Passive IMSI Catcher - ptrkrysik/gr-gsm GitHub Wiki

With grgsm it is possible to passively "catch" IMSI numbers that appear during transmission on a given ARFCN. Please note this is completely passive attack and unlike real IMSI Catcher cannot force mobile phones to reveal its IMSI (and IMEI) numbers through LAC change and forced reauthentication.

First you run livemon on a given ARFCN, for instance:

grgsm_livemon -p 35 -f 935.2M

Then you run tshark with filter "e212.imsi", which filters only decoded packets containing IMSI numbers. This output is then sent through sed and grep to look a little more pretty:

sudo tshark -i lo -Y "e212.imsi" -V 2>&1 | sed 's/^[ \t]*//;s/[ \t]*$//' 2>&1 | grep "IMSI:"

Please note it is recommended to run tshark as non-root user. Please consult tshark manual how to do that.