Introduction to Telephony and PBX (Phrack)
Introduction to Telephony and PBX (Phrack) - Chapter 1

Credits: Cavalier[TNO]

Decided to post this old but golden write-up from Phracks 49th issues. On the basics of telephony and PBX. I'm learning a bit if phreaking and telco exploitation. So this is a good way to understand some of the basics. I will post more topics like this.

The Central Office
[Image: 7081cc6d2431b88a7e513b9e3d5c46d4.jpg]

Telephones alone do nothing special.  Their connection to the rest of world makes them one of mankind's greatest achievements.

In the early days of telephone communications, users had to establish their own connections to other telephones. They literally had to string their own telephone lines.

Although the customer inconvenience of building their own connections limited the availability of phone service, an even greater problem soon arose. As the telephone became more popular, more people wanted to be connected. At the time, each phone had to be directly wired to each other. In a very short time there was a disorganized maze of wires running from the homes and businesses.

A simple mathematical formula demonstrates the growth in the number of connections required in a directly wired network:

I = N(N-1)/2

(I = number of interconnections; N = number of subscribers)

I = 100(100-1)/2

If just 100 subscribers attempted to connect to each other, 4950 separate wire connections would be needed! Obviously, a better method was needed.


A Central Office (CO) switch is a device that interconnects user circuits in a local area, such as a town. The CO is a building where all subscriber phone lines are brought together and provided with a means of interconnection. If someone wants to call a neighbor, the call is routed through the CO and switched to the neighbor.

What if someone wanted to call a friend in the next town? If their friend was connected to a different CO, there was no way to communicate.

The solution was to interconnect COs.  Then, CO-A routed calls to CO-B to complete the connection.

Today every CO in the world is connected to every other CO in a vast communication highway known as the Public Switched Network (PSN).  The PSN goes by a variety of different names:
  • Dial-up network
  • Switched network
  • Exchange network
The CO provides all users (subscribers) with a connection to each other. A critical note, however, is that no CO has the resources to switch all their users simultaneously. It would be too expensive and it is unnecessary to attempt to do so because for the vast majority of the time, only a small percentage of subscribers are on the phone at the same time.

If, on a rare occasion, all the circuits are busy, the next call will be blocked. A call is blocked if there are no circuits available to switch it because all the circuits are in use.

The term `probability of blocking` is a statistical logarithm which determines the chance that a call cannot be switched. For modern day commercial COs, the probability of blocking is very low.

History of COs

Operating switching

In the first COs, a subscriber who wanted to place a call cranked a magneto-generator to request service from the local phone company.  An operator at the CO monitored subscriber connections by observing lamps on a switchboard console. When a subscriber's lamp lit, indicating the request for service, the operator would answer: "Number please...".

The operator connected one call to another by plugging one end of a cord into the jack of the caller and the other end of the cord into the jack of the called party, establishing a manual, physical connection.

The switchboard had to have a jack for every incoming and outgoing line that needed service. The number of lines an operator could monitor was limited by her arm's reach. Billing was accomplished by the operators writing up a ticket for each call designating its starting and ending times.

When telephone subscribers were few in number, this method worked fine. As the popularity of the phone increased, more phones placed more calls and it became increasingly unmanageable and expensive to manually switch and bill each call.

Strowger Step-by-Step Switch

A mechanical switch was invented in the 1890's by a Kansas City mortician named Almon B. Strowger. He became very suspicious because callers looking for a mortician were continually referred to his competition instead to him. When he learned that the local operator was the wife of his rival, his suspicions were confirmed. He set about to invent a switching system that would not be dependent upon human intervention.

His creation, called the Strowger or Step-by-Step switch, was the first automated electromechanical switching system. It placed switching control in the hands of the subscriber instead of the operator by adding a dialing mechanism to the phone.

The Strowger switch completed a call by progressing digit by digit through two axes of a switching matrix in the CO. A call was stepped vertically to one of ten levels and rotated horizontally to one of ten terminals.

It was called step-by-step because calls progress one step at a time as the customer dialed each digit of the number. When the final digit was dialed, the switch seized an available circuit and connected the call.

The result of the step-by step switch was to eliminate the need for manual operator connection and grant privacy and call control to the subscriber.

The step-by-step switch was a wonderful invention for its day. Today it is obsolete. Compared to modern day switches, it is slow, noisy and too expensive to maintain. It is also both bulky and inefficient.

The Crossbar Switch

The crossbar switch was invented and developed in the late 1920s. One of its main technological advanced was the introduction of a hard wired memory to store dialed digits until the dialing was complete.

Unlike the step-by-step method, calls are not processed under the direct control of incoming dial pulses. In the step-by-step method, each phone call controlled its own pathway through the switching matrix at the speed the digits were dialed by the user. The crossbar switch introduced a better method.

Devices called registers stored the digits in memory as they were dialed by the callers. Not until all the digits were dialed would the call begin to be switched. Once all the digits were received and stored in the register, the register handed the digits to a processor to be examined and used to route the call.

When a pathway had been established and the call was connected, the register and processor would release and become available to handle another call. Collectively, this process was called `common control`.

Common control resulted in faster call completion and increased capacity of the switch. With the old step-by-step, the time it would take a user to physically dial the digits would occupy valuable switch time because dialing the digits was the most time consuming part of switching a call. This 8 to 12 seconds of dialing time prevented other users from accessing the switching matrix and generally slowed things down.

The genius of the crossbar common control was to store the dialed digits as they came in and then after the user finished dialing, send the digits off for processing. The act of dialing no longer kept other calls waiting for switch resources.

Common control created the separation of the control functions (setting up and directing the call) from the switching functions (physically creating the connections).

Crossbar Switching Matrix

Calls were connected by sharing a dedicated wire path through the switching matrix. Crossbar switches used the intersection of two points

to make a connection. They selected from a horizontal and vertical matrix of wires, one row connected to one column. The system still stepped the call through the network, but only after all the digits were dialed. This method created a more efficient allocation of switch resources.

There are four important components of a crossbar switch.
  • The marker is the brain of a crossbar switch. It identifies a line requesting service and allocates a register.
  • The register provides dial tone and receives and stores the dialed digits.
  • The matrix is a set of horizontal and vertical bars. The point at which the crosspoints meet establishes the connection.
  • A trunk interface unit, also called a sender, processes calls from a PBX.
Although crossbar is faster and less bulky than step-by-step, it is still electromechanical and requires a lot of maintenance. It requires huge amounts of space, generates a lot of heat, and makes a great deal of noise.

Electronic Switching System  (ESS)

The advent of electronic switching (also called stored program switching) was made possible by the transistor. Introduced in 1965, the Electronic Switching System (ESS) greatly sped up switch processing capacity and speed and has done nothing less than revolutionize the industry.

Modern ESS switches perform five main functions to establish and maintain service in a public network.
  1. Establish a connection between two or more points
  2. Provide maintenance and testing services
  3. Record and sort customer billing charges
  4. Offer customer features, such as call waiting
  5. Allow access to operators for special services
An ESS uses computer-based logic to control the same two primary operations we introduced with the crossbar -- common control and the switching matrix.

(In an ESS, the terms stored program control, common control, and electronic switching are all synonymous.)

ESS Common Control

The function of the common control is similar to its function in the crossbar. The difference is that common control is accomplished electronically instead of electromechanically. Like the crossbar, one group of control devices controls the functions of all lines. However, instead of the hard wired logic of the crossbar, the control device consists of a computer with memory, storage, and programming capability

In the ESS, the computer governs the common control. It monitors all the lines and trunks coming into the CO, searching for changes in the electrical state of the circuit, such as a phone going off-hook. When a subscriber goes off- hook and dials a number, the common control equipment detects the request for service and responds by returning the dial tone. It then receives, stores, and interprets the dialed digits.

Again, similar to the workings of the crossbar, once the digits have been processed, the computer establishes a path through the switching matrix to complete the call. After the connection for the call has been established, the common control equipment releases and becomes available to complete other calls.

ESS Switching Matrix

Recall that in the crossbar, calls were connected by sharing a dedicated wire path through the matrix, establishing a connection between an input and an output. The matrix in an ESS is logically similar to the crossbar grid except the pathway is electronic instead of electromechanical. Called a TDM bus, it is solid state circuitry and is printed into small computer controlled circuit boards. The computer controls the connections and path status map to determine which path should be established to connect the calling and called parties.

  • Crossbar switching matrix = maze of physical wire cross connections
  • ESS switching matrix = electronic multiplexed TDM (time division multiplexing) bus

ESS Advancements

The unprecedented advancement of the ESS was the speed and processing power advantage it had over the crossbar because it switched calls digitally instead of electromechanically. The processing capacity that would have required a city block of crossbar technology could be accomplished by one floor of ESS equipment. Much less effort was required to maintain the ESS because it was smaller and had fewer moving parts.

Telephone companies would have moved to the new technology for these advantages alone. But, there was much more to be offered. There was the power of the computer.

There are major advantages to a computer stored program. It allows the system to perform functions earlier switches were incapable of. For example, the switch can collect statistical information to determine its effectiveness. It can perform self-diagnostics of circuit and system irregularities and report malfunctions. If trouble occurs, technicians can address it via a keyboard and terminal. The same terminal, often called a system managers terminal, allows personnel to perform system changes and to load new software, eliminating the need for manually rewiring connections.

