This files shows how to create and send packets using scapy gsm-um addon. The
packets are taken out of [0]. The frames number at the top of each example are
a reference to the pcap capture.

                                                         +-------------------+
                                                         |- Examples         |
                   Scapy GSM um Addon                    |- Sending messages |
                   ==================                    |- Contact          |
                                                         +-------------------+
        
- Examples:
  ---------

Frame 28
>>> a=immediateAssignment()
>>> a.channelTyp=12; a.tn=2; tsc=6; a.h=1; a.hsn=41; a.tsc=6; a.t1=4
>>> a.t2=0xf; a.t3Lo=1; a.ra=0x49; a.timingVal=1; a.maC64=0x;
>>> a.l2pLength=12
>>> hexdump(a)
0000   31 06 3F 00 62 D0 29 49  20 2F 01 01 03            1.?.b.)I /...

Frame 34
>>> a=cmServiceRequest()
>>> a.keySeq=3; a.serviceType=1
>>> a.revisionLvl=1; a.esInd=1; a.rfPowerCap=3; a.ssScreenInd=1;
>>> a.smCaPabi=1; a.fc=1; a.cm3=1; a.a52=1; a.idDigit1=0xf;
>>> a.idDigit2_1=2; a.idDigit2=0xe; a.idDigit3_1=4; a.idDigit3=8;
>>> a.idDigit4_1=4; a.idDigit4=1; a.idDigit5_1=1; a.idDigit5=5;
>>> hexdump(a)
0000   05 24 31 03 33 19 81 05  F4 2E 48 41 15            .$..3.....HA.

Frame 35
>>> a=classmarkChange(MobileStationClassmark3_presence=1)
>>> a.revisionLvl=1; a.esInd=1; a.rfPowerCap=3; a.ssScreenInd=1
>>> a.smCaPabi=1; a.fc=1; a.cm3=1; a.a52=1; a.byte2=0x60; a.byte3=0x14
>>> hexdump(a)
0000   06 16 03 33 19 81 20 60  14 00 00 00 00 00 00 00   ...3.. `........
0010   00 00 00 00                                        ....

Frame 36
>>> a=cipheringModeCommand()
>>> a.sc=1; a.cr=1
>>> hexdump(a)
0000   06 35 00 11                                        .5..

Frame 39
>>> a=releaseCompleteMsToNet(Cause_presence=1)
>>> a.codingStd=3; a.ext2=1; a.causeValue=16
>>> a.mesType=0x6a # due to the sequence number we need to change this
>>> hexdump(a)
0000   03 6A 08 02 E0 90                                  .j....

Frame 40
>>> a=cipheringModeComplete(MobileId_presence=1)
>>> a.idDigit1=3; a.typeOfId=3
>>> a.idDigit2_1=0; a.idDigit2=5; a.idDigit3_1=3; a.idDigit3=1
>>> a.idDigit4_1=2; a.idDigit4=7; a.idDigit5_1=6; a.idDigit5=0
>>> a.idDigit6_1=4;a.idDigit6=5;
>>> a.idDigit7_1=5;a.idDigit7=6; a.idDigit8_1=1;  a.idDigit8=4
>>> a.idDigit9_1=0xf; a.idDigit9=0
>>> hexdump(a)
0000   06 32 17 09 33 05 31 27  60 45 56 14 F0            .2..3.1'`EV..

Frame 45
>>> a=tmsiReallocationCommand()
>>> a.oddEven=1
>>> a.typeOfId=4
>>> a.idDigit2_1=2; a.idDigit2=0xe; a.idDigit3_1=4; a.idDigit3=8 ;
>>> a.idDigit4_1=0xe ; a.idDigit4=5 ; a.idDigit5_1=e ; a.idDigit5=0
>>> a.mccDigit2=0x4; a.mccDigit1=2; a.mccDigit3=6; a.mncDigit1=0
>>> a.mncDigit3=0xf; a.mncDigit2=0x3; a.lac1=0x0; a.lac2=0x4
>>> a.idDigit1=0xf; a.oddEven=0
>>> hexdump(a)
0000   05 1A 42 F6 30 00 04 05  F4 2E 48 E5 E0            ..B.0.....H..

