LTESniffer: An Open-source LTE Downlink/Uplink Eavesdropper

Abstract

LTE sniffers are important for security and performance analysis because they can passively capture the wireless traffic of users in LTE network. However, existing open-source LTE sniffers have only limited functionality and cannot decode data traffic. This paper introduces \sys, the first open-source LTE sniffer that can passively decode both uplink and downlink data traffic. Implementing a sniffer is not trivial because one needs to understand detailed configurations and parameters to successfully decode each user's traffic. Using multiple techniques, we found mechanisms to understand these, which improves our decoding performance. % To this end, we implement several techniques that leverage our decoding results to enhance the performance. We evaluated the performance of \sys on both testbed and commercial network environments. We also compare the performance of \sys with \airscope, a popular commercial LTE sniffer. Additionally, \sys provides a proof-of-concept API with three functions that can be used for security applications, including identity mapping, identity collecting, and device capability profiling. We release \sys as open-source for future research.