The computer uses two types of memory:
  1. Read Only Memory (ROM) is used to store basic operating instructions and cannot be altered by the end user. The contents of this memory can only be changed by the manufacturer.
  2. Random Access Memory (RAM) stores configuration and database information. The contents of its memory can be changed by a system administrator.
Other important functions of the computer include
  • Performing telephone billing functions
  • Generating traffic analysis reports
  • Generating all tones and announcements regarding the status of circuits and calls
Computer control operates under the direction of software called its generic program. Periodically updating or adding to the generic program allows the ESS to be much more flexible and manageable than previous switch generations because it is the software, not the hardware, that normally has to be upgraded.

Electronic switching heralded the introduction of new customer features and services. Credit card calls, last number redial, station transfer, conference calling, and automatic number identification (ANI) are just  a few examples of unprecedented customer offerings.

The ESS is an almost fail-safe machine. Its design objective is one hour's outage in 20 years. In today's competitive environment for higher quality communication equipment, ESS machines provide a level of service and reliability unachievable in the past.
Private Branch Exchange (PBX)
[Image: pbx.png]

The two primary goals of every PBX are to
  1. facilitate communication in a business
  2. be cost effective
Organizations that have more than a few phones usually have an internal switching mechanism that connects the internal phones to each other and to the outside world.

A PBX is like a miniature Central Office switching system designed for a private institution. A PBX performs many of the same functions as a CO does. In fact, some larger institutions use genuine COs as their private PBX.

Although a PBX and a CO are closely related, there are differences between them
  • A PBX is intended for private operation within a company. A CO is intended for public service.
  • A PBX usually has a console station that greets outside callers and connects them to internal extensions.
  • Most PBXs do not maintain the high level of service protection that must be maintained in a CO. Assurance features such as processor redundancy (in the event of processor failure) and battery backup power, which are standard in a CO, may not be a part of a PBX.
  • COs require a seven digit local telephone number, while PBXs can be more flexible and create dialing plans to best serve their users (3, 4 5, or 6 digit extensions).
  • A PBX can restrict individual stations or groups of stations from certain features and services, such as access to outside lines. A CO usually has no interest in restricting because these features and services are billed to the customer. COs normally provide unlimited access to every member on the network.
A PBX is composed of three major elements.
  1. Common equipment (a processor and a switching matrix)
  2. CO trunks
  3. Station lines

Common Equipment

The operation of a PBX parallels the operation of a Central Office ESS. Its common control is
  • A computer operated Central Processing Unit (CPU) running software that intelligently determines what must be done and how best to do it.
  • A digital multiplexed switching matrix printed on circuit boards that establishes an interconnection between the calling and called parties.
The CPU stores operating instructions and a database of information from which it can make decisions. It constantly monitors all lines for supervisory and control signals. A switching matrix sets up the connections between stations or between stations and outgoing trunks.

Housed in equipment cabinets, PBX common equipment is often compact enough to occupy just a closet or small room.  Given the extremely high rental rates many companies have, a major benefit of a PBX is its small size.

CO Trunks and Station Lines

A trunk is a communication pathway between switches. A trunk may provide a pathway between a PBX and the CO or between two PBXs and two COs. A trunk may be privately owned or be a leased set of lines that run through the Public Switched Network.

A line is a communication pathway between a switch and terminal equipment, such as between a PBX and an internal telephone or between a CO and a home telephone.

The function of the PBX is to interconnect or switch outgoing trunks with internal lines.

Two Varieties of Lines

Station lines are either analog or digital, depending on the station equipment it is connecting. If the phone on one desk is digital, it should be connected to a digital line. If the phone on the desk is analog, it should be connected to an analog line.

Varieties of Trunks

There exists a wide variety of trunks that can be connected to a PBX for off-premises communication. Each variety has different functions and capabilities. It is important to be able to distinguish them.

Tie Trunks

Organizations supporting a network of geographically dispersed PBXs often use tie trunks to interconnect them. A tie trunk is a permanent circuit between two PBXs in a private network. Tie trunks are usually leased from the common carrier; however, a private microwave arrangement can be established. Usually, leased tie trunks are not charged on a per call basis but rather on the length of the trunk. If a tie trunk is used more than one or two hours a day, distance sensitive pricing is more economical.

A T1 trunk is a digital CO leased trunk that is capable of being multiplexed into 24 voice or data channels at a total rate of 1.544 Mbps. T1 trunks are used as PBX-to-PBX tie trunks, PBX-to-CO trunks as well as PBX trunks to bypass the local CO and connect directly to a long distance carrier. It is a standard for digital transmission in North America and Japan.

T1 uses two pairs of normal, twisted wire--the same as would be found in a subscriber's residence.  Pulse Code Modulation is the preferred method of analog to digital conversion.
  • A T2 trunk is capable of 96 multiplexed channels at a total rate of 6.312 Mbps.
  • A T3 trunk is capable of 672 multiplexed channels at a total rate of 44.736 Mbps.
  • A T4 trunk is capable of 4,032 multiplexed channels at a total of 274.176 Mbps.

Direct Inward Dialing (DID) Trunks

Incoming calls to a PBX often first flow through an attendant position. DID trunks allow users to receive calls directly from the outside without intervention from the attendant. DID offers three main advantages.
  1. It allows direct access to stations from outside the PBX.
  2. It allows users to receive calls even when the attendant switchboard is closed.
  3. It takes a portion of the load off the attendants.

Trunk Pools

Trunks do not terminate at a user's telephone station. Instead trunks are bundled into groups of similarly configured trunks called trunk pools. When a user wants to access a trunk, he can dial a trunk access code --for example, he can dial 9 to obtain a trunk in the pool. Trunk pools make system administration less complicated because it is easier to administer a small number of groups than a large number of individual trunks.


Ports are the physical and electrical interface between the PBX and a trunk or station line.

PBX Telephones

Telephone stations in a PBX are not directly connected to the CO but to the PBX instead. When a station goes off-hook, the PBX recognizes it and sends to the station its own dial tone. The PBX requires some access digit, usually "9" to obtain an idle CO trunk from a pool to connect the station with the public network. This connection between the telephone and the PBX allows stations to take advantage of a myriad of PBX features.

The attendant console is a special PBX telephone designed to serve several functions. Traditionally, most PBXs have used attendants as the central answering point for incoming calls. Calls placed to the PBX first connected to the attendant, who answered the company name. The attendant then established a connection to the desired party. The attendant also provided assistance to PBX users, including directory assistance and reports of problems.

In recent years a number of cost-saving improvements have been made to the attendant console. A feature commonly called automated attendant can establish connections without a human interface, substantially decreasing PBX operating costs.

Blocking versus Non-blocking

Blocking is a critical aspect of the functioning of a PBX. A non-blocking switch is one that provides as many input/output interface ports as there are lines in the network. In other words, the switching matrix provides enough paths for all line and trunk ports to be connected simultaneously.

PBX systems are usually blocking. It requires an exponential increase in resources and expense to ensure non-blocking. Based on call traffic studies and the nature of calls, it is generally acceptable to engineer a low level of blocking in exchange for a major savings of common equipment resources.

Grades of service are quantitative measurements of blocking. They are written in the form: P.xx

where xx is a two digit number that indicates how many calls out of a hundred will be blocked. The smaller the number, the better the grade of service.

P.01 means one call out of a hundred will be blocked. It is a better grade of service than P.05 that block five calls out of a hundred. Naturally the P.05 service costs less than the better grade of service provided by P.01.

Even if a PBX's switching matrix is non-blocking, an internal caller may still not be able to reach an outside trunk if all the trunks are busy. CO trunks cost money, and very few PBXs dedicate one trunk to every internal line. Instead, traffic studies are performed to determine the percentage of time a station will be connected to an outside trunk during peak hours.

If, for example, it is determined that the average station uses a trunk only 20% of the time during peak hours, then the switch may be configured to have a 5:1 line-to-trunk ratio, meaning for every five lines (or extensions) there is one trunk. Most PBXs are configured on this principle as a major cost saving method.

PBX Features

COs and PBXs share many of the same attributes and functionality. However, COs are built to perform different tasks than a PBX, resulting in feature differences between them. The following is an overview of common PBX features not found in a CO.

Automatic Route Selection (ARS)

A primary concern of any telecommunications manager is to keep costs down. One of these costs is long distance service. ARS is a feature that controls long distance costs.

Most PBXs have more than just public CO trunks connected to them. They may have a combination of tie trunks to other PBXs (T1/E1 trunks and many others). Each type of trunk has a separate billing scheme, relatively more or less expensive for a given number of variables.

It is extremely difficult to attempt to educate company employees on which trunks to select for which calls at what time of day. It defeats the productivity raising, user-transparency goal of any PBX if employees must pour over tariffing charts every time they want to use the phone.

Instead, ARS programs the PBX central processor to select the least expensive trunk on a call by call basis. When a user places a call, the computer determines the most cost effective route, dials the digits and completes the call.

Feature Access

PBXs support a wide variety of user features. For example, call forward, hold, and call pickup are all user features. There are two methods of activating a feature. A code, such as "*62" can be assigned to the call forward feature. To activate call forward the user presses "*62" and continues dialing.

Dial codes are not the preferred method of feature access. The problem is that users tend to forget the codes and either waste time looking them up or do not take advantage of time saving features, thereby defeating the purpose of buying them.

