You can't break encryption between the handset and the tower in real time - takes a while to brute force - if you're a 3 letter agency then I can think of more than a few reasons why this would be the better method, otherwise...

The microwave links between cell towers and the exchange are bog standard E1's and T1's mostly, though I have seen a few E2's, E4's and T2's in my travels.

For about $1000 USD you can build yourself a nice little system to listen in on phone calls and internet - add a couple extra $thousand (give or take) if you want a very basic spectrum analyzer - a few hundred thousand if you want something nice : )

These days there is a ton of software to help you out, plenty of manufacturers happy to sell you CEPT analyzers that plug right in your PCI port. Wireshark and similar utilities will bust open the packet switched stuff for you too.

There are only a very small handful of networks that don't do encryption - most phones will only pop up a message if the network is not encrypted. Probably only Nokia know what happens with the N900 in this regard.