In short - not without building a lot of stuff yourself. Take some time to read through the 3gpp docs. The OTA stuff has at least 9 different permutations of MAC where different logical links pass over different physical links. Sure, you can - in theory - get any ol' handset to give up what's going on over the air, but unless the operator is still in 2g mode (and almost no one is operating a 2g network) all that you get is useless. For instance, default data encryption scheme in 3g is KASUMI (aka A5/3), which is technically breakable - but not in realtime, not 100%, and not without lots of known data to search for. Since I haven't come across a carrier yet that operates without encryption turned on, you won't be able to do anything useful with the data you get - even assuming you're getting the rlc packets.
Anyway, at the end of the day, what exactly do you think you're going to find?