Dedicated button feature access is a better solution. Programmable feature buttons, located on most PBX telephones, are pressed to activate the desired feature. If a user wants to activate call forward, he presses a button labeled "call forward" and continues dialing.

The only drawback of telephones with programmable feature buttons is that they are more expensive than standard phones.

Voice Mail

For a voice conversation to occur, there is one prerequisite so obvious it is usually overlooked. The called party must be available to answer the call. In today's busy world, people are often not accessible which can create a major problem resulting in messages not being received and business not being conducted.

Statistics confirm the need for an alternate method.
  • 75% of call attempts fail to make contact with the desired party.
  • 50% of business calls involve one-way information--one party wishing to deliver information to another party without any response necessary.
  • 50% of incoming calls are less important than the activity they interrupt.
Voice mail (also known as store and forward technology) is a valuable feature that is designed around today's busy, mobile office. It is like a centralized answering machine for all telephone stations in a PBX. When a telephone is busy or unattended, the systems routes the caller to a voice announcement that explains that the called party is unavailable and invites the caller to leave a message. The message is stored until the station user enters a security dial access code and retrieves the message.

Automated Attendant

Automated attendant is a feature sometimes included with voice mail. It allows outside callers to bypass a human attendant by routing their own calls through the PBX. Callers are greeted with a recorded announcement that prompts them to dial the extension number of the desired position, or stay on the line to be connected to an attendant.

Reducing cost is the primary goal of automated attendant. The decreased attendant work load more d) an pays for the cost of the software and equipment.

When automated attendant was first introduced, it met with substantial resistance from the general public. People did not want to talk to a machine. But, as its cost effectiveness drove many companies to employ it, the public has slowly adjusted to the new technology.


Nearly every PBX enforces some combination of inside and outside calling restrictions on certain phones. Depending upon the sophistication of the PBX, a system administrator can have nearly unlimited flexibility in assigning restrictions. For example, a tire manufacturing plant could restrict all lobby phones at corporate headquarters to internal and local calls only. The phones at the storage warehouse could be restricted for only internal calling. But, all executive phones could be left unrestricted.

Nearly every PBX enforces some combination of inside and outside calling restrictions on certain phones. Depending upon the sophistication of Long distance toll charges can be a crippling expense. Toll fraud is a major corporate problem. Restriction combats unauthorized use of company telephone resources and is a prime function of any PBX.


As stated earlier, it is necessary to have a switching mechanism to interconnect calls. If a number of phones all wish to be able to talk to each other, an enormous amount of cabling would be wasted tying each of them together. Thus, the switch was born.

The same principle applies for interconnecting PBXs. Large firms that have PBXs scattered all over the country want each PBX to have the ability to access every other one. But the expense of directly connecting each could drive a company out of business. The solution is to create a centrally located tandem switching station to interconnect the phones from one PBX with the phones from any other. This solution creates a Private Switched Network.

Directing digits are often used to inform the tandem switch where to route the call. Each PBX is assigned a unique number. Let's say a PBX in Paris is numbered "4." To call the Paris PBX from a PBX in Chicago, a user would dial "4- XXXX."

Uniform Dialing Plan

A network of PBXs can be configured poorly so that calling an extension at another PBX could involve dialing a long, confusing series of numbers and create a lot of user frustration. A Uniform Dialing Plan enables a caller to dial another internal extension at any PBX on the network with a minimum of digits, perhaps four or five. The system determines where to route the call, translates the digits and chooses the best facility, all without the knowledge of the user. As far as the user knows, the call could have been placed to a station at the next desk.

Call Accounting System (CAS) and Station Message Detail Recording (SMDR)

CAS works in conjunction with SMDR to identify and monitor telephone usage in the system. SMDR records call information such as the calling number, the time of the call, and its duration. The raw data is usually listed chronologically and can be printed on reports.

SMDR by itself is not particularly useful because the sheer volume and lack of sorting capability of the reports make them difficult to work with. A Call Accounting Systems is a database program that addresses these shortcomings by producing clear, concise management reports detailing phone usage.

The primary function of CAS reports is to help control and discourage unnecessary or unauthorized use and to bill back calling charges to users. Many law firms use a call accounting system to bill individual clients for every call they make on behalf of each client.

Attendant Features

A number of features are available to improve the efficiency of attendant consoles.

Here are a few of them.
  • Direct Station Selection (DSS) allows attendants to call any station telephone by pressing a button labeled with its extension.
  • Automatic Timed Reminder alerts the attendant that a station has not picked up its call. The attendant may choose to reconnect to the call and attempt to reroute it.
  • Centralized Attendant Service groups all network attendants into the same physical location to avoid redundancies of service and locations.

Power Failure Schemes

If a city or a town experiences a commercial power failure, telephones connected directly to the CO will not be affected because the CO gets power from its own internal battery source. A PBX, however, is susceptible to general power failures because it usually gets its power from the municipal electric company.

There are several different ways a PBX can be configured to overcome a power failure.
  • A PBX can be directly connected to a DC battery which serves as its source of power. The battery is continually recharged by an AC line to the electric company. In the event of a power failure, the PBX will continue functioning until the battery runs out.
  • A PBX can have an Uninterruptable Power Supply (UPS) to protect against temporary surges or losses of power.
  • A PBX can use a Power Failure Transfer (PFT) which, in the event of a power failure, immediately connects preassigned analog phones to CO trunks, thereby using power from the CO instead of from the PBX.

Outgoing Trunk Queuing

In the event all outgoing trunks are busy, this feature allows a user to dial a Trunk Queuing code and hang up. As soon as a trunk becomes free, the system reserves it for the user, rings the station and connects the outside call automatically.

System Management

PBXs can be so large and complex that without a carefully designed method of system management chaos can result. The best, most advanced systems mimic CO management features--computer access terminals which clearly and logically program and control most system features. The system manager has a wide variety of responsibilities which may include, but is not limited to
  • Programming telephone moves, additions, and changes on the system
  • Performing traffic analysis to maximize system configuration resources and optimize network performance
  • Responding to system-generated alarms
  • Programming telephone, system, attendant, and network features.


ISDN is not a product. Rather, it is a series of standards created by the international body, ITU (previously known as CCITT), to support the implementation of digital transmission of voice, data, and image through standard interfaces. Its goal is to combine all communications services offered over separate networks into a single, standard network. Any subscriber could gain access to this vast network by simply plugging into the wall. (At this time not all PBXs are compatible with the ISDN standard.)

Alternatives to a PBX

There are two main alternatives to purchasing a PBX. They are purchasing a Key system or renting Centrex service from the local telephone company.

Key System

Key systems are designed for very small customers, who typically use under 15 lines. There is no switching mechanism as in a PBX. Instead every line terminates on every phone. Hence, everyone with a phone can pick up every incoming call.

Key systems are characterized by a fat cable at the back of each phone. The cables are fat because each phone is directly connected to each incoming line and each line has to be wired separately to each phone.

Fat cables have become a drawback to Key systems as building wire conduits have begun to fill with wire. It has become increasingly difficult to add and move stations because technicians must physically rewire the bulky cables instead of simply programming a change in the software.

Key telephones are equipped with line assignment buttons that light on incoming calls and flash on held calls. These buttons enable a user to access each line associated with each button. Unlike a PBX, there is no need to interface with an attendant console to obtain an outside line.

Differences between Key and PBX Systems

Key systems have no switching matrix. In a Key system, incoming calls terminate directly on a station user's phone. In a PBX, incoming calls usually first go to the attendant who switches the call to the appropriate station.

PBX accesses CO trunk pools by dialing an access code such as "9." Key systems CO trunks are not pooled. They are accessed directly.

Key systems make use of a limited number of features, many of them common to the PBX. These include
  • Last number redial
  • Speed dialing
  • Message waiting lamp
  • Paging
  • Toll restriction
Today's PBXs can simulate Key system operation. For example, telephones can have a line directly terminating on a button for direct access.


The other alternative to purchasing a PBX is leasing a Centrex service.

Centrex is a group of PBX-like service offerings furnished by the local telephone company. It offers many of the same features and functions associated with a PBX, but without the expense of owning and maintaining equipment and supporting in-house administrative personnel.

Because network control remains the responsibility of the CO, companies that choose Centrex service over purchasing and maintaining a private PBX can ignore the sophisticated world of high tech telecommunications and leave it up to the telephone company representatives.

To provide Centrex service, a pair of wires is extended from the CO to each user's phone. Centrex provides an "extension" at each station complete with its own telephone number. No switching equipment is located at the customer premises. Instead, Centrex equipment is physically located at the CO.

There are a number of reasons a company would choose a Centrex system over owning their own PBX. Currently Centrex has six million customers in the United States market.

Advantages of a Centrex System over a PBX:
  • Nearly uninterruptable service due to large redundancies in the CO
  • Easily upgraded to advanced features.
  • No floor space requirement for equipment.
  • No capital investment
  • 24-hour maintenance coverage by CO technicians
  • Inherent Direct Inward Dialing (DID). All lines terminate at extensions, instead of first flowing through a switchboard.
  • Call accounting and user billing as inherent part of the service.
  • Reduced administrative payroll.
Disadvantages of a Centrex System:
  • Cost. Centrex is tariffed by the local telephone company and can be very expensive. Companies are charged for each line connected to the Centrex, as well for the particular service plan chosen. Additionally, Centrex service may be subject to monthly increases.
  • Feature availability. Centrex feature options are generally not state of the art, lagging behind PBX technology. Not all COs are of the same generation and level of sophistication--a company associated with an older CO may be subject to inferior service and limited or outdated feature options.
  • Control of the network is the responsibility of the CO. While this release from responsibility is often cited as a positive feature of Centrex, there are drawback to relinquishing control. CO bureaucracy can be such that a station move, addition or change can sometimes take days to achieve. Furthermore, each request is charged a fee. Also, some companies are more particular about certain features of their network (security for example) and require direct control for themselves.
Properties of Analog and Digital Signals
[Image: Analog-and-Digital-Signals.jpg?ssl=1]

A man in Canada picks up a telephone and dials a number. Within seconds, he begins talking to his business partner in Madrid. How can this be?

