at different locations around the arena each with different lats and longs.
Allows service to be evenly distributed in a densly populated building / area.
What are Cells On Wheels? (COWS)
COWS are cells that can be brought in on wheels so the cell site will provide ad hoc cell service.
e.g. at a concert or an emergency situation where extra bandwidth and capacity is temporary required.
Important in cellsite analysis if COWS have been used temporarily.
Describe the coverage of a BTS within a cell
Each cell is divided into 3 sectors each 120 degrees with the BTS in the middle.
Sometimes named as follows
Sector 1 = Alpha
Sector 2 = Beta
Sector 3 = Gamma
What does UE mean?
User Equipment (also ME or the device).
It is authenticated with the cell site and the network using:
- IMEI (uniquely identifies the ME)
- IMSI (uniquely identifies the USER)
What is the AZIMUTH?
The AZIMUTH refers to the direction that each sector is facing (e.g. N, SW and SE).
What is the alternative to a sectorised cell site?
Not all cells have sectors. Some are omnidirectional cell sites.
This is one antenna with 360 degree coverage (like 5g)
Summarise the history / evolution of Mobile networks
- First Generation 1G.
Analogue - Second Generation 2G
Digital. GSM network, voice & SMS
WAP - limited browsing - Second and a half Generation 2.5 G
Digital. GPRS & EDGE (improved data for web, email and MMS) - Third & Fourth Generation 3G and 4G
Digital. UMTS LTE+, video calls, high speed data, WiMAX, UMB. - 5G
What are the key features of the 1G (First Generation) network?
1G.
-Analogue
- Primarily developed for tramsmission of voice only
What are the key features of 2G (Second Generation) networks?
2G. The process of introuducing standards began in 1982 for a European digital mobile communications network.
Initial began with GSM (Group Special De Mobile). Then became the Global System for Mobile Communications.
-Digital
- Advantages over 1G:
*More efficient use of radio spectrum
* Increased capacity (SMS, MMS).
* Increased Interoperability
* International Roaming
* Increased fraud prevention measures (Device/User
Authentication)
* Increased security measures (Air Interface Encryption)
* Originally developed for circuit switched services (Voice 3.1
Khz)
* Further enhanced to provide packet switched services
(WAP, GPRS, EDGE, web, email etc) - 2.5 G
What is the 3G Network?
Third-generation mobile networks are still in use, but normally, when the superior 4G signal fails. 3G revolutionized mobile connectivity and the capabilities of cell phones. Increased bandwidth meant compared to 2G, 3G was much faster and could transmit greater amounts of data. This means that users could video call, share files, surf the internet, watch TV online, and play games on their mobiles for the first time.
Under 3G, cell phones were no longer just about calling and texting; they were the hub of social connectivity.
3G required a completely new infrastructure.
IMT-2000 standards
Technologies include:
UMTS (Universal Mobile Telecommunications System)
WiMAX
UMB
VOIP
What is 3GPP?
3GPP is assoc with 3G - it is a partnership organisation that sets stanfdards for telecom inductries
What is 3GPP2?
3GPP2 set standards for CDMA.
CDMA was a protocol usedd by Sprint and Verizon (T Mobile and ATNT used GSM protocol)
What technologies came with 4G?
LTE+ (Long Term Evolution)
- gaming and HD video streaming
What about 5G?
5G is also called New Radio (NR).
It is considerably faster and uses less energy
- It will Enable Smart Cities
- Critical for IoT
- Self-driving Vehicles
- New Telecommunications Infrastructure Paid by Telecoms in USA
-In US LEA Pays for Data/Evidence Not Kept in the Regular Course of Business - Multi-access Edge Computing (MEC)
-Move Away from Centralized Network
-Device-to-device (D2D) Communication
-No Telecom Needed
What is the impact of 5G?
- Increased Vehicle-to-Vehicle Communication
-Tesla Cars - Police Vehicles of the Future
- CTIA: Discussed Encrypting the IMSI
What will this mean for Future of Stingrays? (devices used in intel community or LE to ID criminals by capturing the IMSI) - Mobile Connect
-Subscriber Single Sign-On (SSO)
-Log into Multiple Websites & Applications
What is GPRS?
