The nanoBTS is a range of GSM/2G basetransceiver stations produced by ip.access. An overview of the differen models can be found on the osmocom Wiki. I’ve personally worked with the 139U, 139+, 165AU and 165FM models of which all worked perfectly.

It is important to mention that the 139 range (the round ones) only support GPRS while the 165 range (the square ones) support EDGE.

Acquisition

It seems the nanoBTS is priced at ~$1800. If you’re lucky to find them on eBay they’re offered in price span between $100 and $1500. When buying one, be sure to check the exact model ID on the seller’s pictures and verify that its for the correct frequency band you’re aiming at.

Prior buying one, it is import to check the exact model, as they have fixed frequency bands. As such a single nanoBTS will either support 1800MHz/DCS or 1900MHz/PCS but not both. This can be a highly critical factor depending on your research victim and location. If you need the flexibility, you might want to have a look at the Sysmocom SysmoBTS.

Configuration

Yet again, no need for me to put together instructions, as the osmocom Wiki has them put together nicely.

A note on LED colors

Color	State
Red, perm	no OML IP set
Green, perm	up and running
Orange, flash	seeking OML

Notes

• Watching Wireshark just after connecting a nanoBTS can be very frustrating. You might see the BTS seeking an IP address via DHCP, receiving one and the just carry on asking for an address. This seems to be “usual” behavior
• It can sometimes take up to 5 minutes before the nanoBTS decides to actually accept an IP address via DHCP and become available. even if you see the DHCP ACK, don’t rely on it.
• When setting the OML address and IP address on the nanoBTS via the ipaccess tools, it might take two or three tries. I’ve also had reoccurring problems setting both addresses at the same time.

Images

NanoBTS 139

NanoBTS 165