Frame 47
>>> a=callProceeding()
>>> a.ti=8
>>> hexdump(a)
0000   83 02                                              ..

Frame 48
>>> a=tmsiReallocationComplete()
>>> hexdump(a)
0000   05 1B                                              ..

Frame 51
>>> a=immediateAssignment()
>>> a.tsc=6; a.tn=5; a.channelTyp=1; a.codingStd=3;
>>> a.location=0xa; a.progressDesc=8; a.arfcnLow=0xff
>>> a.arfcnHigh=3; a.powerLvl=5
>>> hexdump(a)
0000   06 2E 0D C3 FF 05                                  ......

Frame 55
>>> a=assignmentComplete()
>>> hexdump(a)
0000   06 29 00                                           .).

Frame 60
>>> a=progress()
>>> a.ti=8; a.codingStd=3; a.location=0xa; a.progressDesc=8
>>> hexdump(a)
0000   83 03 02 EA 88                                     .....

Frame 65
>>> a=alertingNetToMs(ProgressIndicator_presence=1)
>>> a.ti=8; a.codingStd=3; a.location=0xa; a.progressDesc=8
>>> hexdump(a)
0000   83 01 1E 02 EA 88                                  ......

Frame 68
>>> a=connectNetToMs()
>>> a.ti=8
>>> hexdump(a)
0000   83 07                                              ..

Frame 70
>>> a=connectAcknowledge()
>>> a.mesType=0x4f
>>> hexdump(a)
0000   03 4F                                              .O

Frame 88
>>> a=disconnectMsToNet()
>>> a.codingStd=3; a.ext2=1; a.causeValue=16
>>> hexdump(a)
0000   03 25 02 E0 90                                     .%...

Frame 90
>>> a=systemInformationType6()
>>> a.ciValue1=0x40; a.ciValue2=0x5c
>>> a.mccDigit2=4; a.mccDigit1=2; a.mncDigit3=0xf; a.mccDigit3=6;
>>> a.mncDigit2=3; a.mncDigit1=0; a.lac1=0; a.lac2=4
>>> a.l2pLength=11; a.nccPerm=0xc; a.dtx=1; a.rLinkTout=4
>>> hexdump(a)
0000   2D 06 1e 40 5C 42 F6 30  00 04 14 0C               -.6@\B.0....

Frame 91
>>> a=releaseNetToMs()
>>> a.ti=8; a.codingStd=3; a.ext2=1; a.causeValue=16
>>> hexdump(a)
0000   83 2D 08 02 E0 90                                  .-....

Frame 94
>>> a=measurementReport()
>>> a.baUsed=1; a.dtxUsed=1; a.rxLevFull=39;
>>> a.noNcellHi=1; a.rxlevC1=38;
>>> a.bcchC1=4; a.bsicC1Hi=2; a.rxlevC2=18;
>>> a.bsicC1Hi=1; a.bsicC3Lo=1; a.bsicC3Hi=3;
>>> a.bcchC5Hi=10; a.bsicC6=29; a.bsicC5=18; a.bcchC6Hi=2;
>>> a.rxlevC6Lo=18; a.bcchC6Lo=2; a.bcchC6Hi=2;
>>> a.rxlevC5Lo=3; a.rxlevC5Hi=1; a.bsicC4=25;
>>> a.bcchC4=0xa; a.bcchC2=3;
>>> a.bsicC2Lo=0; a.bcchC2=3; a.bsicC1Hi=1;
>>> a.bsicC3Lo=25; a.bsicC1Hi=1; a.bscicC2Hi=6; a.rxLevSub=39;
>>> a.noNcellLo=2; a.rxlevC4Lo=3;
>>> a.rxlevC3Lo=3; a.bcchC3=12; a.bcchC5Hi=3;
>>> a.bsicC1Hi=2; a.bsicC2Hi=1
>>> hexdump(a)
0000   06 15 E7 27 01 A6 22 12  0D 06 D8 CB 6A 65 33 24   ...'..".....je3$
0010   92 5D                                              .]

