In the last post, we looked at creating a 15.75 kilometre SSH link with two RNodes acting as wireless network cards. Today, we’re going to be a bit more passive. Using just a single RNode, we’ll put the device into promiscuous mode to sniff LoRa packets and dump them to a computer.

For this to work, the RNode must be in host-controlled mode. This is the default, but if you have been following along with the previous examples, now is a good time to use the RNode Config Utility to put the device back into host-controlled mode. Remember to replace /dev/ttyUSB0 with the serial port your device is attached to.

./rnodeconf /dev/ttyUSB0 -N

The device is now ready to listen for packets! We’ll use a program made specifically for this purpose, so head over to LoRaMon on github and download it, or just clone it directly:

git clone

Once you’ve got it downloaded, you can run loramon without any arguments to display the usage information.

usage: loramon [-h] [-C] [-W directory] [--freq Hz] [--bw Hz] [--txp dBm]
               [--sf factor] [--cr rate]

LoRa packet sniffer for RNode hardware.

positional arguments:
  port           Serial port where RNode is attached

optional arguments:
  -h, --help     show this help message and exit
  -C, --console  Print captured packets to the console
  -W directory   Write captured packets to a directory
  --freq Hz      Frequency in Hz
  --bw Hz        Bandwidth in Hze
  --txp dBm      TX power in dBm
  --sf factor    Spreading factor
  --cr rate      Coding rate

As you can see, we’ll need to specify the serial port the RNode is connected to, and what frequency we will listen on, as well as which LoRa parameters we are using. It’s worth noting that the coding rate (–cr flag) is primarily used to specify the coding rate if LoRaMon is used to inject packets. RNode will pick up packets with any coding rate, but will send them out as specified by the parameter.

So let’s make LoRaMon listen on 868.1 MHz, with a 125 KHz bandwidth, and spreading factor 7. We just set the coding rate to the default of 5. I’ll also make LoRaMon dump packets to the directory “loracapture” by using the -W flag:

./loramon /dev/ttyUSB0 -C -W loracapture --freq 868100000 --bw 125000 --sf 7 --cr 5

You should see something similar to this:

[2018-07-01 21:13:59] Opening serial port /dev/tty.usbserial-DN03E0FS...
[2018-07-01 21:14:02] RNode connected
[2018-07-01 21:14:02] Firmware version: 1.06
[2018-07-01 21:14:02] Radio reporting frequency is 868.1 MHz
[2018-07-01 21:14:02] Radio reporting bandwidth is 125.0 KHz
[2018-07-01 21:14:02] Radio reporting TX power is 2 dBm
[2018-07-01 21:14:02] Radio reporting spreading factor is 7
[2018-07-01 21:14:02] Radio reporting coding rate is 5
[2018-07-01 21:14:02] RNode in LoRa promiscuous mode and listening

That’s it! The RNode is now in promiscuous mode, and sniffing out LoRa packets. All captured packets will be dumped to the console, and also written to the specified directory.

Leave a Reply

Your email address will not be published. Required fields are marked *