AT&T 3G MicroCell: A Comprehensive Exploration
by Brian Klug on April 1, 2010 1:55 AM EST- Posted in
- Smartphones
- AT&T
- Microcell Review
- Mobile
What's going on inside?
In the spirit of really understanding how the AT&T MicroCell works, I was determined to get inside its inviting white shell. Unfortunately, after doing my homework, I started to get a feel for just how locked down this thing is - and why that's the case. First off, there's no internal status webpage as a diagnostic aide like you'd expect from a cable or DSL modem. Nothing. I searched around comprehensively for anything of the sort; it isn't there. What's surprising is that briefly, at startup, I saw nmap report ports 23, 80, and 8080 as filtered instead of open or closed, but that doesn't do anyone any good. The device always reports a hostname of "AT&T" and always pulls a DHCP lease at startup. There's no network configuration to speak of, so if you want to configure a static IP, static DHCP assignment is your only route.
Obviously, tech savvy users also are going to want to configure proper port forwarding and QoS rules for prioritizing MicroCell traffic. Unfortunately, documentation here is beyond spartan. There are (no joke) four versions of the users guide floating around. First is the printed copy in box, then there's an AT&T PDF, and finally one in the FCC filing - all of which lack the section on what ports should be forwarded. Curiously, there's another version online that I later found here with the relevant ports (on page 5), but this was after I had already discovered them on my own.
Before I stumbled across that real users guide, I was determined to find out how the MicroCell was talking with AT&T and over what ports. I grabbed a second NIC and set myself up in a machine-in-the-middle configuration and started sniffing packets. It's obvious immediately that this thing is locked down tight. After booting, the device grabs a DHCP lease, syncs network time over NTP with 12.230.208.48, and does a DNS query for dpewe.wireless.att.com. After it gets the results, it talks with that server over HTTPS (TLSv1) for a bit, and then immediately fires up an IPsec VPN with 12.230.209.193. After that, there's very little we can see going on - everything happens across that VPN tunnel.
Lots of IPsec traffic and NAT-keepalive
The MicroCell uses IPsec with NAT traversal, explaining partly why you don't really have to port forward, but it's still a good idea. In fact, it's during the HTTPS session certificate exchange that we see the only bit of network traffic which would lead us to believe this is a micro, er, femtocell:
CPE - Customer Premises Equipment. Also parlance for locked down tight.
So those ports that you should forward or prioritize if you're setting up QoS that way? They're here:
| Port | Description |
| 123/UDP | NTP Traffic |
| 443/TCP | HTTPS over TLS/SSL for provisioning and management traffic |
| 4500/UDP | IPSec NAT Traversal (for all signaling, data, and voice traffic) |
| 500/UDP | IPSec Phase 1 prior to NAT detection, after which 4500/UDP is used |
Facebook
Twitter
RSS
63 Comments
View All Comments
leexgx - Friday, April 2, 2010 - link
the UMA thing looks good idea, seems Way more piratical then these base stations ( http://en.wikipedia.org/wiki/Generic_Access_Networ... ) only ever seen it on blackberry phones thought, only issue i could see with them is if it doe snot work with the wireless router correctly or intermittently out of range of routerjulioromano - Friday, April 2, 2010 - link
Very nice and geeky review.Thanks for all the infos!
Simozene - Friday, April 2, 2010 - link
1. These units need to be very cheap or free for consumers.2. Any minutes or data usage that is routed over this instead of AT&Ts regular network should not be counted towards the limits on your data plan. It's not their network so you should not have to pay for using it.
If those two conditions are met I can see how this could be a very useful product.
sxr7171 - Friday, April 2, 2010 - link
But it's not. It can't even hand off properly.Chrisg331 - Friday, April 2, 2010 - link
1st off, great article. Good methodology as well. Will you be able to test different handsets (Primarily different chipsets/antenna designs to eliminate bias on the dropped calls), possibly test a repeater (as mentioned before) and possibly test data usage pattern(s) for those that may be bandwidth capped on their broadband? Great job. Could really be useful to those looking to ditch landlines.GregHH - Friday, April 2, 2010 - link
In your haste to slam AT&T you neglect to notice that the other cell carriers offer the same type of device. That implies their coverage must not be perfect and all encompassing. Everyone seems to think cell coverage should be ubiquitous whether in a metro area or in the wilderness. I feel good that my area finally got 3G coverage in December of 2010.JKflipflop98 - Saturday, April 3, 2010 - link
So, we're in the future looking back on the past then? Or we're in the past looking towards the current? Oh God, my head's going to explode.ivwshane - Friday, April 2, 2010 - link
There is no required monthly cost. Buy just the microcell and use your existing minutes and data plan. Buy a microcell with a $20 feature and you can have unlimited minutes while using it and you also get a $100 rebate.No one is forcing anyone to buy these, at&t is simply giving it's users a choice, if you want to improve your in home coverage then buy one, otherwise don't.
mikeshady - Saturday, April 3, 2010 - link
So if I understand it correctly the price,$20/month unlimited calling$10/month with AT&T DSL
$0 with AT&T landline.
Will i be able to use it for the unlimited free since i have att landline
mrSHEiK124 - Tuesday, April 6, 2010 - link
Those failed handover videos; that happens ALL OF THE TIME on at&t in the Tampa, FL area. If you're on a highway or main-road and venture off into the boonies, as you get booted off 3G all you can hear is distortion (the handover is successful and the call doesn't drop, but good luck continuing the phone call...) and weird audio artifacts. at&t...more bars in more places.