Home | Guides | Software | Hardware | Discussions | Shop | Contact Me | Donate


2018-07-02

LoRa packet sniffing with RNode

In the last post, we looked at creating a 15.75 kilometre SSH link with two RNodes acting as wireless network cards. Today, we're going to be a bit more passive. Using just a single RNode, we'll put the device into promiscuous mode to sniff LoRa packets and dump them to a computer.

For this to work, the RNode must be in host-controlled mode. This is the default, but if you have been following along with the previous examples, now is a good time to use the RNode Config Utility to put the device back into host-controlled mode. Remember to replace /dev/ttyUSB0 with the serial port your device is attached to.

rnodeconf /dev/ttyUSB0 -N

The device is now ready to listen for packets! We'll use a program made specifically for this purpose, called LoRaMon. If you already have Python3 and pip installed, you can install LoRaMon very easily with pip:

pip install loramon

You can also clone it directly from my GitHub repository if you prefer that:

git clone https://github.com/markqvist/LoRaMon.git

Once you've got it installed, you can run loramon without any arguments to display the usage information.

usage: loramon [-h] [-C] [-H] [-W directory] [--freq Hz] [--bw Hz]
               [--txp dBm] [--sf factor] [--cr rate]
               [--implicit length]
               [port]

LoRa packet sniffer for RNode hardware.

positional arguments:
  port               Serial port where RNode is attached

options:
  -h, --help         show this help message and exit
  -C, --console      Print captured packets to the console
  -H, --hex          Print out packets as hexadecimal
  -W directory       Write captured packets to a directory
  --freq Hz          Frequency in Hz
  --bw Hz            Bandwidth in Hz
  --txp dBm          TX power in dBm
  --sf factor        Spreading factor
  --cr rate          Coding rate
  --implicit length  Packet length in implicit header mode

As you can see, we'll need to specify the serial port the RNode is connected to, and what frequency we will listen on, as well as which LoRa parameters we are using. It's worth noting that the coding rate (--cr flag) is primarily used to specify the coding rate if LoRaMon is used to inject packets. RNode will pick up packets with any coding rate, but will send them out as specified by the parameter.

So let's make LoRaMon listen on 868.1 MHz, with a 125 KHz bandwidth, and spreading factor 7. We just set the coding rate to the default of 5. I'll also make LoRaMon dump packets to the directory "loracapture" by using the -W flag:

./loramon /dev/ttyUSB0 -C -W loracapture --freq 868100000 --bw 125000 --sf 7 --cr 5

You should see something similar to this:

[2018-07-01 21:13:59] Opening serial port /dev/tty.usbserial-DN03E0FS...
[2018-07-01 21:14:02] RNode connected
[2018-07-01 21:14:02] Firmware version: 1.06
[2018-07-01 21:14:02] Radio reporting frequency is 868.1 MHz
[2018-07-01 21:14:02] Radio reporting bandwidth is 125.0 KHz
[2018-07-01 21:14:02] Radio reporting TX power is 2 dBm
[2018-07-01 21:14:02] Radio reporting spreading factor is 7
[2018-07-01 21:14:02] Radio reporting coding rate is 5
[2018-07-01 21:14:02] RNode in LoRa promiscuous mode and listening

That's it! The RNode is now in promiscuous mode, and sniffing out LoRa packets. All captured packets will be dumped to the console, and also written to the specified directory.