Share your findings

[crazzzik]

Hello Hack5rs!

I've been playing around with the dongle and SDR# for a couple of days now and here is what I've found:

(I live in Toronto, Canada, but you are welcome to try it in your region and see where it takes you)

Frequencies:

163.00 to 172.00 - a LOT of taxi chatter.

168.306.000 - Heard some morze code for a second. The signal was gone the next day =(

162.392.000 - Local weather station. It claimed to be broadcasting on 162.400 so I calibrated my dongle to it.

152.027.000 - or so. Some sort of periodical data transfer. Two frequencies nearby would appear almost mirroring each other and disappear for another minute or so. Mesmerizing.

861.912.500 - or so. Toronto Police. There are many transmissions in that area, each bound to a specific unit or station. See Trunking

Resources:

http://www.radioreference.com/apps/db/?mid=22 - great resources to find out operational frequencies of local organisations. Available for many countries

http://www.dxing.com/scanfreq.htm - List of national emergency frequencies (US).

http://www.canairradio.com/ - List of frequencies used by different aviation agencies. That includes military, commercial and company specific frequencies. (Canada only)

http://en.wikipedia.org/wiki/Cordless_telephone - can be useful if you want to check how secure is your cordless phone.

http://www.bearcat1.com/mrscanner/ont.htm - great list of Ontario specific emergency services.

http://sd.ic.gc.ca/pls/engdoc_anon/web_search.frequency_range_input - you can request a list of registered frequencies for specific locations. Huge lists. (Canada only)

http://spiffy.ci.uiuc.edu/~kline/Stuff/ten-codes.html - list of ten codes. In case you want to listen to police or ambulance.

Experience:

I have only tried it in my basement, but was able to find quite a few transmissions.

Interesting note: do not place your antenna near CRT monitors, if you still have one. Some bands are quite sensitive to the interference from them. Here on picture with monitor turned on (bottom) and off (top):

Overall, it is exciting to find these transmissions. Something about it is very thrilling. In the future I am planing to visit airport area and catch something there.

What have you found? Is there such a thing as in Tomb Raider and can I pick up this signal with my dongle? I mean international emergency broadcast or something like that.

Edited March 18, 2014 by crazzzik

[TN.Frank]

I'm using Gqrx that came with my Kali Linux install and I've found a few interesting things.

162.393MHz is NOAA Weather, 155.123MHz is our local PD(suppose to be 155.400, go figure), I get a lot of CB chatter in the 27MHz range. Aircraft has been heard around 123-124MHz and of course local FM Radio stations are between 88 to 108MHz.

[crazzzik]

Didn't have much luck with aircrafts just yet.

Here is what I meant by data transfer. I've stumbled upon this a few times now:

[TN.Frank]

Aircraft are hard to hear. By the time you see the signal and get over to it they're gone. I have "sat" on an area where I've seen a lot of chatter and caught em' talking at times though so it is possible. I'm still trying to get my ads-b worked out. I do get data now with rtl_adsb when I start it and go to my browser at 127.0.0.1:8080 but can't seem to figure out which program in Kali to use to convert it to useable data to put onto a map of somekind. Until then I'm just going to use Flightradar24.com. It works great but I'm sure they'll come a time when I'm somewhere with no wifi and want to look at the planes, then I'll need to get that ads-b working.

[crazzzik]

I just finished messing with ADS-B on my setup. Took a bit of time, but now it is plotting.

I've used RTL1090 and Virtual Radar Server on Windows.

RTL1900 requires a few files from SDR# folder and no other app accessing the dongle.

VRS needs database plugin to create a database, setting receiver to port 31001 and Data Source under Receiver has to be set to "AVR or BEast Raw Feed".

[krustkore]

I use rtl_adsb and pipe it with netcat to 8080 I believe. I then use adsbScope, in the setup I have it drawing the raw data from the same port. Works like a charm for me. *Sorry, I stated the wrong program.

Edited March 17, 2014 by krustkore

[TN.Frank]

I use rtl_adsb and pipe it with netcat to 8080 I believe. I then use adsbScope, in the setup I have it drawing the raw data from the same port. Works like a charm for me. *Sorry, I stated the wrong program.

I've been able to get rtl_adsb piped over to 127.0.0.1:8080 using netcat but don't know what to do with it or where to go from there. I'm sure Kali has something pre-installed to pull up a map view of the data but I don't know what it is or how to do it.

