I’ve seen a number of questions about these issues in the past couple of
days, so I’m addressing this from my own knowledge.
Can we detect Bluetooth and WiFi with GNU Radio?
I’m making two assumptions: we’re using the USRP and WiFi/802.11 is
specifically addressing 802.11a/b/g.
The answer is no. The bandwidth is too large for the system to currently
handle. If you tune the GNU Radio to the center frequency of an 802.11
channel, you’ll see what looks like a rise in the noise floor (and,
under
these conditions, it really is a rise in the noise) when there is a
transmission.
Bluetooth signals hop from 2.402 - 2.480 MHz; 79 1 MHz channels at a
rate of
1600 hops per second. The GNU Radio cannot look a the entire band all at
once, so if you look at a particular slice (~4 MHz) of spectrum, you
might
catch a glimpse of a signal every now and then, unless you can plug in
the
right frequency hopping sequence (I think I have both MATLAB and C++
code to
do this, buried somewhere, but then you’d need the master address (easy)
and
its clock (difficult) to do it; and I’m not sure if the USRP’s can
change
frequency and settle fast enough for this).
If you have some 1 or 2 Mbps 802.11 devices to use, the BBN guys have
done
work on receiving those (search the list, it’s been addressed a number
of
times in the past).
Hope this clears a bit up,
Tom
Hi !!
Thank you very much for the help!!!
But still I have one question. (See the highlighted part)
Is there any example program to just detect the presence of wi-fi or
Bluetooth.
I’m just interested in detecting the presence of any of these signals in
the
environment. I don’t want to transfer any data/packets using SDR. I just
need to detect the presence or absence of a signal.
Please help me regarding this.
Thanks again.
Regards,
Dheeraj
On 12/5/06, Dheeraj S. Aralumallige [email protected] wrote:
But still I have one question. (See the highlighted part)
Is there any example program to just detect the presence of wi-fi or
Bluetooth.
I think Tom answered this question really well. No, it is currently
not possible to detect bluetooth because the bandwidth of the USRP is
not high enough to cover the whole 2.4 GHz ISM band (~80 MHz) at once.
For Wi-Fi, it is possible as long as you are only interested in one
channel.
Nevertheless, there is a spectrum sweep example
(gnuradio-example/usrp/usrp_spectrum_sense.py). This application can
sense a large bandwidth, but not in real time! It can do a sweep over
a very large frequency range, but it will very likely not be able to
detect bluetooth (since it is frequency hopping) nor 802.11b/g since
this will most likely just look like noise. Anyway, it is difficult to
just detect wi-fi without trying to decode it, since it is not a
continuous signal, i.e., packet oriented. Therefore, you won’t have a
nice peak in your fft, compared to a radio broadcast channel. I
suggest you look at the wi-spy (http://www.metageek.net/) if you just
want to detect bluetooth or wi-fi. That might be a cheaper and simpler
solution to your problem.
Hope that helps. Cheers,
Thomas
If you have some 1 or 2 Mbps 802.11 devices to use, the BBN guys have
done
work on receiving those (search the list, it’s been addressed a number
of
times in the past).
Yes, and also note that normally an AP will send beacons at 1 Mbps
even if it is a b/g AP.
Comments are welcome on README.organization in the source about where
the various blocks needed for 802.11 demod should go.
Nevertheless, there is a spectrum sweep example
(gnuradio-example/usrp/usrp_spectrum_sense.py). This application can
sense a large bandwidth, but not in real time! It can do a sweep over
a very large frequency range, but it will very likely not be able to
detect bluetooth (since it is frequency hopping) nor 802.11b/g since
this will most likely just look like noise. Anyway, it is difficult to
just detect wi-fi without trying to decode it, since it is not a
continuous signal, i.e., packet oriented. Therefore, you won’t have a
nice peak in your fft, compared to a radio broadcast channel.
Actually, you get a reasonable plot. Although you can only sense a
maximum of ~6 Mhz at once, doing so in steps of frequency gives a fair
idea. I made some changes to the spectrum_sense example, so as to a
fftshift and remove outer 25% of the bins. I used a frequency step of
0.5 Mhz and also passed it through the log10 block. Attached are the
plots for entire spectrum (spec.pdf) and channel 1 (0.5m.pdf).
Although, I am not sure what the “UNITS” are, they should give a sense
of the relative powers at different frequencies. (Would they end up
in dB as I passed it through the log10 block? I couldnt particularly
understand Eric’s code i.e. what is passed to the log10 block)
Thanks,
Shravan
Dheeraj S. Aralumallige schrieb:
I’m just interested in detecting the presence of any of these signals
in the environment. I don’t want to transfer any data/packets using
SDR. I just need to detect the presence or absence of a signal.
