Jump to content

Has anyone gotten adsb working under Kali?


Recommended Posts

I installed Kali 1.0.6 so I'd have "out of the box" SDR and there's also some adsb stuff installed but for the life of me I can't figure out how to get it working. I can start rtl_adsb and I see in the Terminal that pops up that it's running as far as I know but from there nothing else seems to work.

If anyone has gotten adsb working under Kali please share how you got things going with us here. Thanks.

Link to comment
Share on other sites

  • 2 weeks later...


You need to run the following to install the correct packages for wine.

dpkg --add-architecture i386
apt-get update
apt-get install wine-bin:i386

Download the following this is what im using its ADSB Scope for windows

You need to then stream the data with netcat, and the rtl package in Kali has a adsb scanner:
Run the following in another terminal window:

rtl_adsb | netcat -lp 7777

To run ADSPScope in kali you run:

cd ~/adsb_all/pc_software/adsbscope/26

wine adsbscope26f3_256.exe

Just like Shannon Did in the windows version use go into network settings in the ADSB Scope and set your raw-data-server port number to 7777

then to to the other drop down in ADSBScope and click Raw-Data-Client active just as Shannon did on the windows version.

After that ADSBScop should start to see the adsb transmissions.


This is my "/etc/apt/sources.list" you might need to make sure yours match mine to get to install the wine packages.

root@sdr:~# cat /etc/apt/sources.list

# deb cdrom:[Debian GNU/Linux 7.0 _Kali_ - Official Snapshot amd64 LIVE/INSTALL Binary 20140108-17:05]/ kali contrib main non-free

#deb cdrom:[Debian GNU/Linux 7.0 _Kali_ - Official Snapshot amd64 LIVE/INSTALL Binary 20140108-17:05]/ kali contrib main non-free

## Security updates
deb http://security.kali.org/kali-security kali/updates main contrib non-free

deb http://http.kali.org/kali kali main non-free contrib

Edited by bluemachine
Link to comment
Share on other sites

Kali already has WINE installed by default but I don't see why I'd need to use it when they have Linux based rtl_adsb installed and modes_gui installed as well. With the rtl_adsb you can go netcat(ncat??) or socat to run it in Terminal but I have no idea where to go from there. I see that the dongle is up and running in rtl_adsb but don't know how to, for instance, port it out to socat which also opens in Terminal when I click on it.

All the stuff is already pre-installed in Kali, just need to know how to connect the dots to get it working.

Link to comment
Share on other sites

I would guess you can do you want want in GNURadio or python but the real trick is to plot the data from the rtl_adsb signal to a map of sorts. From my search online it cant fine a linux client so if you just want it to work out of the box your going to need to write something yourself. Otherwise use a windows client in wine. The way i put above is how i do it and it takes about 10 minutes to setup.

I reason i had to run the i386 win build is because im using the 64bit kali install, im guessing it does not have the i386 wine build installed by default.


Edited by bluemachine
Link to comment
Share on other sites

So you're basically saying that there's no way to get "There"(tracking planes) from "here"(my Kali Linux install) so I have to add some extra stuff to get the job done. I guess someone needs to put a tutorial together on how to get this going from step one to finish for those of us who aren't Linux Gurus and only have a limited understanding of Terminal commands. Maybe someday, until then I'll just have to wait I guess.

Link to comment
Share on other sites

what I put is hardly "Linux guru" what im saying is that from what I found online I have yet to see a Linux equivalent to ADSBScope and other programs, nor have I found one pre installed on Kali.