Frame 129
>>> a=systemInformationType3()
>>> a.mccDigit2=4; a.mccDigit1=2; a.mncDigit3=0xf; a.mccDigit3=6;
>>> a.mncDigit2=3; a.mncDigit1=0; a.lac1=0; a.lac2=04
>>> a.ciValue2=0x5c; a.t3212=0xc8; a.bsPaMfrms=7; a.dtx=1
>>> a.rLinkTout=4; a.cellReselect=4; a.msTxPwrMax=5; a.neci=1;
>>> a.maxRetrans=1; a.txInteger=9; a.re=1; a.byte1=0x80; a.byte5=0x1b
>>> hexdump(a)
0000   49 06 1B 40 5C 42 F6 30  00 04 48 07 C8 14 85 40   I..@\B.0..H....@
0010   65 00 00 80 00 00 00 1B                            e.......

Frame 158
>>> a=pagingRequestType1()
>>> a.idDigit1=0xf; a.l2pLength=5
>>> hexdump(a)
0000   15 06 21 00 01 F0                                  ..!...

Frame 168
>>> a=pagingRequestType1()
>>> a.idDigit1=0xf; a.typeOfId=4; a.idDigit2_1=0x2; a.idDigit2=0xe
>>> a.idDigit3_1=4; a.idDigit3=8; a.idDigit4=0xd; a.idDigit5=0xf
>>> a.l2pLength=9
>>> hexdump(a)
0000   25 06 21 00 05 F4 2E 48  0D 0F                     %.!....H..

Frame 179
>>> a=systemInformationType4()
>>> a.maxRetrans=1; a.txInteger=0x9; a.cellBarrAccess=0x0; a.re=1
>>> a.cellReselect=0x4; a.msTxPwrMax=0x5; a.neci=1; a.rxlenAccMin=0
>>> a.lac1=0x0; a.lac2=0x4; a.mccDigit2=0x4; a.mccDigit1=0x2
>>> a.mncDigit3=0xf; a.mccDigit3=0x3; a.l2pLength=12
>>> hexdump(a)
0000   31 06 1C 42 F6 30 00 04  85 40 65 00 00            1..B.0...@e..

Frame 179
>>> a=systemInformationType4()
>>> a.maxRetrans=1; a.txInteger=0x9; a.cellBarrAccess=0x0; a.re=1
>>> a.cellReselect=0x4; a.msTxPwrMax=0x5; a.neci=1; a.rxlenAccMin=0
>>> a.lac1=0x0; a.lac2=0x4; a.mccDigit2=0x4; a.mccDigit1=0x2
>>> a.mncDigit3=0xf; a.mccDigit3=0x3; a.l2pLength=12
>>> hexdump(a)
0000   31 06 1C 42 F6 30 00 04  85 40 65 00 00            1..B.0...@e..

[0]: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=gsm_call_1525.xml


- Sending messages:
  -----------------
Use the sendum() method. It provides 3 ways to send messages over your prefered hardware.
  * method 1:
    UDP Socket (use parameter 0 (default)) Default port is 28670 (default for OpenBTS).
  * method 2:
    Unix Domain Socket (use parameter 1) Default file '/tmp/osmoL'.
  * method 3:
    TCP Socket (use parameter 2) Default port is 43797.

Example: 
>>> sendum(systemInformationType4(),1) 
if you want to send your layer3 message over a Unix Domain Socket.


- Contact:
  --------
Bugs, feedback: <k@0xbadcab1e.lu>