Mobile network is used by many users worldwide for diverse services, including phone-call, messaging and data transfer over the Internet. However, this network may experience massive damage if it is exposed to cyber-attacks or denial-of-service attacks via wireless communication interference. Because the mobile network is also used as an emergency network in cases of disaster, evaluation or verification for security and safety is necessary as an important nation-wide asset. However, it is not easy to analyze the mobile core network because it’s built and serviced by private service providers, exclusively operated, and there is even no separate network for testing. Thus, in this paper, a virtual mobile network is built using OpenAirInterface, which is implemented based on 3GPP standards and provided as an open source software, and the structure and protocols of the core network are analyzed. In particular, the S1AP protocol messages captured on S1-MME, the interface between the base station eNodeB and the mobility manager MME, are analyzed to identify potential security threats by evaluating the effect of the messages sent from the user terminal UE to the mobile core network.