How ever the above way works with next to no effort the only think you need to download is ADSB Scope and possibly a few packages, it just seems your trying to be difficult,

Link to comment
Share on other sites

Not trying to be difficult at all just looking for a simple answer so let's get Stupid Simple for a minute. I click on the "rtl_adsb" in my Kali Linux install and I get this:

rtl_adsb: invalid option -- 'h'

rtl_adsb, a simple ADS-B decoder

Use: rtl_adsb [-R] [-g gain] [-p ppm] [output file]

[-d device_index (default: 0)]

[-V verbove output (default: off)]

[-S show short frames (default: off)]

[-Q quality (0: no sanity checks, 0.5: half bit, 1: one bit (default), 2: two bits)]

[-e allowed_errors (default: 5)]

[-g tuner_gain (default: automatic)]

[-p ppm_error (default: 0)]

filename (a '-' dumps samples to stdout)

(omitting the filename also uses stdout)

Streaming with netcat:

rtl_adsb | netcat -lp 8080

while true; do rtl_adsb | nc -lp 8080; done

Streaming with socat:

rtl_adsb | socat -u - TCP4:sdrsharp.com:47806

I see I can Stream with either netcat or socat. I find in my Kali Linux install "ncat" and "socat". I click "ncat" and I get this:

Ncat 6.40 ( http://nmap.org/ncat )

Usage: ncat [options] [hostname] [port]

Options taking a time assume seconds. Append 'ms' for milliseconds,

's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).

-4 Use IPv4 only

-6 Use IPv6 only

-U, --unixsock Use Unix domain sockets only

-C, --crlf Use CRLF for EOL sequence

-c, --sh-exec <command> Executes the given command via /bin/sh

-e, --exec <command> Executes the given command

--lua-exec <filename> Executes the given Lua script

-g hop1[,hop2,...] Loose source routing hop points (8 max)

-G <n> Loose source routing hop pointer (4, 8, 12, ...)

-m, --max-conns <n> Maximum <n> simultaneous connections

-h, --help Display this help screen

-d, --delay <time> Wait between read/writes

-o, --output <filename> Dump session data to a file

-x, --hex-dump <filename> Dump session data as hex to a file

-i, --idle-timeout <time> Idle read/write timeout

-p, --source-port port Specify source port to use

-s, --source addr Specify source address to use (doesn't affect -l)

-l, --listen Bind and listen for incoming connections

-k, --keep-open Accept multiple connections in listen mode

-n, --nodns Do not resolve hostnames via DNS

-t, --telnet Answer Telnet negotiations

-u, --udp Use UDP instead of default TCP

--sctp Use SCTP instead of default TCP

-v, --verbose Set verbosity level (can be used several times)

-w, --wait <time> Connect timeout

--append-output Append rather than clobber specified output files

--send-only Only send data, ignoring received; quit on EOF

--recv-only Only receive data, never send anything

--allow Allow only given hosts to connect to Ncat

--allowfile A file of hosts allowed to connect to Ncat

--deny Deny given hosts from connecting to Ncat

--denyfile A file of hosts denied from connecting to Ncat

--broker Enable Ncat's connection brokering mode

--chat Start a simple Ncat chat server

--proxy <addr[:port]> Specify address of host to proxy through

--proxy-type <type> Specify proxy type ("http" or "socks4")

--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server

--ssl Connect or listen with SSL

--ssl-cert Specify SSL certificate file (PEM) for listening

--ssl-key Specify SSL private key (PEM) for listening

--ssl-verify Verify trust and domain name of certificates

--ssl-trustfile PEM file containing trusted SSL certificates

--version Display Ncat's version information and exit

See the ncat(1) manpage for full options, descriptions and usage examples

Not sure what to do with it.

I click "socat" and I get this:

socat by Gerhard Rieger - see www.dest-unreach.org


socat [options] <bi-address> <bi-address>


-V print version and feature information to stdout, and exit

-h|-? print a help text describing command line options and addresses

-hh like -h, plus a list of all common address option names

-hhh like -hh, plus a list of all available address option names

-d increase verbosity (use up to 4 times; 2 are recommended)

-D analyze file descriptors before loop

-ly[facility] log to syslog, using facility (default is daemon)

-lf<logfile> log to file

-ls log to stderr (default if no other log)

-lm[facility] mixed log mode (stderr during initialization, then syslog)

-lp<progname> set the program name used for logging

-lu use microseconds for logging timestamps

-lh add hostname to log messages

-v verbose data traffic, text

-x verbose data traffic, hexadecimal

-b<size_t> set data buffer size (8192)

-s sloppy (continue on error)

-t<timeout> wait seconds before closing second channel

-T<timeout> total inactivity timeout in seconds

-u unidirectional mode (left to right)

-U unidirectional mode (right to left)

-g do not check option groups

-L <lockfile> try to obtain lock, or fail

-W <lockfile> try to obtain lock, or wait

-4 prefer IPv4 if version is not explicitly specified

-6 prefer IPv6 if version is not explicitly specified


pipe[,<opts>] groups=FD,FIFO






abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX

abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX

abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX

abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX

abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX

abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX

create:<filename> groups=FD,REG,NAMED




interface:<interface> groups=FD,SOCKET

ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6

ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6

ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6

ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6

ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4

ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4

ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4

ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4

ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6

ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6

ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6

ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6


openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL


pipe:<filename> groups=FD,FIFO,NAMED,OPEN

proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP


sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP


sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP

sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP

sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP

sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP

socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY

socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE

socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE

socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE

socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE

socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET

socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4

socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4






tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP


tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP

tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP

tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP

tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP

tun:<ip-addr>/<bits> groups=FD,CHR,NAMED,OPEN,INTERFACE

udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP

udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP

udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP

udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP

udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP

udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP

udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP

udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP

udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP

udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP

udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP

udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP

udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP

udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP

udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP

udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP

udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP

udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP

unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX

unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX

unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX

unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX

unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX

unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX

Not sure what to do with it either.

The rtl_adsb can use one of these to output to something but I'm not sure what. I know people use their browsers to localhost, and which ever port netcat or socat uses to plot a map to watch the planes fly around but I don't know how to get from starting the rtl_adsb to getting it output to a map so I can see planes fly. I need to know if I can use ncat(netcat??) or socat to output what rtl_adsb is doing to a map of somekind so I can see in real time aircraft flying around. Any explanation or solutions needs to be simple and needs to be explained in steps that I can understand. Thanks.

Edited by TN.Frank
Link to comment
Share on other sites

yes you can use those to stream the raw ADS single to a particular port, and I provided the command to do it via netcat in the previous post.

but the bottom line is you need a way to plot the adsb singles on a map ie ADSPScope that's all that program does is plot the data from rtl_adsb to a map.

all netcat and socat is going to do is stream the data from your receiver on the ADSB frequencies to a port so in theory you could point ABSBScope on a windows machine to your Linux machine and it would be able to decode the data that was as well.

Link to comment
Share on other sites

Ok, so I need to install ADSB Scope for Windows onto my Linux box and run it under WINE. Got it. How to I use on of the "pointers" in rtl_adsb to get it to ADSB Scope and can I use either one or is there a preferred one to use?

Also, I've never used WINE before, once I download ADSB Scope for Windows how to I open it using WINE? Please be patient with me, I'm fairly new at all of this and really don't know a lot about it. Thanks.

Link to comment
Share on other sites

You run the below line in a terminal to start streaming the data to port 7777 on your local machine.
rtl_adsb | netcat -lp 7777

Once you download ADSB Scope:


You will need to unzip the file:

unzip adsb_fix.zip

Im running as root, so if you are doing the same you can go to the path:

cd /root/adsb_all/pc_software/adsbscope/26/

From that you can run the "adsbscope26f3_256.exe" via wine but you might need to install the i386 packages with the 3 commands i posted earlier wine will error and tell you if you need to. To run it in wine once your in the directory you simpley run:

wine adsbscope26f3_256.exe

Once that is going you can either follow the tutorial Shannon walks through in the video or:

From the "Other" drop down you go to "network then network setup"

for the presets at the bottom choose adsbscope and change the "RAW-data-server" to 7777. the "Raw-data-client" should also have 777 and URL

Then go other menu>Network>and click on Raw-data-client active

after that you should start to see data on ADSB Scope

Link to comment
Share on other sites

When do I run "rtl_adsb | netcat -lp 7777", before or after I start up rtl_adsb in Kali and I'd have to start it up with the first line in the Streaming for netcat and not the one for socat, right?

