Abstract

LTE sniffers are important for security and performance analysis because they can passively capture the wireless traffic of users in LTE network. However, existing open-source LTE sniffers have only limited functionality and cannot decode data traffic. This paper introduces LTESNIFFER, the first open-source LTE sniffer that can passively decode both uplink and downlink data traffic. Implementing a sniffer is not trivial because one needs to understand detailed configurations and parameters to successfully decode each user's traffic. Using multiple techniques, we found mechanisms to understand these, which improves our decoding performance. We evaluated the performance of LTESNIFFER on both testbed and commercial network environments. We also compare the performance of LTESNIFFER with AirScope, a popular commercial LTE sniffer. Additionally, LTESNIFFER provides a proof-of-concept API with three functions that can be used for security applications, including identity mapping, identity collecting, and device capability profiling. We release LTESNIFFER as open-source for future research.