Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Phreaking Technical System Info :: netsig.txt

Network Signaling




-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Network Signalling ]:::[OO--[ by shadowx ]--[  ]:::::::::::::::::::
-->[OO]:::::::::::::::::::::::::::::::[  ]:::::::::::::::::::::::::::::::::::

                 Signalling Between your Phone 
                      and the Network

                        By Shadow-x               

                  ~~~~~~~~~~~~~~~~~~~~~

   So you pick up your phone dial the number and your call is connected,
but how does the information get sent from your phone to the network in 
the first place?
   Call setup information can only be sent within the bandwidth 
restrictions established for voice communications. This means that any
signalling between telephone set and the telephone network must happen 
within the frequency confines of the 4,000 Hz bandwidth restrictions.

	Excuse the crap ascii art, 


In Band Signalling  
| <---------------><------> Out of Band Signalling
|__________________________> Hz
  ^               ^       ^
300             3,300    4,000        

Signalling information sent as tones or pulses within the standard 
voice bandwidth are called in band signals, where those sent at 
frequencies outside of the standard frequency range are called out of 
band signals. The reason the CCITT5 telephone system was so heavily abused
was because it allowed its trunks to be seized through in band signalling.
So tones used to set up calls at the local exchange could be made from 
any regular phone, allowing any phone phreak with a blue box to create the
tones to gain as much control over the line as the local operator. On the
modern C7 system all this is done in the out of bandwidth area.
   As the network is an electrical device it requires a closed, or 
continuous path over which current can flow between the network and your
phone (aka your phone line). When an electrical switch is opened, the path
is broken and no current can flow so electrical power stops. When the
electrical switch is closed, current can now flow over the continuous path
and electrical power is available. 
   It is this presence of electrical current that provides the initial 
signalling to the telephone network that a caller wants to place a telephone 
call. When the telephone receiver is resting in the cradle of the telephone 
set the switch hook is depressed which opens the path for current flow from
the telephone network and no current is allowed to flow, this is referred
to as the 'on hook position'.
   When the receiver is lifted, the switch hook button is released and the 
path for current from the telephone network is completed, which is referred
to as the 'off hook' position. Power for your phone line is now supplied
from a battery located at the central office. The electric current now
flowing from the central office to your line is known as the
loop current. This loop of wire that extends from the central office to the
customers line and back to the central office is referred to as the local 
loop.


			Switch hook
************      *****                  ***********
*telephones*------*-\-*------------------*Central  *
*electronic*      *   * Tip & Ring       *Office   *
*components*------*-\-*------------------*(battery)*  
************      *****                  ***********
                 (this switch is closed
                 when the receiver is
                 off hook)

When the telephone network detects the flow of loop current to the 
telephone set, it sends a tone down the line to the telephone set
receiver which is referred to as the 'dial tone'. This is a notification
from the network to let you know that it is ready to receive your dialing 
instructions. The dial tone is actually a combination of 350hz and 440hz 
sine waves (for all of you with blue beep). These frequencies are both
within the 4,000 hz voice bandwidth. 

so what about the dialing mechanism for the phone?

The old method used on some of the older phones and networks for dialing
was rotary dialing also known as pulse dialing which sends a number of 
electrical pulses down the telephone line equal to the number dialed. So
if the number 3 was dialed the connection between your phone set and the
central office would open and close 3 times. For some messed up reason 
some people seem to get the idea that if they tap out the numbers on the
switch hook of their DTMF phone they get free calls because they didn't
actually dial any numbers but all they are doing is pulse dialing.
   To keep the network from interpreting the opening/closing of the dial 
pulse as being a depressed switch hook, specific timing restrictions are 
placed on pulses and valid switch hook flashes. A rotary phone generates up
to 10 pulses per second, with each pulse around 1/20th of a second in 
duration and around 1/20th of a second time delay between pulses. The 
network also expects around a 7/10th of a second delay between the different
digits dialed. 
   A valid flashing of the switch hook must see the connection open for a 
specific period of time known as a hook flash.

   The method above was quite slow and time consuming and so a new method
of dialing using tones instead of pulses was developed. As you all know 
DTMF dialing uses a keypad with 12 buttons for input. Each row and column
of the keypad corresponds to a certain tone and creates a specific 
frequency. Each button lies at the intersection of two tones. When the 
button is pressed, the two tones are generated by the telephone set and 
sent over the local loop connection to the central office, which can read 
the different tones and understand which number out of the millions in the 
world you are trying to connect to. 

The DTMF dialing pad:


	  1209hz    1336hz    1477hz

697hz     1          2        3     

770hz     4	         5        6

852hz     7          8        9

941hz     *          0        #


 2 = 697hz + 1336hz

For example pressing the number 2, simultaneously generates both an 697hz and 1336hz 
tone. These tones are sent over the local loop and received by the central
office switching equipment. Since multiple frequency's are available 
and pressing a key generates a specific dual tone combination this type
of dialing is known as dual tone multiple frequency (DTMF) dialing.

 Anyway thats the basics of it, later .....



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH