Network Survey Messaging API 1.5.0

The Network Survey Messaging API defines a set of messages that can be used to describe wireless survey related events. The messages range from cellular surveys such as GSM, CDMA, UMTS, LTE, and NR, to simple RF energy detection events.

NOTE: Despite the name "Network Survey Messaging API", this message specification is not exclusive to the Network Survey Android App. Instead, the Network Survey Android App is just one app that leverages Network Survey Messaging. Therefore, there are messages in this specification that do not apply to the Network Survey Android App (e.g. EnergyDetection).

While the most common use of these messages would be to send to an MQTT broker, this API specification simply defines the message schema. The transport or storage technology employed is purposefully left open to allow for these messages to flow over a variety of transports such as MQTT, gRPC, AMQP, etc. In addition, these messages can be written to disk by writing the JSON strings directly to a file to support unstructured data storage, or in a more structured approach such as a PostgreSQL or SQLite database.

Officially, the message schema support for the Network Survey Messaging API are the JSON defined messages from this document. However, protobuf definitions of these messages have been created as a convenience for a couple of reasons. First, it can make generating the JSON compliant messages easier and also converting the JSON messages to language specific objects. Secondly, it can allow for sending the messages in protocol buffer format instead of JSON if a compressed binary format is needed. It also has the side effect of supporting sending these messages over gRPC if Remote Procedure Call support is of interest. Check out the Network Survey Messaging Github README for more details.

Operations

  • RECEIVE gsm_message

    The gsm_message topic/channel is where GSM survey records can be published. For MQTT, set the MQTT topic as "gsm_message" and then publish a JSON message representing a GSM survey record in the format defined below.

    Operation IDgsm_message

    Accepts the following message:

    GSM Recordpublish.message

    Represents information recorded about a GSM tower at a particular time and geographic location.

    Message IDpublish.message
    object

    Examples

  • RECEIVE cdma_message

    The cdma_message topic/channel is where CDMA survey records can be published. For MQTT, set the MQTT topic as "cdma_message" and then publish a JSON message representing a CDMA survey record in the format defined below.

    Operation IDcdma_message

    Accepts the following message:

    CDMA Recordpublish.message

    Represents information recorded about a CDMA tower at a particular time and geographic location.

    Message IDpublish.message
    object

    Examples

  • RECEIVE umts_message

    The umts_message topic/channel is where UMTS survey records can be published. For MQTT, set the MQTT topic as "umts_message" and then publish a JSON message representing a UMTS survey record in the format defined below.

    Operation IDumts_message

    Accepts the following message:

    UMTS Recordpublish.message

    Represents information recorded about a UMTS NodeB at a particular time and geographic location.

    Message IDpublish.message
    object

    Examples

  • RECEIVE lte_message

    The lte_message topic/channel is where LTE survey records can be published. For MQTT, set the MQTT topic as "lte_message" and then publish a JSON message representing an LTE survey record in the format defined below.

    Operation IDlte_message

    Accepts the following message:

    LTE Recordpublish.message

    Represents information recorded about an LTE eNodeB at a particular time and geographic location.

    Message IDpublish.message
    object

    Examples

  • RECEIVE nr_message

    The nr_message topic/channel is where 5G NR survey records can be published. For MQTT, set the MQTT topic as "nr_message" and then publish a JSON message representing a 5G NR survey record in the format defined below.

    Operation IDnr_message

    Accepts the following message:

    5G NR Recordpublish.message

    Represents information recorded about a 5G NR gNodeB at a particular time and geographic location.

    Message IDpublish.message
    object

    Examples

  • RECEIVE 80211_beacon_message

    The 80211_beacon_message topic/channel is where 802.11 beacon survey records can be published. For MQTT, set the MQTT topic as "80211_beacon_message" and then publish a JSON message representing an 802.11 Access Point survey record in the format defined below.

    Operation ID80211_beacon_message

    Accepts the following message:

    Wi-Fi Beacon Recordpublish.message

    Represents information recorded about an 802.11 Access Point at a particular time and geographic location. 802.11 Beacon frames are sent by Access Points to advertise their existence and to provide all the necessary connection information. This message represents a capture of a single 802.11 Beacon message.

    Message IDpublish.message
    object

    Examples

  • RECEIVE 80211_probe_request_message

    The 80211_probe_request_message topic/channel is where 802.11 probe request survey records can be published. For MQTT, set the MQTT topic as "80211_probe_request_message" and then publish a JSON message representing an 802.11 Probe Request record in the format defined below. Added in 0.9.0

    Operation ID80211_probe_request_message

    Accepts the following message:

    Wi-Fi Probe Request Recordpublish.message

    Represents information recorded about an 802.11 Probe Request at a particular time and geographic location. 802.11 Probe Request frames are sent by clients looking to discover information about an Access Point with a specific SSID. This message represents a capture of a single 802.11 Probe Request message.