Also, I'm already running a 32bit Kali install so do I still need the 32 bit stuff for WINE? Shouldn't I already have that installed?

I don't run as root, I run from an Admin Account that I set up in Kali so do I need to start things in Terminal as "sudo" or what?

The answers I get always lead to more questions rather then solutions. Isn't there anything for ADS-B like the Gqrx program I use to play around with SDR? Something that's one click on an icon and Bob's your Uncle or do you always have to go through Terminal and do all these work arounds to get to where you want to go?

Link to comment
Share on other sites

You could make program launchers that run the commands in the background. you can launch the program from wine if it errors for the packages then you will need to install the i386 packages. You will just have to run it and see if it errors.

You will need to try it and find out in regards to sudo, since i run it as root i don't need to, i would suspect your admin account would have enough privileges but you just need to play with it. Unfortunately you as with most things in linux you need to get familiar with command line. though gqrx is awesome you don't push you self using only Gui tools so if you want to expand your knowledge you need to get out of your comfort zone.

Its some basic setup. For ADSB Scope the settings are the same as if you are running it on windows and you can watch the hak5 episode when Shennon uses it in windows and follow how she sets it up just change the port to 7777.

"rtl_adsb | netcat -lp 7777"is running rtl_adsb. Not to confuse you more but its basically taking the output from rtl_adsb and piping that into netcat to a particular port in this case 7777.

When you separate commands with | or the pipe symbol its taking the output from one command and piping it to the other command. Its one of the things that makes linux great and very powerful.

Edited by bluemachine
Link to comment
Share on other sites

I agree Dump1090 would be good, but if you can see he asked for something that he did not have to compile from git. "Not with stuff I'd have to compile from source or get from github". I didn't see Dump1090 installed of the bat in Kali.

Link to comment
Share on other sites

I agree Dump1090 would be good, but if you can see he asked for something that he did not have to compile from git. "Not with stuff I'd have to compile from source or get from github". I didn't see Dump1090 installed of the bat in Kali.

Mainly because I always seem to run into dependencies errors and problems with other stuff. I wish someone would write a program for Debian that'd be like Gqrx where you'd just install a .deb package then it'd be one click to get everything up and running, LOL. Guess that'd be to easy though.

Link to comment
Share on other sites

I agree Dump1090 would be good, but if you can see he asked for something that he did not have to compile from git. "Not with stuff I'd have to compile from source or get from github". I didn't see Dump1090 installed of the bat in Kali.

So installing a windows app in linux will be any easier??!! TN.Frank is going to have to learn how to compile applications in linux eventually. May as well do it now. These sdr apps are stupidly simple, with only a few dependency issues.

Link to comment
Share on other sites

TN.Frank is going to have to learn how to compile applications in linux eventually. May as well do it now. These sdr apps are stupidly simple, with only a few dependency issues.

I agree, it'd just be nice if I had someone sitting next to me to help walk me through it rather then having to go onto the interweb where folks can't really see what's going on with my box when I try to do stuff like this.

I think GNU Radio is really the "key" to SDR on Linux. If a person can figure out how to set it up you can set up pretty much anything from all the tools that I see that it has in it.

SDR and ADS-B are suppose to be Hobbies, they're suppose to be fun, not like homework for a computer science class, LOL. I just wish someone would write an app like Gqrx only for ADS-B so you could simply install it from Synaptic or "sudo apt-get install "X"" and then click the button and a GUI would come up ready to go just like it does with Gqrx. Guess I should not hold my breath though. LOL

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...