Telephony is a constantly evolving technology with scientific rules and standards. You will learn to make sense of what would otherwise seem impossible.

Voice travels at 250 meters per second and has a range limited to the strength of the speaker's lungs. In contrast, electricity travels at speeds approaching the speed of light (310,000 Km per second) and can be recharged to travel lengths spanning the globe. Obviously, electricity is a more effective method of transmission.

To capitalize on the transmission properties of electricity, voice is first converted into electrical impulses and then transmitted. These electrical impulses represent the varying characteristics that distinguish all of our voices. The impulses are transmitted at high speeds and then decoded at the receiving end into a recognizable duplication of the original voice.

For a hundred years, scientists have been challenged by how best to represent voice by electrical impulses. An enormous amount of effort has been devoted to solving this puzzle. The two forms of electrical signals used to represent voice are analog and digital.

Both analog and digital signals are composed of waveforms. However, their waveforms have very distinctive properties which distinguish them. To understand the science of telephony, it is necessary to understand how analog and digital signals function, and what the differences between them are.

If you do not possess a fundamental understanding of basic waveforms, you will not understand many of the more advanced concepts of telecommunications.

Analog Signal Properties

Air is the medium that carries sound. When we speak to one another, our vocal chords create a disturbance of the air. This disturbance causes air molecules to become expanded and compress thus creating waves. This type of wave is called analog, because it creates a waveform similar to the sound it represents.

Analog waves are found in nature. They are continually flowing and have a limitless number of values. The sine wave is a good example of an analog signal.

Three properties of analog signals are particularly important in transmission:
  • amplitude
  • frequency
  • phase


Amplitude refers to the maximum height of an analog signal. Amplitude is measured in decibels when the signal is measured in the form of audible sound. Amplitude is measured in volts when the signal is in the form of electrical energy.

Amplitude of an Analog Wave

Volts represent the instantaneous amount of power an analog signal contains.

Amplitude, wave height, and loudness of an analog signal represent the same property of the signal. Decibels and volts are simply two different units of measurement which are used to quantify this property.


Frequency is the number of sound waves or cycles that occur in a given length of time. A cycle is represented by a 360 degree sine wave. Frequency is measured in cycles per second, commonly called hertz (Hz).

Frequency corresponds to the pitch (highness or lowness) of a sound. The higher the frequency, the higher the pitch.  The high pitch tone of a flute will have a higher frequency than the low pitch tone of a bass.

Phase refers to the relative position of a wave at a point in time. It is useful to compare the phase of two waves that have the same frequency by determining whether the waves have the same shape or position at the same time. Waves that are in-step are said to be in phase, and waves that are not synchronized are called out-of-phase.


The reason these three properties are significant is that each can be changed (modulated) to facilitate transmission.

The term modulation means imposing information on an electrical signal.

The process of modulation begins with a wave of constant amplitude, frequency, and phase called carrier wave. Information signals representing voice, data, or video modulate a property (amplitude, frequency, or phase) of the carrier wave to create a representation of itself on the wave.

Amplitude Modulation is a method of adding information to an analog signal by varying its amplitude while keeping its frequency constant. AM radio is achieved by amplitude modulation.

Frequency Modulation adds information to an analog signal by varying its frequency while keeping its amplitude constant. FM radio is achieved by frequency modulation.

Phase Modulation adds information to an analog signal by varying its phase.

The modulated wave carrying the information is then transmitted to a distant station where it is decoded and the information is extracted from the signal.

Properties of Digital Signals

Unlike analog signals, digital signals do not occur in nature. Digital signals are an invention of mankind. They were created as a method of coding information. An early example of digital signals is the Morse Code.

Digital signals have discrete, non-continuous values. Digital signals have only two states:
Type of SignalState 1State 2
Light switchOnOff
VoltageVoltage Level 1 (-2 volts)Voltage Level 2 (+2 volts)
MorseShort beatLong beat

Computers and humans cannot communicate directly with each other. We do not understand what tiny bits and voltage changes mean. Computers do not understand the letters of the alphabet or words.

For computers and humans to communicate with each other, a variety of binary (digital) languages, called character codes, have been created. Each character of a character code represents a unique letter of the alphabet: a digit, punctuation mark, or printing character.

The most popular character code is call ASCII (America Standard Code for Information Interchange). It uses a seven bit coding scheme-- each character consists of a unique combination of seven 1s and 0s. For example, the capital letter T is represented by the ASCII 1010100; the number 3 by the ACSII 0110011. The maximum number of different characters which can be coded in ASCII is 128).

Another character code is called Extended ASCII. Extended ASCII builds upon the existing ASCII character code. Extended ASCII codes characters into eight bits providing 256 character representations). The extra 127 characters represent foreign language letters and other useful symbols.

Signal Loss - Attenuation

Analog and digital signals are transmitted to provide communication over long distances. Unfortunately, the strength of any transmitted signal weakens over distance. This phenomenon is called attenuation. Both analog and digital signals are subject to attenuation, but the attenuation is overcome in very different ways.

Analog Attenuation

Every kilometer or so, an analog signal must be amplified to overcome natural attenuation. Devices called amplifiers boost all the signals they receive, strengthening the signals to their original power. The problem is that over distance, noise is created and it is boosted along with the desired signal.

The result of using amplifiers is that both the noise (unwanted electrical energy) and the signal carrying the information are amplified. Because the noise is amplified every kilometer, it can build up enough energy to make a conversation incomprehensible. If the noise becomes too great, communication may become impossible.

Two different types of noise affect signal quality.
  1. White noise is the result of unwanted electrical signals over lines. When it becomes loud enough, it sounds like the roar of the ocean at a distance.
  2. Impulse noise is caused by intermittent disturbances such as telephone company switch activity or lightning. It sounds like pops and crack over the line.
As analog signals pass through successive amplifiers, the noise is amplified along with the signal and therefore causes the signal to degenerate.

Digital Attenuation

Although digital signals are also affected by attenuation, they are capable of a much more effective method to overcome signal loss. A device called a regenerative repeater determines whether the incoming digital signal is a 1 or a 0. The regenerative repeater then recreates the signal and transmits it at a higher signal strength. This method is more effective than repeating an analog signal because digital signals can only be one of two possible states. Remember that an analog signal is comprised of an infinite number of states.)

The advantage of a digital regenerator is that noise is not reproduced. At each regenerative repeater, all noise is filtered out-- a major advantage over analog amplification.

Advantages of Digital over Analog Signals

  1. Digital regenerative repeaters are superior to analog amplifiers.

    A buildup of noise causes a distortion of the waveform. If the distortion is large enough, a signal will not arrive in the same form as it was transmitted. The result is errors in transmission.

    In digital transmission, noise is filtered out leaving a clean, clear signal. A comparison of average error rates shows

    Analog: 1 error every 100,000 signals

    Digital: 1 error every 10,000,000 signals

  2. The explosion of modern digital electronic equipment on the market has greatly reduced its price, making digital communications increasingly more cost effective. The price of computer chips, the brains of electronic equipment, has dropped dramatically in recent years further reducing the price of digital equipment.

    This trend will almost certainly continue adding more pressure to use digital methods.

  3. An ever increasing bulk of communication is between digital equipment (computer-to-computer)

    For most of telephony history, long distance communication meant voice telephone conversations. Because voice is analog in nature, it was logical to use analog facilities for transmission. Now the picture is changing. More and more communication is between computers, digital faxes, and other digital transmission devices.

    Naturally, it is preferable to send digital data over digital transmission equipment when both sending and receiving devices are digital since there is no need to convert the digital signals to analog to prepare them for analog transmission.
Historically, telephone networks were intended to carry analog voice traffic. Therefore, equipment was designed to create, transmit, and process analog signals. As technology in computers (microprocessors) and digital transmission has advanced, nearly all equipment installed in new facilities are digital.
Introduction to Telephony and PBX (Phrack) - Chapter 2

Credits: Cavalier[TNO]

Decided to post this old but golden write-up from Phracks 49th issues. On the basics of telephony and PBX. I'm learning a bit if phreaking and telco exploitation. So this is a good way to understand some of the basics. I will post more topics like this.

Analog-Digital Conversion
[Image: 0418_analog-to-digital_main.jpg]

Because it offers better transmission quality, almost every long distance telephone communication now uses digital transmission on the majority of their lines. But since voice in its natural form is analog, it is necessary to convert these. In order to transmit analog waves over digital facilities to capitalize on its numerous advantages, analog waves are converted to digital waves.

Pulse Code Modulation (PCM)

The conversion process is called Pulse Code Modulation (PCM) and is performed by a device called a codec (coder/decoder). PCM is a method of converting analog signals into digital 1s and 0s, suitable for digital transmission. At the receiving end of the transmission, the coded 1s and 0s are reconverted into analog signals which can be understood by the listener.