    Message IDpublish.message
    object

    Examples

  • RECEIVE 80211_deauthentication_message

    The 80211_deauthentication_message topic/channel is where 802.11 (Wi-Fi) Deauthentication Management Frames can be published. For MQTT, set the MQTT topic as "wifi_deauthentication_message". When a station wants to disassociate from another station, it invokes the deauthentication service. Deauthentication is a notification and cannot be refused. A station performs deauthentication by sending an authentication management frame (or group of frames to multiple stations) to advise of the termination of authentication.

    Operation ID80211_deauthentication_message

    Accepts the following message:

    Wi-Fi Deauthentication Recordpublish.message

    Represents an 802.11 deauthentication management frame. When a station wants to disassociate from another station, it invokes the deauthentication service. Deauthentication is a notification and cannot be refused. A station performs deauthentication by sending an authentication management frame (or group of frames to multiple stations) to advise of the termination of authentication.

    Message IDpublish.message
    object

    Examples

  • RECEIVE 80211_ota_message

    The 80211_ota_message topic/channel is where Over The Air (OTA) 802.11 (Wi-Fi) messages can be published. For MQTT, set the MQTT topic as "wifi_ota_message" and then publish a JSON message representing an OTA WiFi message.

    Operation ID80211_ota_message

    Accepts the following message:

    Wi-Fi Over The Air (OTA) Recordpublish.message

    Represents information recorded about an 802.11 packet recorded at a particular time and geographic location. This message represents a capture of a 802.11 packet in PCAP format.

    Message IDpublish.message
    object

    Examples

  • RECEIVE bluetooth_message

    The bluetooth_message topic/channel is where Bluetooth survey records can be published. For MQTT, set the MQTT topic as "bluetooth_message" and then publish a JSON message representing a Bluetooth survey record in the format defined below.

    Operation IDbluetooth_message

    Accepts the following message:

    Bluetooth Recordpublish.message

    Represents information recorded about a Bluetooth device at a particular time and geographic location. This message represents a capture of a signal Bluetooth frame.

    Message IDpublish.message
    object

    Examples

  • RECEIVE gnss_message

    The gnss_message topic/channel is where GNSS positioning records can be published. For MQTT, set the MQTT topic as "gnss_message" and then publish a JSON message in the format defined below.

    Operation IDgnss_message

    Accepts the following message:

    GNSS Recordpublish.message

    Represents information recorded about a Global Navigation Satellite System (GNSS) at a particular time and geographic location. Each record represents a single navigation message from a single satellite. These individual records are tied together using the group number field.

    Message IDpublish.message
    object

    Examples

  • RECEIVE energy_detection_message

    The energy_detection_message topic/channel is where RF energy detection records can be published. For MQTT, set the MQTT topic as "energy_detection_message" and then publish a JSON message in the format defined below.

    Operation IDenergy_detection_message

    Accepts the following message:

    Energy Detectionpublish.message

    Represents a General Purpose Radio (GPR) Energy Detection event. This survey record represents a general RF/PTT energy detection (i.e. RF energy was detected above a pre-defined threshold).

    Message IDpublish.message
    object

    Examples

  • RECEIVE signal_detection_message

    The signal_detection_message topic/channel is where signal detection records can be published. For MQTT, set the MQTT topic as "signal_detection_message" and then publish a JSON message in the format defined below.

    Operation IDsignal_detection_message

    Accepts the following message:

    Signal Detectionpublish.message

    Represents a General Purpose Radio (GPR) Signal Detection event. This survey record represents RF detections where the modulation and/or signal type could be determined. If both the modulation and signal type are unknown, then use the `energy_detection_message` instead.

    Message IDpublish.message
    object

    Examples

  • RECEIVE device_status_message

    The device_status_message topic/channel is where device status records can be published. This includes both DeviceStatus and PhoneState messages. For MQTT, set the MQTT topic as "device_status_message" and then publish a JSON message in one of the formats defined below.

    Operation IDdevice_status_message

    Accepts one of the following messages:

    • #0Device Statuspublish.message.0

      Represents a status message sent from the device to report its current state or to act as a heartbeat. The interval of this message can vary depending on use case.

      Message IDpublish.message.0
      object

      Examples

    • #1Phone Statepublish.message.1

      Represents the current state of the phone to include information about the currently registered networks. The interval of this message can vary depending on use case, but is typically sent when a change in the phone's state occurs, such as registering to a new network or being rejected from a network.

      Message IDpublish.message.1
      object

      Examples

  • RECEIVE cellular_ota_message

    The cellular_ota_message topic/channel is where Over The Air (OTA) cellular (LTE, UMTS/WCDMA) messages can be published. For MQTT, set the MQTT topic as "cellular_ota_message" and then publish a JSON message representing an OTA Cellular message.

    Operation IDcellular_ota_message

    Accepts one of the following messages:

    • #0GSM RR Signaling OTA Messagepublish.message.0

      Represents a raw GSM RR Signaling message sent Over The Air (OTA) between a GSM BTS and a GSM ME.

      Message IDpublish.message.0
      object

      Examples

    • #1UMTS NAS Messagepublish.message.1

      Represents a raw UMTS NAS message sent Over The Air (OTA) between a UMTS NodeB and a UMTS UE.

