What's going on inside?

In the spirit of really understanding how the AT&T MicroCell works, I was determined to get inside its inviting white shell. Unfortunately, after doing my homework, I started to get a feel for just how locked down this thing is - and why that's the case. First off, there's no internal status webpage as a diagnostic aide like you'd expect from a cable or DSL modem. Nothing. I searched around comprehensively for anything of the sort; it isn't there. What's surprising is that briefly, at startup, I saw nmap report ports 23, 80, and 8080 as filtered instead of open or closed, but that doesn't do anyone any good. The device always reports a hostname of "AT&T" and always pulls a DHCP lease at startup. There's no network configuration to speak of, so if you want to configure a static IP, static DHCP assignment is your only route. 
 
Obviously, tech savvy users also are going to want to configure proper port forwarding and QoS rules for prioritizing MicroCell traffic. Unfortunately, documentation here is beyond spartan. There are (no joke) four versions of the users guide floating around. First is the printed copy in box, then there's an AT&T PDF, and finally one in the FCC filing - all of which lack the section on what ports should be forwarded. Curiously, there's another version online that I later found here with the relevant ports (on page 5), but this was after I had already discovered them on my own.
 
Before I stumbled across that real users guide, I was determined to find out how the MicroCell was talking with AT&T and over what ports. I grabbed a second NIC and set myself up in a machine-in-the-middle configuration and started sniffing packets. It's obvious immediately that this thing is locked down tight. After booting, the device grabs a DHCP lease, syncs network time over NTP with 12.230.208.48, and does a DNS query for dpewe.wireless.att.com. After it gets the results, it talks with that server over HTTPS (TLSv1) for a bit, and then immediately fires up an IPsec VPN with 12.230.209.193. After that, there's very little we can see going on - everything happens across that VPN tunnel. 
 
Lots of IPsec traffic and NAT-keepalive
 
The MicroCell uses IPsec with NAT traversal, explaining partly why you don't really have to port forward, but it's still a good idea. In fact, it's during the HTTPS session certificate exchange that we see the only bit of network traffic which would lead us to believe this is a micro, er, femtocell:
 
CPE - Customer Premises Equipment. Also parlance for locked down tight.
 

So those ports that you should forward or prioritize if you're setting up QoS that way? They're here:

Port Description
123/UDP NTP Traffic
443/TCP HTTPS over TLS/SSL for provisioning and management traffic
4500/UDP IPSec NAT Traversal (for all signaling, data, and voice traffic)
500/UDP IPSec Phase 1 prior to NAT detection, after which 4500/UDP is used
Unboxing a Cell Tower Inside The MicroCell: Hardware
POST A COMMENT

63 Comments

View All Comments

  • nimck - Thursday, October 18, 2012 - link

    Does anyone know how to configure the Microcell so that it's in a 'Disabled Mode' during certain hours of the day?? I'd like to lessen the radiation emission. Reply
  • lorace - Thursday, June 19, 2014 - link

    We got the Microcell from AT&T because of poor signal strength. After it started working we were pleasantly surprised to see that our service bars had increased substantially. Now a new problem. We can't get our phones to transmit or received any picture messages. Anyone have an idea how to solve this problem? We called AT&T tech and they were clueless. lorace1@yahoo.com Reply
  • c21cg - Sunday, February 7, 2016 - link

    i have had TWO of these crappy things, been on the phone for 17 months continously with att to get sorry help, have all the light lit up on the cell and NO service... so now what - oh and I even had to upgrade my wifi to satisfy att- hate ATT Reply

Log in

Don't have an account? Sign up now