Three Step Process of PCM

  1. Step 1 - Sampling
    Sampling allows for the recording of the voltage levels at discrete points in prescribed time intervals along an analog wave. Each voltage level is called a sample. Nyquist's Theorem states:
    • If an analog signal is sampled at twice the rate of the highest frequency it attains, the reproduced signal will be a highly accurate reproduction of the original.
  2. The highest frequency used in voice communications is 4000 Hz (4000 cycles per second). Therefore, if a signal is sampled 8000 times per second, the listener will never know they have been connected and disconnected 8000 times every second! They will simply recognize the signal as the voice of the speaker.

    To visualize this procedure better, consider how a movie works. Single still frames are sped past a light and reproduced on a screen. Between each of the frames is a dark space. Since the frames move so quickly, the eye does not detect this dark space. Instead the eye perceives continuous motion from the still frames.

    PCM samples can be compared to the still frames of a movie.  Since the voice signal is sampled at such frequent intervals, the listener does not realize that there are breaks in the voice and good quality reproduction of voice can be achieved.  Naturally, the higher the sampling rate, the more accurate the reproduction of the signal.  Dr. Nyquist was the one who discovered that only 8000 samples per second are needed for excellent voice reproduction.

    The 8000 samples per second are recorded as a string of voltage levels. This string is called a Pulse Amplitude Modulation (PAM) signal.

  3. Step 2 - Quantizing
    Since analog waves are continuous and have an infinite number of values, an infinite number of PAM voltage levels are needed to perfectly describe any analog wave. In practice, it would be impossible to represent each exact PAM voltage level. Instead, each level is rounded to the nearest of 256 predetermined voltage levels by a method called Quantizing.

    Quantizing assigns each PAM voltage level to one of 256 amplitude levels. The amplitude levels do not exactly match the amplitude of the PAM signal but are close enough so only a little distortion results.

    This distortion is called quantizing error. Quantizing error is the difference between the actual PAM voltage level and the amplitude level it was rounded to. Quantizing error produces quantizing noise. Quantizing noise creates an audible noise over the transmission line.

    Low amplitude signals are affected more than high amplitude signals by quantizing noise. To overcome this effect, a process call companding is employed. Low amplitude signals are sampled more frequently than high amplitude signals. Therefore, changes in voltage along the waveform curve can be more accurately distinguished.

    Companding reduces the effect of quantizing error on low amplitude signals where the effect is greatest by increasing the error on high amplitude signals where the effect is minimal. Throughout this process, the total number of samples remains the same at 8000 per second.

    Two common companding formulas are used in different parts of the world. The United States and Japan follow a companding formula called Mu-Law. In Europe and other areas of the world, the formula is slight different and is called A-Law. Although the two laws differ only slightly, they are incompatible. Mu Law hardware cannot be used in conjunction with A-Law hardware.

  4. Step 3 - Encoding
    Encoding converts the 256 possible numeric amplitude voltage levels into binary 8-bit digital codes. The number 256 was not arrived at accidentally. The reason there are 256 available amplitude levels is that an 8-bit code contains 256 (28) possible combinations of 1s and 0s. These codes are the final product of Pulse Codes Modulation (PCM) and are ready for digital transmission.

    PCM only provides 256 unique pitches and volumes. Every sound that is heard over a phone is one of these 256 possible sounds.

Digital-Analog Conversion

After the digital bit stream is transmitted, it must be convert back to an analog waveform to be audible to the human ear. This process is called Digital-Analog conversion and is essentially the reverse of PCM.

This conversion occurs in three steps.
  1. Step 1 - Decoding
    Decoding converts the 8-bit PCM code into PAM voltage levels.
  2. Step 2 - Reconstruction
    Reconstruction reads the converted voltage level and reproduces the original analog wave
  3. Step 3 - Filtering
    The decoding process creates unwanted high frequency noise in the 4000 Hz - 8000 Hz range which is audible to the human ear. A low-pass filter blocks all frequencies above one-half the sampling rate, eliminating any frequencies above 4000 Hz.
Digital Transmission
[Image: line_coding.jpg]

Importance of Digital Transmission

Digital transmission is the movement of computer-encoded binary information from one machine to another. Digital information can represent voice, text, graphics, and video.

Digital communication is important because we use it everyday. You have used digital communications if
  • your credit card is scanned at the checkout line of a department store.
  • you withdraw money from an automated teller machine.
  • you make an international call around the world.
There are a million ways digital communication affects us every day.

As computer technology advances, more and more of our lives are affected by digital communication. A vast amount of digital information is transmitted every second of every day. Our bank records, our tax records, our purchasing records, and so much more is stored as digital information and transferred whenever and wherever it is needed. It is no exaggeration to say that digital communications will continue to change our lives from now on.

Digital Voice Versus Digital Data

The difference between voice and non-voice data is this:
  • Voice transmission represents voice while data transmission represents any non-voice information, such as text, graphics, or video. Both can be transmitted in identical format--as digitized binary digits
In order to distinguish digital voice binary code from digital data, since they both look like strings of 1s and 0s, you must know what the binary codes represent.

This leads us to another important distinction-- that between digital transmission and data transmission. Although these two terms are often confused, they are not the same thing.
  • Digital transmission describes the format of the electrical signal--1s and 0s as opposed to analog waves.
  • Data transmission describes the type of information transmitted--text, graphics, or video as opposed to voice.

Basic Digital Terminology

A bit is the smallest unit of binary information--a "1" or a "0"

A byte is a "word" of 7 or 8 bits and can represent a unit of information such as a letter, a digit, a punctuation mark, or a printing character (such as a line space).

BPS (bits per second) or bit rate refers to the information transfer rate-- the number of bits transmitted in one second. BPS commonly refers to a transmission speed.

  • A device rated at 19,200 bps can process more information than one rated at 2,400 bps. As a matter of fact, eight times more. Bps provides a simple quantifiable means of measuring the amount of information transferred in one second.
Bits per second is related to throughput. Throughput is the amount of digital data a machine or system can process. One might say a machine has a "high throughput," meaning that it can process a lot of information.

Digital Data Transmission

Data communications is made up of three separate parts:
  1. Data Terminal Equipment (DTE) is any digital (binary code) device, such as a computer, a printer, or a digital fax.
  2. Data Communications Equipment (DCE) are devices that establish, maintain, and terminate a connection between a DTE and a facility. They are used to manipulate the signal to prepare it for transmission. An example of DCE is a modem.
  3. The transmission path is the communication facility linking DCEs and DTEs.

The Importance of Modems

A pair of modems is required for most DTE-to-DTE transmissions made over the public network.

The function of a modem is similar to the function of a codec, but in reverse. Codecs convert information that was originally in analog form (such as voice) into digital form to transmit it over digital facilities. Modems do the opposite. They convert digital signals to analog to transmit them over analog facilities.

It continues to be necessary to convert analog signals to digital and then back again because the transmission that travels between telephone company COs is usually over digital facilities. The digital signals travel from one telephone company Central Office to another over high capacity digital circuits. Digital transmission is so superior to analog transmission that it is worth the time and expense of converting the analog signals to digital signals.

Since computers communicate digitally, and most CO-to-CO facilities are digital, why then is it necessary to convert computer-generated digital data signals to analog before transmitting them?

The answer is simple. Most lines from a local Central Office to a customer's residence or business (called the local loop) are still analog because for many years, the phone company has been installing analog lines into homes and businesses. Only very recently have digital lines begun to terminate at the end user's premises.

It is one thing to convert a telephone company switch from analog to digital. It is quite another to rewire millions of individual customer sites, each one requiring on-site technician service. This would require a massive effort that no institution or even industry could afford to do all at one time.

In most cases, therefore, we are left with a public network that is part analog and part digital. We must, therefore, be prepared to convert analog to digital and digital to analog.


To transmit data from one DCE to another, a modem is required when any portion of the transmitting facility is analog. The modem (modulater/demodulater) modulates and demodulates digital signals for transmission over analog lines. Modulation means "changing the signals." The digital signals are changed to analog, transmitted, and then changed back to digital at the receiving end.

Modems always come in pairs-- one at the sending end and one at the receiving end. Their transmission rates vary from 50 bps to 56 Kbps (Kilobits per second).

Synchronous Versus Asynchronous

There are two ways digital data can be transmitted:

Asynchronous transmission sends data one 8-bit character at a time. For example, typing on a computer sends data from the keyboard to the processor of the computer one character at a time. Start and stop bits attach to the beginning and end of each character to alert the receiving device of incoming information. In asynchronous transmission, there is no need for synchronization. The keyboard will send the data to the processor at the rate the characters are typed. Most modems transmit asynchronously.

Synchronous transmission is a method of sending large blocks of data at fixed intervals of time. The two endpoints synchronize their clocking mechanisms to prepare for transmission. The success of the transmission depends on precise timing.

Synchronous transmission is preferable when a large amount of data must be transmitted frequently. It is better suited for batch transmission because it groups data into large blocks and sends them all at once.

The equipment need for synchronous transmission is more expensive than for asynchronous transmission so a data traffic study must be made to determine if the extra cost is justified. Asynchronous transmission is more cost effective when data communication is light and infrequent.

Error Control

The purpose of error control is to detect and correct errors resulting from data transmission.