      Message IDpublish.message.1
      object

      Examples

    • #2WCDMA RRC OTA Messagepublish.message.2

      Represents a raw WCDMA RRC message sent Over The Air (OTA) between a UMTS NodeB and a UMTS UE.

      Message IDpublish.message.2
      object

      Examples

    • #3LTE RRC OTA Messagepublish.message.3

      Represents a raw LTE RRC message sent Over The Air (OTA) between an LTE eNodeB and an LTE UE.

      Message IDpublish.message.3
      object

      Examples

    • #4LTE NAS Messagepublish.message.4

      Represents a raw LTE NAS message sent Over The Air (OTA) between an LTE eNodeB and an LTE UE.

      Message IDpublish.message.4
      object

      Examples

Messages

  • #1GSM RecordgsmRecord

    Represents information recorded about a GSM tower at a particular time and geographic location.

    Message IDgsmRecord
    object
  • #2CDMA RecordcdmaRecord

    Represents information recorded about a CDMA tower at a particular time and geographic location.

    Message IDcdmaRecord
    object
  • #3UMTS RecordumtsRecord

    Represents information recorded about a UMTS NodeB at a particular time and geographic location.

    Message IDumtsRecord
    object
  • #4LTE RecordlteRecord

    Represents information recorded about an LTE eNodeB at a particular time and geographic location.

    Message IDlteRecord
    object
  • #55G NR RecordnrRecord

    Represents information recorded about a 5G NR gNodeB at a particular time and geographic location.

    Message IDnrRecord
    object
  • #6Wi-Fi Beacon RecordwifiBeaconRecord

    Represents information recorded about an 802.11 Access Point at a particular time and geographic location. 802.11 Beacon frames are sent by Access Points to advertise their existence and to provide all the necessary connection information. This message represents a capture of a single 802.11 Beacon message.

    Message IDwifiBeaconRecord
    object
  • #7Wi-Fi Probe Request RecordwifiProbeRequestRecord

    Represents information recorded about an 802.11 Probe Request at a particular time and geographic location. 802.11 Probe Request frames are sent by clients looking to discover information about an Access Point with a specific SSID. This message represents a capture of a single 802.11 Probe Request message.

    Message IDwifiProbeRequestRecord
    object
  • #8Wi-Fi Deauthentication RecordwifiDeauthenticationRecord

    Represents an 802.11 deauthentication management frame. When a station wants to disassociate from another station, it invokes the deauthentication service. Deauthentication is a notification and cannot be refused. A station performs deauthentication by sending an authentication management frame (or group of frames to multiple stations) to advise of the termination of authentication.

    Message IDwifiDeauthenticationRecord
    object
  • #9Wi-Fi Over The Air (OTA) RecordwifiOtaRecord

    Represents information recorded about an 802.11 packet recorded at a particular time and geographic location. This message represents a capture of a 802.11 packet in PCAP format.

    Message IDwifiOtaRecord
    object
  • #10Bluetooth RecordbluetoothRecord

    Represents information recorded about a Bluetooth device at a particular time and geographic location. This message represents a capture of a signal Bluetooth frame.

    Message IDbluetoothRecord
    object
  • #11GNSS RecordgnssRecord

    Represents information recorded about a Global Navigation Satellite System (GNSS) at a particular time and geographic location. Each record represents a single navigation message from a single satellite. These individual records are tied together using the group number field.

    Message IDgnssRecord
    object
  • #12Energy DetectionenergyDetection

    Represents a General Purpose Radio (GPR) Energy Detection event. This survey record represents a general RF/PTT energy detection (i.e. RF energy was detected above a pre-defined threshold).

    Message IDenergyDetection
    object
  • #13Signal DetectionsignalDetection

    Represents a General Purpose Radio (GPR) Signal Detection event. This survey record represents RF detections where the modulation and/or signal type could be determined. If both the modulation and signal type are unknown, then use the `energy_detection_message` instead.

    Message IDsignalDetection
    object
  • #14Device StatusdeviceStatus

    Represents a status message sent from the device to report its current state or to act as a heartbeat. The interval of this message can vary depending on use case.

    Message IDdeviceStatus
    object
  • #15Phone StatephoneState

    Represents the current state of the phone to include information about the currently registered networks. The interval of this message can vary depending on use case, but is typically sent when a change in the phone's state occurs, such as registering to a new network or being rejected from a network.

    Message IDphoneState
    object
  • #16LTE RRC OTA MessagelteRrc

    Represents a raw LTE RRC message sent Over The Air (OTA) between an LTE eNodeB and an LTE UE.

    Message IDlteRrc
    object
  • #17LTE NAS MessagelteNas

    Represents a raw LTE NAS message sent Over The Air (OTA) between an LTE eNodeB and an LTE UE.

    Message IDlteNas
    object
  • #18UMTS NAS MessageumtsNas

    Represents a raw UMTS NAS message sent Over The Air (OTA) between a UMTS NodeB and a UMTS UE.

    Message IDumtsNas
    object