[krustkore]

All I have done was install WINE and adsbscope, and under Other > Network > RAW-data-client set your port to 8008 and url to 127.0.0.1 . Hit OK and then start the Raw data client active under Other. That's what I use.

[TN.Frank]

So you're runing ADSBScopt under Wine then so it's not an actual Linux program. Maybe I'll need to give that a try. Thanks.

[krustkore]

No worries. Hopefully that works for you

[crazzzik]

Found one more thing:

http://www.instructables.com/id/How-to-Make-a-19-Police-Radio-Scanner/ - this build uses SDR# and some trunking software to work with police radio better.

Police radios use trunking. In this case trunking refers to system that allocates different calls to different frequencies automatically. Think old style telephone systems where pretty ladies were plugin telephone jacks but automated =). This software puts it all back together. Hopefully, folks will mention trunking in their next video if there is one.

[ElfnetCommunications]

Some frequencies that may be worth listening and/or decoding:

26 - 27-405 MHz - 11 meter CB Radio band

28 - 30 MHz - Generally the 10 meter ham radio band. With a good antenna you can hear voice and data communications between hams across the world

137.100, 137.500, 137.620, 137.9125 MHz - Weather Satellite APT, Receive live images from polar orbiting weather birds

144 - 148 MHz - 2 meter ham radio band. Local ham radio repeaters, beacons, etc

150 - 160 MHz - Commercial and public safety band. 154.600 for example is MURS green dot and also used by McDonalds drive thru.

157.740 MHz - US paging frequency using Pocsag formats

160 - 162 MHz - US Railroad band - Union Pacific is 160.740 MHz where I am

162.400 - 162.575 MHz - US NOAA weather 24/7 broadcast

220 MHz - 220 ham radio band (not sure of the exact spread of this band yet)

220 - 390 MHz - US Military bands. USAF is AM Mode and 220 - 300 MHz.

315 MHz area is used widely by remote controls for car alarms and garage doors

406 - 420 MHz - US government trunking systems. USAF security police use this also

420 - 450 MHz - 70cm Ham radio band

450 - 451 & 455 - 456 MHz - TV and radio station live remote units

451 - 455 MHz - Commercial Industrial business band and Public safety

460 - 465 MHz - Commercial Business and Public safety band

470 - 512 MHz - UHF "T" band

822 MHz area is /was old analog cellular NON GSM systems voice carriers.

850 - 869 MHz - Commercial and Public safety trunking band

920 - 1300 MHz area is ISM band along with another ham radio band or two

1420.50575 MHz - Hydrogen Line used by SETI

2400 + - Wireless ethernet systems, STL systems, satellite TV and Radio systems

NOTICE! When tuning frequencies from 1 GHz and up be aware that you may get a lot of spurs from your computers CPU clock.

Also you DO NOT want to run a usb SDR dongle on a desktop or laptop while it is powered by a 12 VDC to 120VAC inverter that is modifies sine wave. This will cause a lot of unwanted noise and interference in the radio.

Also same as above when you get in proximity of a power inverter you will pick up a lot of noise as well. proximity is estimated at least 50 feet from some inverters.

[ElfnetCommunications]

Found one more thing:

http://www.instructables.com/id/How-to-Make-a-19-Police-Radio-Scanner/ - this build uses SDR# and some trunking software to work with police radio better.

Police radios use trunking. In this case trunking refers to system that allocates different calls to different frequencies automatically. Think old style telephone systems where pretty ladies were plugin telephone jacks but automated =). This software puts it all back together. Hopefully, folks will mention trunking in their next video if there is one.

not all public services use a trunking system. True most in cities do but if your in a small town chances are they do not.

To track a trunking system you have to first understand what your going to be dealing with.

Depending on what type of system it is will depend on how you will need to configure your radio.

Their are several different types of trunking systems here are a few:

LTR

EDACS Analog

EDACS Digital

Passport

MPT1327

SmartNet

SmartZone

OpenSky

In the actual 2-way radio the police carry. Normally their will be 2 - 10 frequencies programmed in. these are control frequencies. These channels tell the radio to sync up, authenticate and emulate the voice traffic frequencies. The actual talkgroups are also programmed by the radio shop and not emulated.

To me it is less headache to just buy a police scanner and set it up than to try to trunk track on an SDR dongle.

Now tracking and listening in on a P-25 system may be worth it though