There are several methods of performing error control. What most methods have in common is the ability to add an error checking series of bits at the end of a block of data that determines whether the data arrived correctly. If the data arrived with errors, it will contact the sending DTE and request the information be re-transmitted. Today's sophisticated error checking methods are so reliable that, with the appropriate equipment, it is possible to virtually guarantee that data transmission will arrive error-free. There are almost no reported cases of a character error in received faxes.

Error control is much more critical in data communication than in voice communication  because in voice communication, if one or two of the 8000 PCM signals per second arrive with an error, it will make almost no difference to the quality of the voice representation received.  But, imagine the consequences of a bank making a funds transfer and misplacing a decimal point on a large account.
[Image: frequencydivisionmultiplexing.png]

Function of Multiplexers

Analog and digital signals are carried between a sender and receiver over transmission facilities. It costs money to transmit information signals from Point A to Point B. It is, therefore, of prime importance to budget conscious users to minimize transmission costs.

The primary function of multiplexers is to decrease network facility line costs.

Multiplexing is a technique that combines many individual signals to form a single composite signal. This allows the transmission of multiple simultaneous calls over a single line. It would cost a lot more money to have individual lines for each telephone than to multiplex the signals and send them over a single line.

Typical transmission facilities in use today can transmit 24 to 30 calls over one line. This represents a significant savings for the end user as well as for commercial long distance and local distance carriers.


The bandwidth of a transmission medium is a critical factor in multiplexing. Bandwidth is the difference between the highest and lowest frequencies in a given range. For example, the frequency range of the human voice is between 300 Hz and 3300 Hz. Therefore, the voice bandwidth is
  • 3300 Hz - 300 Hz  =  3000 Hz
We also refer to the bandwidth of a transmission medium. A transmission medium can have a bandwidth of 9600 Hz. This means that it is capable of transmitting a frequency range up to 9600 Hz. A medium with a large bandwidth can transmit more information and be divided into more channels than a medium with a small bandwidth.

We will investigate three different methods of multiplexing:
  • Frequency Division Multiplexing (FDM)
  • Time Division Multiplexing (TDM)
  • Statistical Time Division Multiplexing (STDM)

Frequency Division Multiplexing (FDM)

FDM is the oldest of the three methods of multiplexing. It splits up the entire bandwidth of the transmission facility into multiple smaller slices of bandwidth. For example, a facility with a bandwidth of 9600 Hz can be divided into four communications channels of 2400 Hz each. Four simultaneous telephone conversations can therefore be active on the same line.

Logically, the sum of the separate transmission rates cannot be more than the total transmission rate of the transmission facility: the 9600 Hz facility could not be divided into five 2400 Hz channels because 5 x 2400 is greater than 9600.

Guard bands are narrow bandwidths (about 1000 Hz wide) between adjacent information channels (called frequency banks) which reduce interference between the channels.

The use of FDM has diminished in recent years, primarily because FDM is limited to analog transmission, and a growing percentage of transmission is digital.

Time Division Multiplexing (TDM)

Time division multiplexing has two main advantages over frequency division multiplexing:
  • It is more efficient
  • It is capable of transmitting digital signals
Instead of the bandwidth of the facility being divided into frequency segments, TDM divides the capacity of a transmission facility into short time intervals called time slots.

TDM is slightly more difficult to conceptualize than FDM. An analogy helps.

The problem is
  • We must transport the freight of five companies from New York to San Francisco. Each company wants their freight to arrive on the same day. We must be as fair as we can to prevent one company's freight from arriving before another company's. The freight from each company will fit into 10 boxcars so a total of 50 boxcars must be sent. Essentially, there are three different ways we can accomplish this.
    1. We can rent five separate locomotives and rent five separate railway tracks and send each company's freight on its own line.
    2. We can rent five separate locomotives, but only one track and send five separate trains along one line.
    3. We can join all the boxcars together and connect them to one engine and send them over a single track.
Obviously the most cost effective solution is Number 3. It saves us from renting four extra rail lines and four extra locomotives.

To distribute the freight evenly so that each company's freight arrives at the same time, the could be placed in a pattern as illustrated below:

Company A + Company B + Company C + Company A + Company B + Company C . . .

At San Francisco, the boxcars would be reassembled into the original groups of 10 for each company and delivered to their final destination.

This is exactly the principle behind TDM. Use one track (communication channel), and alternate boxcars (pieces of information) from each sending company (telephone or computer)

In other words, each individual sample of a voice or data conversation is alternated with samples from different conversations and transmitted over the same line.

Let's say we have four callers in Boston (1, 2, 3, and 4) who want to speak with four callers in Seattle (A, B, C, and D). The task is to transmit four separate voice conversations (the boxcars) over the same line (the track).

The voice conversations are sampled by PCM. This breaks each conversation into tiny 8-bit packets. For a brief moment, caller 1 sends a packet to receiver A. Then, caller 2 sends a packet to receiver B-- and so on. The result is a steady stream of interleaved packets-- just like our train example except the boxcars stretch all across the country. Notice that every fourth packet is from the same conversation. At the receiving end, the packets are reassembled and sent to the appropriate receiver at the rate of 8000 samples per seconds.

Remember that if the receiver hears the samples at the rate of 8000 times per second, it will result in good quality voice reproduction. Therefore, the packets are transmitted fast enough so that every 1/8000 of a second, a packet from each send arrives at the appropriate receiver. In other words, each conversation is connected 8000 times per second-- enough to satisfy Nyquist's Theorem.

In FDM the circuit was divided into individual frequency channels for use by each sender. In contrast, TDM divides the circuit into individual time channels. For a brief moment, each sender is allocated the entire bandwidth-- just enough time to send eight bits of information.

TDM Time Slots

Because a version of the TDM process (called STDM) is the primary switching technique in use today, it is important that this challenging concept be presented as clearly and understandably as possible. Here is a closer look at TDM, emphasizing the "T"--which stands for time.

Each transmitting device is allocated a time slot during which it is permitted to transmit. If there are three transmitting devices, for example, there will be three time slots. If there are four devices there will be four time slots.

Two devices, one transmitting and one receiving, are interconnected by assigning them to the same time slot of a circuit. This means that during their momentary shared time slot, the transmitting device is able to send a short burst of information (usually eight bits) to the receiving device. During their time slot, they use the entire bandwidth of the transmission facility but only for a short period of time. Then, in sequence, the following transmitting devices are allocated time slots during which they too use the whole bandwidth.

Clock A and Clock B at either end of the transmission must move synchronously. They rotate in unison, each momentarily making contact with the two synchronized devices (one sender and one receiver). For precisely the same moment, Clock A will be in contact with Sender 1 and Clock B will be in contact with Receiver 1, allowing one sample (8 bits) of information to pass through. The they will both rotate so that clock A comes into contact with Sender 2 and Clock B with Receiver 2. Again, one sample of information will pass. This process is repeated for as long as needed.

How fast must the clocking mechanism rotate? Again, the answer is Nyquist's theorem. If a signal is sampled 8000 times per second, an accurate representation of voice will result at the receiving end. The same theory applies with TDM. If the clocking mechanism rotates 8000 times per second, the rate of transfer from each sender and receiver must also be 8000 times per second. This is so because every revolution of the two clocking mechanisms result in each input and output device making contact once. TDM will not work if the clocking mechanism synchronization is off.

Each group of bits from one rotation of the clocking mechanism is called a frame. One method for maintaining synchronization is inserting a frame bit at the end of each frame. The frame bit alerts the demultiplexer of the end of a frame.

Statistical Time Division Multiplexing (STDM)

STDM is an advanced form of TDM and is the primary switching technique is use now. The drawback of the TDM process is that if a device is not currently transmitting, its time slot is left unused and is therefore wasted.

In contrast, is STDM, carrying capacity is assigned dynamically. If a device is not transmitting, its time slot can be used by the other devices, speeding up their transmission. In other words, a time slot is assigned to a device only if it has information to send. STDM eliminates wasted carrying capacity.
Transmission Media
[Image: q1.png]

Voice and data information is represented by waveforms and transmitted to a distant receiver. However, information does not just magically route itself from Point A to Point B. It must follow some predetermined path. This path is called a transmission medium, or sometimes a transmission facility.

The type of transmission medium selected to join a sender and receiver can have a huge effect on the quality, price, and success of a transmission. Choosing the wrong medium can make the difference between an efficient transmission and an inefficient transmission.

Efficient means choosing the most appropriate medium for a given transmission. For example, the most efficient medium for transmitting a normal call from your home to your neighbor is probably a simple pair of copper wires. It is inexpensive and it gets the job done. But if we were to transmit 2-way video teleconferencing from Bombay to Burbank, one pair of wires might be the least efficient medium and get us into a lot of trouble.

A company may buy all the right equipment and understand all the fundamentals, but if they transmit over an inappropriate medium, they would probably be better off delivering handwritten messages than trying to use the phone.

There are a number of characteristics that determine the appropriateness of each medium for particular applications:
  • cost
  • ease of installation
  • capacity
  • rate of error
In choosing a transmission medium, these and many other factors must be taken into consideration.


The transmission media used in telecommunications can be divided into two major categories: conducted and radiated. Examples of conducted media include copper wire, coaxial cable, and fiber optics. Radiated media include microwave and satellite.

A circuit is a path over which information travels. All of the five media serve as circuits to connect two or more devices.

A channel is a communication path within a circuit. A circuit can contain one or more channels. Multiplexing divides one physical link (circuit) into several communications paths (channels).

