In the last post, we looked at creating a 15.75 kilometre SSH link with two RNodes acting as wireless network cards. Today, we’re going to be a bit more passive. Using just a single RNode, we’ll put the device into promiscuous mode to sniff LoRa packets and dump them to a computer.
For this to work, the RNode must be in host-controlled mode. This is the default, but if you have been following along with the previous examples, now is a good time to use the RNode Config Utility to put the device back into host-controlled mode. Remember to replace /dev/ttyUSB0 with the serial port your device is attached to.
./rnodeconf /dev/ttyUSB0 -N
The device is now ready to listen for packets! We’ll use a program made specifically for this purpose, called LoRaMon. If you already have Python3 and pip installed, you can install LoRaMon very easily with pip:
pip3 install loramon
You can also clone it directly from my GitHub repository if you prefer that:
git clone https://github.com/markqvist/LoRaMon.git
Once you’ve got it installed, you can run loramon without any arguments to display the usage information.
usage: loramon [-h] [-C] [-W directory] [--freq Hz] [--bw Hz] [--txp dBm] [--sf factor] [--cr rate] [port] LoRa packet sniffer for RNode hardware. positional arguments: port Serial port where RNode is attached optional arguments: -h, --help show this help message and exit -C, --console Print captured packets to the console -W directory Write captured packets to a directory --freq Hz Frequency in Hz --bw Hz Bandwidth in Hze --txp dBm TX power in dBm --sf factor Spreading factor --cr rate Coding rate
As you can see, we’ll need to specify the serial port the RNode is connected to, and what frequency we will listen on, as well as which LoRa parameters we are using. It’s worth noting that the coding rate (–cr flag) is primarily used to specify the coding rate if LoRaMon is used to inject packets. RNode will pick up packets with any coding rate, but will send them out as specified by the parameter.
So let’s make LoRaMon listen on 868.1 MHz, with a 125 KHz bandwidth, and spreading factor 7. We just set the coding rate to the default of 5. I’ll also make LoRaMon dump packets to the directory “loracapture” by using the -W flag:
./loramon /dev/ttyUSB0 -C -W loracapture --freq 868100000 --bw 125000 --sf 7 --cr 5
You should see something similar to this:
[2018-07-01 21:13:59] Opening serial port /dev/tty.usbserial-DN03E0FS... [2018-07-01 21:14:02] RNode connected [2018-07-01 21:14:02] Firmware version: 1.06 [2018-07-01 21:14:02] Radio reporting frequency is 868.1 MHz [2018-07-01 21:14:02] Radio reporting bandwidth is 125.0 KHz [2018-07-01 21:14:02] Radio reporting TX power is 2 dBm [2018-07-01 21:14:02] Radio reporting spreading factor is 7 [2018-07-01 21:14:02] Radio reporting coding rate is 5 [2018-07-01 21:14:02] RNode in LoRa promiscuous mode and listening
That’s it! The RNode is now in promiscuous mode, and sniffing out LoRa packets. All captured packets will be dumped to the console, and also written to the specified directory.