Please help me regarding this.
You can ‘sweep’ the range 2.4 Ghz range that 802.11/Bluetooth exist on.
You
can probably detect transmitter energy. You may even be able to see the
‘shape’
of spectrum associated with either DSS or OFDM, and probably be able to
distingish
that from say a Microwave oven in operation… But to specifically say
this energy is from a 802.11/Bluetooth device, is not possible without
attempting
to decode the transmitted packet data.
In 802.11 each channel is 20 Mhz wide, since I’m just tuning into
GNURadio, the USRP,
I don’t know what it’s operational limits are. From my experience
looking at
spectra given by more expensive spectrum analyzers in the 2.4 GHz band,
the energy
envelope is identifiable, but not identifiable to the point of knowing
that it is
an 802.11 signal, unless I’m also controling the interface card, and
know I’m transmitting
on a particular 802.11 channel.
Other divices such as Bluetooth, or cordless phones that operate in the
band, I’m not
familiar with, as that is not my usual area of work. If Bluetooth ‘hops’
across the full
ISM 2.4 GHz band, then one can only see an occasional burst of energy,
and maybe make
some estimate given a limited window, or sweep through the band, but
dwelling in a
particular frequency range long enough to ‘catch’ a hopper pattern.
John C…
Hi Shravan,
That is really cool. Can you share with us your modifications to the
script and the command line you used? I would like to try this at my
home where I see like 20 APs from my neighbors and compare it to the
plot of the wi-spy.
Thomas
On Wed, Dec 06, 2006 at 12:01:03AM -0500, Tom R. wrote:
channel, you’ll see what looks like a rise in the noise floor (and, under
frequency and settle fast enough for this).
If you have some 1 or 2 Mbps 802.11 devices to use, the BBN guys have done
work on receiving those (search the list, it’s been addressed a number of
times in the past).
Hope this clears a bit up,
Tom
Actually, I think you should be able to detect Bluetooth without too
much trouble. If you just stare at a single point in the spectrum you
should be able to reliably detect 7 1 MHz channel’s worth of data.
IIRC the hopping sequence is known, and thus you should be able to
determine if what you are seeing is bluetooth or not, even though you
are seeing only 7 out of 79 channels.
Eric
On Wed, Dec 06, 2006 at 02:13:39PM -0500, Tom R. wrote:
I was thinking that, too, but you’ll just see short blips on the screen.
Actually, if I get another second to breathe today, I’m going to see if I
can make it happen and see what can be seen.
Good. I was thinking along the line of actually trying to demod the
packets.
Eric
specifically addressing 802.11a/b/g.
1600 hops per second. The GNU Radio cannot look a the entire band all at
frequency and settle fast enough for this).
Actually, I think you should be able to detect Bluetooth without too
much trouble. If you just stare at a single point in the spectrum you
should be able to reliably detect 7 1 MHz channel’s worth of data.
IIRC the hopping sequence is known, and thus you should be able to
determine if what you are seeing is bluetooth or not, even though you
are seeing only 7 out of 79 channels.
Eric
I was thinking that, too, but you’ll just see short blips on the screen.
Actually, if I get another second to breathe today, I’m going to see if
I
can make it happen and see what can be seen.
Tom
Tom R. schrieb:
determine if what you are seeing is bluetooth or not, even though you
specific frequency and wait till I get a hit.
It’s like fishing for RF. Do I have to throw them back?
Only if it is of the species, ‘signalus drmicus’…
determine if what you are seeing is bluetooth or not, even though you
packets.
Eric
I’ll have to pull out my old Bluetooth test program I wrote a while ago,
then I should be able to control the streams pretty nicely (or at least
stream packets continuously with the same payload). Then I can just tune
the
GNU Radio GMSK receiver (hack it for the access code correlation) to a
specific frequency and wait till I get a hit.
It’s like fishing for RF. Do I have to throw them back?
Tom
Hi Thomas,
I have put the code at http://www.cs.wisc.edu/~shravan/specsense.txt
It has some small modifications to the original
usrp_spectrum_sense.py. The output is a set of samples (freq, power);
This is done 1 Mhz at a time in steps of 0.5 Mhz.
Let me know in case you make some modifications to this and get a
better output. I am just curious, are the units of log10 block output
in dB ?
Thanks,
Shravan