The bandwidth of a circuit is the range of frequencies it can carry. The greater the range of frequencies, the more information can be transmitted. Some transmission media have a greater bandwidth than others and are therefore able to carry more traffic.

The bandwidth of a circuit is directly related to its capacity to carry information.

Capacity is the amount of information that may pass through a circuit in a given amount of time. A high capacity circuit has a large amount of bandwidth-- a high range of frequencies-- and can therefore transmit a lot of information.

Copper Cable

Copper cable has historically been the most common medium. It has been around for many years and today is most prevalent in the local loop--the connection between a residence or business and the local telephone company.

Copper cables are typically insulated and twisted in pairs to minimize interference and signal distortion between adjacent pairs. Twisting thewires into pairs results in better quality sound which is able to travel a greater distance.

Shielded twisted pair is copper cable specially insulated to reduce the high error rate associated with copper transmission by significantly reducing attenuation and noise.

Copper cable transmission requires signal amplification approximately every 1800 meters due to attenuation.

Advantages of Copper Cable
  • There is plenty of it and its price is relatively low.
  • Installation of copper cable is relatively easy and inexpensive.

Disadvantages of Copper Cable
  • Copper has a high error rate.
  • Copper cable is more susceptible to electromagnetic interference (EMI) and radio frequency interference (RFI) than other media. These effects can produce noise and interfere with transmission.
  • Copper cable has limited bandwidth and limited transmission capacity.

    The frequency spectrum range (bandwidth) of copper cable is relatively low -- approximately one megahertz (one million Hz). Copper circuits can be  divided into fewer channels and carry less information than the other media.
Typical Applications of Copper Cable
  • Residential lines from homes to the local CO (called the local loop).
  • Lines from business telephone stations to an internal PBX.

Coaxial Cable

Coaxial cable was developed to provide a more effective way to isolate wires from outside influence, as well as offering greater capacity and bandwidth than copper cable.

Coaxial cable is composed of a central conductor wire surrounded by insulation, a shielding layer and an outer jacket.

Coaxial cable requires signal amplification approximately every 2000 meters.

Advantages of Coaxial Cable
  • Coaxial cable has higher bandwidth and greater channel capacity than copper wire. It can transmit more information over more channels than copper can.
  • Coaxial cable has lower error rates. Because of its greater insulation, coaxial is less affected by distortion, noise, crosstalk (conversations  from adjacent lines), and other signal impairments.
  • Coaxial cable has larger spacing between amplifiers.
Disadvantages of Coaxial Cable
  • Coaxial cable has high installation costs. It is thicker and less flexible and is more difficult to work with than copper wire.
  • Coaxial cable is more expensive per foot than copper cable
Typical Applications
  • Data networks
  • Long distance networks
  • CO-to-CO connections


For transmission by microwave, electrical or light signals must be transformed into high-frequency radio waves. Microwave radio transmits at the high end of the frequency spectrum --between one gigahertz (one billion Hz) and 30 GHz.

Signals are transmitted through the atmosphere by directly aiming one dish at another. A clear line-of-sight must exist between the transmitting and receiving dishes because microwave travels in a straight line. Due to the curvature of the earth, microwave stations are spaced between 30 and 60 kilometers apart.

To compensate for attenuation, each tower is equipped with amplifiers (for analog transmission) or repeaters (for digital transmission) to boost the signal.

Before the introduction of fiber optic cable in 1984, microwave served as the primary alternative to coaxial cable for the public telephone companies.

Advantages of Microwave
  • Microwave has high capacity. Microwave transmission offers greater bandwidth than copper or coaxial cable resulting in higher transmission rates and more voice channels.
  • Microwave has low error rates.
  • Microwave systems can be installed and taken down quickly and inexpensively. They can be efficiently allocated to the point of greatest need in a network. Microwave is often used in rural areas because the microwave dishes can be loaded on trucks, moved to the desired location, and installed quickly.
  • Microwave requires very little power to send signals from dish to dish because transmission does not spread out into the atmosphere. Instead it travels along a straight path toward the next tower.
  • Microwave has a low Mean Time Between Failures (MTBF) of 100,000 hours-- or only six minutes of down time per year.
  • Microwave is good for bypassing inconvenient terrain such as mountains and bodies of water.
Disadvantages of Microwave
  • Microwave is susceptible to environmental distortions. Factors such as rain, snow, and heat can cause the microwave beam to bend and vary. This affects signal quality.
  • Microwave dishes must be focused in a straight line-of-sight. This can present a problem over certain terrain or in congested cities. Temporary physical line-of-sight interruptions, such as a bird or plane flying through the signal pathway, can result in a disruption of signals.
  • Microwave usage must be registered with appropriate regulatory agencies. These agencies monitor and allocate frequency assignments to prevent systems from interfering with each other.
  • Extensive use of microwave in many busy metropolitan areas has filled up the airwaves, limiting the availability of frequencies.
Typical Applications
  • Private networks
  • Long distance networks


Satellite communication is a fast growing segment of the telecommunications market because it provides reliable, high capacity circuits.

In most respects, satellite communication is similar to microwave communication. Both use the same very high frequency (VHF) radio waves and both require line-of-sight transmission. A satellite performs essentially the same function as a microwave tower.

However, satellites are positioned 36,000 kilometers above the earth in a geosynchronous orbit, This means they remain stationary relative to a given position on the surface of earth.

Another difference between microwave and satellite communications is their transmission signal methods. Microwave uses only one frequency to send and receive messages. Satellites use two different frequencies--one for the uplink and one for the downlink.

A device called a transponder is carried onboard the satellite. It receives an uplink signal beam from a terrestrial microwave dish, amplifies (analog) or regenerates (digital) the signal, then retransmits a downlink signal beam to the destination microwave dish on the earth. Today's satellites have up to 48 transponders, each with a capacity greater than 100 Mbps.

Because of the long distance traveled, there is a propagation delay of 1/2 second inherent in satellite communication. Propagation delay is noticeable in phone conversations and can be disastrous to data communication.

A unique advantage of satellite communication is that transmission cost is not distance sensitive. It costs the same to send a message across the street as around the world.

Another unique characteristic is the ability to provide point-to-multipoint transmission. The area of the surface of the earth where the downlinked satellite signals can be received is called its footprint. Information uplinked from the earth can be broadcast and retransmitted to any number of receiving dishes within the satellite's footprint. Television broadcast is a common application of point-to-multipoint transmission.

Advantages of Satellite Transmission
  • Satellite transmission provides access to wide geographical areas (up to the
    size of the satellite's footprint), point-to-multipoint broadcasting, a large
    bandwidth, and is very reliable.
Disadvantages of Satellite Transmission
  1. Problems associated with satellite transmission include: propagation delay,  licensing requirement by regulatory agencies security issue concerning the  broadcast nature of satellite transmission. Undesired parties within a  satellites footprint may illicitly receive downlink transmission.
  2. Installation requires a satellite in orbit.

Fiber Optics

Fiber optics is the most recently developed transmission medium. It represents an enormous step forward in transmission capacity. A recent test reported transmission rates of 350 Gbps (350 billion bits), enough bandwidth to support millions of voice calls. Furthermore, a recently performed record- setting experiment transmitted signals 10,000 Km without the use of repeaters, although in practice 80 to 300 Km is the norm. Recall the need for repeaters every kilometer or so with copper wire and coaxial.

Fiber optics is the most recently developed transmission medium. It Fiber optics communication uses the frequencies of light to send signals. A device called a modulator converts electrical analog or digital signals into light pulses. A light source pulses light on and off billions and even trillions of times per second (similar to a flashlight turned on and off-- only faster). These pulses of light are translated into binary code. The positive light pulse represents 1; a negative light pulse (no light) represents 0. Fiber optics is digital in nature.

The light is then transmitted along a glass or plastic fiber about the size of a human hair. At the receiving end, the light pulses are detected and converted back to electrical signals by photoelectric diodes.

Advantages of Fiber Optics
  • Fiber optics has an extremely high bandwidth. In fact, fiber optic bandwidth is almost infinite, limited only by the ability of engineers to increase the frequency of the pulses of light. Current technology achieves a frequency of 100 terahertz (one million billion).
  • Fiber optics is not subject to interference or electromagnetic impairments as are the other media.
  • Fiber optics has an extremely low error rate-- approximately one error per 1,000,000,000,000.
  • Fiber optics has a low energy loss translating into fewer repeaters/regenerators per long distance transmission.
  • Fiber is a glass and glass is made of sand. There will never by a shortage of raw material for fiber.
Disadvantages of Fiber Optics
  • Installation costs are high for a fiber optic system. Currently it costs approximately $41,000 per km to install a fiber optic system. The expense of laying fiber is primarily due to the high cost of splicing and joining fiber. The cost will almost certainly decrease dramatically as less expensive methods of splicing and joining fiber are introduced.
  • A potential disadvantage of fiber optics results from its enormous carrying capacity. Occasionally a farmer or construction worker will dig into the earth and unintentionally split a fiber optic cable. Because the cable can carry so much information, an entire city could lose its telephone communication from just one minor mishap.
[Image: InLgj162PxTT0pUIB_jV1S1dzcIFlWp74co535wr...S8N34pgUZF]

Types of Signals

When a subscriber picks up the phone to place a call, he dials digits to signal the network. The dialed digits request a circuit and tell the network where to route the call--a simple enough procedure for the caller. But in fact, it involves a highly sophisticated maze of signaling to and from switches and phones to route and monitor the call. Signaling functions can be divided into three main categories.

