newer UEs like Samsung s21 or higher versions, detect and read MIB but not SIB-1 & directly send attach request to network that cause fail to attach. below is trace result:
Frame 2: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 User Datagram Protocol, Src Port: 13337, Dst Port: 4729 GSM TAP Header, ARFCN: 1650 (Downlink), TS: 0, Channel: AGCH (0) Version: 3 Header Length: 28 bytes Payload Type: LTE RRC (13) Time Slot: 0 ..00 0110 0111 0010 = ARFCN: XXXX (removed for Privacy) .0.. .... .... .... = Uplink: 0 0... .... .... .... = PCS band indicator: 0 Signal Level: 0 dBm Signal/Noise Ratio: 0 dB GSM Frame Number: 0 Antenna Number: 0 Sub-Slot: 0 LTE Radio Resource Control (RRC) protocol BCCH-BCH-Message message dl-Bandwidth: n50 (3) phich-Config phich-Duration: normal (0) phich-Resource: one (2) systemFrameNumber: f6 [bit length 8, 1111 0110 decimal value 246] schedulingInfoSIB1-BR-r13: SystemInformationBlockType1-BR is not scheduled (0) ...0 .... systemInfoUnchanged-BR-r15: False partEARFCN-17: spare (0) spare: 00 [bit length 2, 6 LSB pad bits, 00.. .... decimal value 0] spare: 00 [bit length 1, 7 LSB pad bits, 0... .... decimal value 0]
[enter image description here](https://i.stack.imgur.com/QzzBY.jpg)
GSM TAP Header, ARFCN: 1650 (Downlink), TS: 0, Channel: UNKNOWN (0) Version: 3 Header Length: 28 bytes Payload Type: LTE NAS (18) Time Slot: 0 ..00 0110 0111 0010 = ARFCN: 1650 .0.. .... .... .... = Uplink: 0 0... .... .... .... = PCS band indicator: 0 Signal Level: 0 dBm Signal/Noise Ratio: 0 dB GSM Frame Number: 0 Antenna Number: 0 Sub-Slot: 0 Non-Access-Stratum (NAS)PDU 0000 .... = Security header type: Plain NAS message, not security protected (0) .... 0111 = Protocol discriminator: EPS mobility management messages (0x7) NAS EPS Mobility Management Message Type: Attach request (0x41) 0... .... = Type of security context flag (TSC): Native security context (for KSIasme or KSIamf) .111 .... = NAS key set identifier: No key is available (7) .... 0... = Spare bit(s): 0x00 .... .010 = EPS attach type: Combined EPS/IMSI attach (2) EPS mobile identity Length: 8 .... 1... = Odd/even indication: Odd number of identity digits .... .001 = Type of identity: IMSI (1) IMSI: XXXXX (removed for privacy) [Association IMSI: XXXXX (removed for privacy)] Mobile Country Code (MCC): XXXXX (removed for privacy) Mobile Network Code (MNC): XXXXX (removed for privacy) UE network capability Length: 7 1... .... = EEA0: Supported .1.. .... = 128-EEA1: Supported ..1. .... = 128-EEA2: Supported ...1 .... = 128-EEA3: Supported .... 0... = EEA4: Not supported .... .0.. = EEA5: Not supported .... ..0. = EEA6: Not supported .... ...0 = EEA7: Not supported 0... .... = EIA0: Not supported .1.. .... = 128-EIA1: Supported ..1. .... = 128-EIA2: Supported ...1 .... = 128-EIA3: Supported .... 0... = EIA4: Not supported .... .0.. = EIA5: Not supported .... ..0. = EIA6: Not supported .... ...0 = EIA7: Not supported 0... .... = UEA0: Not supported .0.. .... = UEA1: Not supported ..0. .... = UEA2: Not supported ...0 .... = UEA3: Not supported .... 0... = UEA4: Not supported .... .0.. = UEA5: Not supported .... ..0. = UEA6: Not supported .... ...0 = UEA7: Not supported 0... .... = UCS2 support (UCS2): The UE has a preference for the default alphabet .0.. .... = UMTS integrity algorithm UIA1: Not supported ..0. .... = UMTS integrity algorithm UIA2: Not supported ...0 .... = UMTS integrity algorithm UIA3: Not supported .... 0... = UMTS integrity algorithm UIA4: Not supported .... .0.. = UMTS integrity algorithm UIA5: Not supported .... ..0. = UMTS integrity algorithm UIA6: Not supported .... ...0 = UMTS integrity algorithm UIA7: Not supported 0... .... = ProSe direct discovery: Not supported .0.. .... = ProSe: Not supported ..0. .... = H.245 After SRVCC Handover: Not supported ...1 .... = Access class control for CSFB: Supported .... 1... = LTE Positioning Protocol: Supported .... .0.. = Location services (LCS) notification mechanisms: Not supported .... ..0. = SRVCC from E-UTRAN to cdma2000 1xCS: Not supported .... ...0 = Notification procedure: Not supported 0... .... = Extended protocol configuration options: Not supported .0.. .... = Header compression for control plane CIoT EPS optimization: Not supported ..0. .... = EMM-REGISTERED w/o PDN connectivity: Not supported ...0 .... = S1-U data transfer: Not supported .... 0... = User plane CIoT EPS optimization: Not supported .... .0.. = Control plane CIoT EPS optimization: Not supported .... ..0. = ProSe UE-to-network relay: Not supported .... ...0 = ProSe direct communication: Not supported 1... .... = Signalling for a maximum number of 15 EPS bearer contexts: Supported .0.. .... = Service gap control: Not supported ..0. .... = N1 mode: Not supported ...0 .... = Dual connectivity with NR: Not supported .... 0... = Control plane data backoff: Not supported .... .0.. = Restriction on use of enhanced coverage: Not supported .... ..0. = V2X communication over PC5: Not supported .... ...0 = Multiple DRB: Not supported ESM message container Length: 59 ESM message container contents: 0222d031d127348080211001000010810600000000830600000000000d00000300000a00… 0000 .... = EPS bearer identity: No EPS bearer identity assigned (0) .... 