Hello, I am using a setup consisting of an ip.access nanoBTS (165) and the sysmocom sysmoBSC for detecting and analysing malware on mobile phones. So far, I sniff the IP traffic at the Uplink-Interface and the traffic between the nanoBTS and the sysmoBSC for SMS. Now I want to extend my project and detect calls. When analysing a pcap file I can easily find a call that has been connected by the BSC in the RSL protocol. However, if the call could not be connected (because the dialed number is not in the HLR), I can not find any sign of a connection between BTS and BSC whatsoever. When analysing a new malware, I don't know the number the malware dials, so I can't give the extension to a second phone. I thought the BTS transferred the dialed number to the BSC, the BSC knows the extension doesn't exist and refuses the connection. In which protocol can I find the attempt to connect and the dialed number?
Another solution I thought of was using Asterisk with a softphone that all calls are routed to. Is that possible? Is there any way to use the sysmoBSC with an Asterisk server? I found lots of tutorials on how to use openBSC with Asterisk, but nothing on osmo-nitb+Asterisk and the sysmoBSC. Asterisk would run on a second machine connected to the sysmoBSC of course. Regards, Philip