  • Addressing signals determine the destination of a call. They transmit routing information throughout the network. Two of the most important are
    • Dial Pulse: These address signals are generated by alternately opening and closing a contact in a rotary phone through which direct current flows. The number of pulses corresponds to the number of the dialed digit.
    • Tone: These address signals send a unique tone or combination of tones which correspond to the dialed digit.
  • Alerting signals inform the subscriber of call processing conditions.. These signals include:
    • Dial tone
    • The phone ringing
    • Flashing lights that substitute for phone ringing
    • Busy signal
  • Let's take a look at how signaling is used to set up a typical call over the public network.
    1. Caller A goes off-hook
    2. The CO detects a change in state in the subscriber's line. The CO responds by sending an alerting signal (dial tone) to caller A to announce that dialing may begin. The CO marks the calling line busy so that other subscribers can not call into it. If another subscriber attempts to phone caller A, he will get the alerting busy signal. Caller A dials the digits using tones from the keypad or dial pulses from a rotary phone.
    3. The dialed digits are sent as addressing signals from caller A to CO A
    4. CO A routes the addressing signals to CO B.
    5. Supervisory signals in CO B test caller B to determine if the line is free. The line is determined to be free.
    6. CO B sends alerting signals to caller B, which causes caller B's telephone to ring.
This is an example of a local call which was not billed to the customer. If the call had been a billable, long distance call, it would have used a supervisory signal known as answer supervision. When the receiving end of a long distance call picks up, it sends a signal to its local CO. The CO then sends an answer supervision signal to the caller's CO telling it that the phone was picked up and it is time to begin billing.

Where on the Circuit Does Signaling Occur?

There are only three places where signaling can occur:
  • In-band means on the same circuit as voice, within the voice frequency range (between 300 and 3400 Hz).
  • Out-of-band means on the same circuit as voice, outside of the voice frequency range (3400 - 3700 Hz).
  • Common Channel Signaling (CCS) means signaling occurs on a completely separate circuit.

The frequency range of human voice is approximately 0 - 4000 Hz. However, most voice signals fall in the area between 300 and 3400 Hz. Therefore, to save bandwidth, telephones only recognize signals between 300 and 3400 Hz. It is conceivable that someone with an extremely high voice would have difficulty communicating over the telephone.

In-band and Out-of-band

In-band signaling (300 to 3400 Hz) can take the form of either a single frequency tone (SF signaling) of a combination of tones (Dual Tone Multifrequency - DTMF). DTMF is the familiar touch tone.

Out-of-band signaling (3400 to 3700 Hz) is always single frequency (SF).

In other words, using the frequency range from 300 to 3700 Hz, there are three methods of signaling.
  • Method A: In-band (300 to 3400 Hz) by a single frequency (SF)
  • Method B: In-band (300 to 3400 Hz) by multifrequencies (DTMF)
  • Method C: Out-of-band (3400 to 3700 Hz) by a single frequency (SF)

Single Frequency (SF) Signaling

Methods A and C are examples of Single Frequency (SF) signaling. SF signaling is used to determine if the phone line is busy (supervision) and to convey dial pulses (addressing).
  • Method A: In-band SF signaling uses a 2600 Hz tone which is carried over the frequency bandwidth of voice (remember the frequency bandwidth of voice is between 300 and 3300 Hz), within the speech path. So as not to interfere with speech, it is present before the call but is removed once the circuit is seized and speech begins. After the conversation is over, it may resume signaling. It does not, however, signal during the call because it would interfere with voice which also may transmit at 2600 Hz. Special equipment prevents occasional 2600 Hz speech frequencies from accidentally setting off signals.
  • Method C: To improve signaling performance, SF out-of-band signaling was developed. It uses frequencies above the voice frequency range (within the 3400 to 3700 Hz bandwidth) to transmit signals.
The problem with Methods A and C is that they are easily susceptible to fraud. In the late 1960s, one of the most popular breakfast cereals in America had a promotion in which they packaged millions of children's whistles, one in each specially marked box. Never did General Mills, the producer of the cereal, anticipate the fraud they would be party to. It turned out that the whistles emitted a pure 2600 Hz tone, exactly the
tone used in Method A. It did not take long for hackers to discover that if they blew the whistles into the phones while making a long distance phone call, it tricked the telephone company billing equipment and no charge was made.

This trick grew into its own little cottage industry, culminating in the infamous mass produced Blue Boxes which played tones that fooled telephone billing equipment out of millions of dollars.
  • Method B: DTMF was introduced to overcome this fraud, as well as to provide better signaling service to the customer. Instead of producing just one signaling frequency, DTMF transmits numerical address information from a phone by sending a combination of two frequencies, one high and one low, to represent each number/letter and * and # on the dial pad. The usable tones are located in the center of the voice communication frequencies to minimize the effects of distortion.

Drawbacks to SF and DTMF Signaling

There are drawbacks to both SF and DTMF signaling that are promoting their replacement in long distance toll circuits. The most important is that these signals consume time on the circuit while producing no revenues. Every electrical impulse, be it a voice conversation or signaling information, consumes circuit time. Voice conversations are billable. Signaling is not. Therefore, it is in the best interest of the phone carriers to minimize signaling.

Unfortunately, almost half of all toll calls are not completed because the called party is busy, not available or because of CO blockage. Nevertheless, signals must be generated to attempt to set up, then take down the call. Signals are generated but no revenue is produced. For incompleted calls, these signals compete with revenue producing signals (whose calls were completed) for scarce circuit resources.

CCS introduced several benefits to the public network:
  • Signaling information was removed from the voice channel, so control information could travel at the same time as voice without taking up valuable bandwidth from the voice channel.
  • CCS sets up calls faster, reducing signaling time and freeing up scarce resources.
  • It cost less than conventional signaling.
  • It improves network performance.
  • It reduces fraud.

Signaling System 7  (SS7)

Today the major long distance carriers use a version of CCS called Signaling System 7 (SS7). It is a standard protocol developed by the CCITT, a body which establishes international standards.

Common Channel Signaling (CCS)

Common Channel Signaling (CCS) is a radical departure from traditional signaling methods. It transmits signals over a completely different circuit than the voice information. The signals from hundreds or thousands of voice conversations are carried over a single common channel.

Introduced in the mid-1970s CCS uses a separate signaling network to transmit call setup, billing, and supervisory information. Instead of sending signals over the same communication paths as voice or data, CCS employs a full network dedicated to signaling alone.

Loop Start Versus Ground Start Signaling

Establishing an electrical current connection with a CO can be done in several different ways. Here are a few of the possibilities

Loop Start

Inside of the CO, there is a powerful, central battery that provides current to all subscribers. Loop start is a method of establishing the flow of current from the CO to a subscriber's phone.

The two main components of a loop start configuration are
  • The tip (also called the A line) is the portion of the line loop between the CO and the subscriber's phone that is connected to the positive, grounded side of the battery.
  • The ring (also called the B line) is the portion of the line loop between the CO and the subscriber's phone that is connected to the negative, ungrounded side of the battery.
To establish a loop start connection with the CO, a subscriber goes off-hook. This closes a direct current (DC) path between the tip and ring and allows the current to flow in a loop from the CO battery to the subscriber and back to the battery. Once the current is flowing, the CO is capable of sending alerting signals (dial tone) to the subscriber to begin a connection.

The problem with loop start signaling is a phenomenon called glare that occurs in trunks between a CO and a PBX. When a call comes into a PBX from CO trunk, the only way the PBX knows that the trunk circuit is busy is the ringing signal sent from the CO.

Unfortunately the ringing signal is transmitted at six second intervals. For up to six seconds at a time, the PBX does not know there is a call on that circuit. If an internal PBX caller wishes to make an outgoing call, the PBX may seize the busy trunk call at the same time. The result is confused users on either end of the line, and the abandonment of both calls.

Ground Start

Ground start signaling overcomes glare by immediately engaging a circuit seize signal on the busy trunk. The signal alerts the PBX that the circuit is occupied with an incoming call and cannot be used for an outgoing call.

Ground start is achieved by the CO by grounding the tip side of the line immediately upon seizure by an incoming call. The PBX detects the grounded tip and is alerted not to seize this circuit for an outgoing call, even before ringing begins.

Because ground start is so effective at overcoming glare, it is commonly used in trunks between the CO and a PBX.

E & M

E & M signaling is used in tie lines which connect two private telephone switches. In E & M signaling, information is transmitted from one switch to another over two pairs of wires. Voice information is sent over the first pair, just as it would be in a Loop Start or Ground Start trunk. However, instead of sending the signaling information over the same pair of wires, it is sent over the second pair of wires.

Possibly Related Threads…
Thread Author Replies Views Last Post
  responsibly posting findings and observations from darknets neftis 0 310 05-14-2022, 12:10 AM
Last Post: neftis
  primitive creature blindly using nmap, scapy, and wireshark neftis 0 1,380 04-14-2022, 04:30 PM
Last Post: neftis
  Firewalls and evasion techniques illmanors 0 12,533 07-19-2018, 09:22 PM
Last Post: illmanors
  Introduction to VLAN Hopping srotomalset 0 13,573 07-02-2018, 12:40 AM
Last Post: srotomalset