- General Packet Radio Service (GPRS)
- 2000 – Widely Adopted by Cellular Networks
- 2G Mobile Networks
- Packet Switching Protocol for Wireless & Cellular Communication
- Best Effort basis - connectionless - packets could be sent out of sequence. But faster
- Standardized by 3rd Generation Partnership Project (3GPP)
Summarise how a MS (Mobile Station) connects to a cellular network
MS transmits to the BTS selecting the one with strongest signa.(may NOT be the closest) May switch BTS depending on technology. e.g. may connect to one to send SMS but then when you want to video stream it may switch to another.
IT MAY NOT BE THE CLOSEST ANTENNA
The MS selects the BTS not the other way around.
The BTS transmits to the MS simultaneously.
This is Full Duples Communication (FDX) because it is simultaneous in both directions.
What is a Global Cell ID (GCI or eCGI)?
Each BTS has a GLOBAL Cell ID (GCI) or eCGI Globally unique for a particular cell site.
What is an MCC?
Every county has an MCC (mobile Country Code). e.g. US is 310.
List some Mobile Network Operators (MNO)
e.g. in US
AT&T
T-Mobile / Sprint
Verizon
US Cellular
They actually own the infrastructures
What are Mobile Virtual Network Operators (VMNOs)?
Mobile Virtual Network Operators are companies that will use the networks owned by the MNO’s.
What data can we request from the mobile carrier (provider)?
- subscriber records
- Call Detail Records (CDRs)
- Toll records
- propogation Maps (maps of cell sites)
- Device GPS
- Tower or cell dumps
- ping data (real time relative location of a device)
- Pen register (trap and trace) - monitoring calls (not content just numbers)
- title 111 wiretap
- PUK or PUC
- reset voicemail
- cell site identifiers (the cell sites that were invovled in the CDRs)
Carrier request for device location
GPS ping or a cell site ping - cell site shows the BTS but GPS device data will show DEVICE location
- Per Call Measurement Data (PCMD)
True Call
NELOS / LOCDBOR - Timing Advance (TA)
What will subscriber details give us?:
Name
Address
DOB
Device info
Alternative contact details
Payment info
What should you remember about abtaining tower dump info?
It is from a Specific Cell Site(s) so:
* Recommended that You Request one for All Carriers. However….
- Request Can be Made for a Specific Carrier
- Request Can be for a Specific Sector
Different carriers will provide different info but options include:
Cell site location
Azimuth
Antenna height
Antenna beamwidth
List some open sources that helps us analyse cell data
- Numbering Plans
- FreeCarrierLookUp.com
- OpenCellID
- AntennaSearch
- BatchGeo
- Point 2 Point
- FoneFinder
- GSM Arena
- SpyDialer
Some work direct with google earth.
Should always verify the data
What is field test mode?
Soem devices have this. e.g on the iphone it can be accessed by typing 3001#12345#*
This gives a list of the cell that you are connected to under serving cell info includes cell id and other info.
What is PLMN?
Public Land Mobile Network PLMN is essentially the infrastructure that enables mobile devices, such as smartphones and tablets, to connect to a network for services like calls, texts, and internet access.
Each PLMN is uniquely identified by a combination of two codes:
- MCC (Mobile Country Code): Identifies the country of the network.
- MNC (Mobile Network Code): Identifies the specific mobile network within that country.
For example, a PLMN identifier might look like MCC=310 (USA) and MNC=260 (T-Mobile).
Good website to look it up is mcc-mnc.net
What is a PCI (Physical Cell Identity)
Each cell in a NETWORK is assigned a PCI. Only unique on that network.
What is a TAC (when it’s not a Type Allocation Code)?
- TAC (Tracking Area Code)
- Geographic Area
- 21765
What is EARFCN DL?
- EARFCN (E-UTRA Absolute Radio Frequency Channel Number) DL (Down Link)
- 66536
- Band 66
- https://tools.valid8.com/#rf