0010 = Protocol discriminator: EPS session management messages (0x2) Procedure transaction identity: 34 NAS EPS session management messages: PDN connectivity request (0xd0) 0011 .... = PDN type: IPv4v6 (3) .... 0001 = Request type: Initial request (1) ESM information transfer flag 1101 .... = Element ID: 0xd- .... 000. = Spare bit(s): 0x00 .... ...1 = EIT (ESM information transfer): Security protected ESM information transfer required Protocol Configuration Options Element ID: 0x27 Length: 52 [Link direction: MS to network (0)] 1... .... = Extension: True .... .000 = Configuration Protocol: PPP for use with IP PDP type or IP PDN type (0) Protocol or Container ID: Internet Protocol Control Protocol (0x8021) Length: 0x10 (16) PPP IP Control Protocol Code: Configuration Request (1) Identifier: 0 (0x00) Length: 16 Options: (12 bytes), Primary DNS Server IP Address, Secondary DNS Server IP Address Primary DNS Server IP Address Type: Primary DNS Server IP Address (129) Length: 6 Primary DNS Address: 0.0.0.0 Secondary DNS Server IP Address Type: Secondary DNS Server IP Address (131) Length: 6 Secondary DNS Address: 0.0.0.0 Protocol or Container ID: DNS Server IPv4 Address Request (0x000d) Length: 0x00 (0) Protocol or Container ID: DNS Server IPv6 Address Request (0x0003) Length: 0x00 (0) Protocol or Container ID: IP address allocation via NAS signalling (0x000a) Length: 0x00 (0) Protocol or Container ID: MS Support of Network Requested Bearer Control indicator (0x0005) Length: 0x00 (0) Protocol or Container ID: IPv4 Link MTU Request (0x0010) Length: 0x00 (0) Protocol or Container ID: MS support of Local address in TFT indicator (0x0011) Length: 0x00 (0) Protocol or Container ID: 3GPP PS data off UE status (0x0017) Length: 0x01 (1) 3GPP PS data off UE status: Deactivated (1) Protocol or Container ID: PDU session ID (0x001a) Length: 0x01 (1) PDU session identity: PDU session identity value 1 (1) Protocol or Container ID: QoS rules with the length of two octets support indicator (0x0023) Length: 0x00 (0) Protocol or Container ID: QoS flow descriptions with the length of two octets support indicator (0x0024) Length: 0x00 (0) DRX Parameter Element ID: 0x5c SPLIT PG CYCLE CODE: 10 (10) 0000 .... = CN Specific DRX cycle length coefficient: CN Specific DRX cycle length coefficient / value not specified by the MS (0) .... 0... = SPLIT on CCCH: Split pg cycle on CCCH is not supported by the mobile station .... .000 = Non-DRX timer: no non-DRX mode after transfer state (0) TMSI Status 1001 .... = Element ID: 0x9- .... 000. = Spare bit(s): 0 .... ...0 = TMSI flag: no valid TMSI available Mobile station classmark 2 Element ID: 0x11 Length: 3 0... .... = Spare: 0 .10. .... = Revision Level: Used by mobile stations supporting R99 or later versions of the protocol (2) ...0 .... = ES IND: Controlled Early Classmark Sending option is not implemented in the MS .... 1... = A5/1 algorithm supported: encryption algorithm A5/1 not available .... .111 = RF Power Capability: RF Power capability is irrelevant in this information element (7) 0... .... = Spare: 0 .0.. .... = PS capability (pseudo-synchronization capability): PS capability not present ..01 .... = SS Screening Indicator: Capability of handling of ellipsis notation and phase 2 error handling (1) .... 1... = SM capability (MT SMS pt to pt capability): Mobile station supports mobile terminated point to point SMS .... .0.. = VBS notification reception: no VBS capability or no notifications wanted .... ..0. = VGCS notification reception: no VGCS capability or no notifications wanted .... ...0 = FC Frequency Capability: The MS does not support the E-GSM or R-GSM band 1... .... = CM3: The MS supports options that are indicated in classmark 3 IE .0.. .... = Spare: 0 ..1. .... = LCS VA capability (LCS value added location request notification capability): LCS value added location request notification capability supported ...0 .... = UCS2 treatment: the ME has a preference for the default alphabet .... 0... = SoLSA: The ME does not support SoLSA .... .1.. = CMSP: CM Service Prompt: Network initiated MO CM connection request supported for at least one CM protocol .... ..1. = A5/3 algorithm supported: encryption algorithm A5/3 available .... ...0 = A5/2 algorithm supported: encryption algorithm A5/2 not available Additional update type 1111 .... = Element ID: 0xf- .... 00.. = Preferred CIoT network behaviour: No additional information (0) .... ..0. = SAF: Keeping the NAS signalling connection is not required after the completion of the tracking area updating procedure .... ...1 = AUTV: SMS only Voice Domain Preference and UE's Usage Setting Element ID: 0x5d Length: 1 0000 0... = Spare bit(s): 0 .... .0.. = UE's usage setting: Voice centric .... ..11 = Voice domain preference for E-UTRAN: IMS PS voice preferred, CS Voice as secondary (3) MS network feature support 1100 .... = Element ID: 0xc- .... 000. = Spare bit(s): 0 .... ...1 = Extended periodic timers: MS supports the extended periodic timer in this domain