Simple FM-receiver with RTLSDR-dongle and gnuradio-companion

GNU Radio is a free software development toolkit which makes the task of signal processing the input from sources such as the cheap 10$-rtlsdr dongles easier.

Bundled together with  GNU Radio is gnuradio-companion which is a python  code generator tool.
Gnuradio-companion is used to build 'flowgraphs'. When the flowgraph is constructed and 'compiled', python code is generated that creates and connects the blocks in the flowgraph. These blocks then step by step 'clean' and demodulate the incoming signal .

Below is the flowgraph I built using gnuradio-companion. A RTLSDR dongle is used as signal source to receive on a frequency containing FM-radio:

Note that the rtlsdr-dongle is just receiving the signal and not demodulating it. The signal is fed into gnu-radio companion for processing and demodulation.

Info about the flowgraph

RTLSDR source has samplerate set to 2.0e6Mhz/s

Ch0 frequency in the source-block is associated with the wxgui-slider variable where max is 110Mhz,min 90 Mhz,default 97.796Mhz.
Outgoing signals are then fed to a wxgui FFT-sink, a waterfall sink and a rational resampler.The FFT(Fast Fourier Transform)-sink and waterfall sink are mainly there to get a quick visual view of any signals coming in from the signal source.

In the rational resampler the decimation rate is set to 4 to reduce the signal by 1/4. This is done to prevent the CPU from overloading. To further clean up the signal it is fed into a lowpass-filter,where the cutoff frequency is set to 100000Hz and the transition width is set to 1000000.

Then the signal is sent to a wideband-FM-demodulator block,WBFM-receive, where the quadrature
rate is set to 500000 and decimation to 1.

Afterwards another resampler-block with interpolation 48 and decimation 500 prepare the signal for next block which is the audio sink. Finally the signal is sent to the computer-sound card which in gnuradio-companion is represented by an audio-sink.Most computer soundcards operate with samplerate 48Khz so it is essential that this is set in the audio sink.

Note: Sometimes the property device-name in the audio-sink must be defined.
Usually it can be left empty but if no sound is produced  try to set device-name as 'pulse' incase your OS uses pulseaudio to handle sound.

If alsa is used on your OS, device-name parameter of audio sink could be set as 'hw:0,0' or 'plughw:0,0'

When the flowgraph is generated(i.e compiled) and executed FM-radio should be heard from
sound card accompanied by an output similar to:

Building multimon-ng from source and capture FMSFSK-signals

I noticed that the kali linux 2.0 repository version of multimon-ng does not include the FMSFSK demodulation option.

FMSFSK demodulation in multimon-ng is used to demodulate German Funkmeldesystem-signals.

To get the complete multimon-ng version, first install its dependencies:


apt-get install qt4-qmake  libpulse-dev  cmake  libx11-dev  pulseaudio


Then clone and build multimon-ng from source:

git clone https://github.com/EliasOenal/multimonNG.git

cd multimonNG

mkdir build && cd build

qmake ../multimon-ng.pro

make && make install

ldconfig



Then connect the rtlsdr-dongle to the computer and hook it up to a decent antenna.

The rtlsdr-dongle's ppm-value should also be identified via tools such as kalibrate for more reliable results.

When an appropriate frequency is found, pipe the sound from rtl_fm to multimon-ng for demodulation:


rtl_fm -f 431.865e6 -p -2 -l 100 | multimon-ng -a FMSFSK -a AFSK1200 -t raw /dev/stdin

Convert Linux text file to Windows text file

DOS text files traditionally have carriage return and line feed pairs '\r\n' as their newline characters while Linux text files have the linefeed character, '\n', as their newline character.

To convert a Linux text file to a DOS text file do:

todos -b file.txt


The above command creates a backup of the original file, file.txt.bak, in addition to
converting file.txt to the DOS text file format.

Easy TCP/IP packet capture with tcpdump

Get list of interfaces that tcpdump can listen on:
tcpdump -D

Listen on interface eth0:

tcpdump -i eth0

Listen on interface eth0 and record the capure to a .pcap file:

tcpdump -w capture.pcap -i eth0

Display packet content of capture file capure.pcap:

tcpdump -r capture.cap

Limit the capure to 100 packets:

tcpdump -c 100 -i eth0

Display IP addresses and port numbers instead of domain and service names when capturing packes(some systems require -nn to be specified to display port numbers):

tcpdump -n -i eth0

Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:

tcpdump -n dst host 192.168.1.1

Capure any packets where the src host is 192.168.1.1. Display IP addresses and port numbers:

tcpdump -n src host 192.168.1.1

Capure any packets where the source OR destination host is 192.168.1.1. Display IP addresses and port numbers:

tcpdump -n host 192.168.1.1

Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:

tcpdump -n net 192.168.1.0/24

Capture any packets where the destination port is 23. Display IP addresses and port numbers:

tcpdump -n dst port 23

Capture any packets where the destination port is between 1 and 1023 inclusive. Display IP addresses and
port numbers:

tcpdump -n dst portrange 1-1023

Capture ONLY tcp packets where destination port is between 1 and 1023 inclusive:

tcpdump -n tcp dst portrange 1-1023

Capture ONLY udp packets where the destination port is between 1 and 1023 inclusive.

tcpdump -n udp dst portrange 1-1023



Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:

tcpdump -n "dst host 192.168.1.1 and dst port 23"

Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:

tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"

Capture any ICMP packets:

tcpdump -v icmp

Capture any ARP packets:

tcpdump -v arp

Capture either ICMP or ARP packets:

tcpdump -v "icmp or arp"

Capture any packets that are broadcast ore multicast:

tcpdump -n "broadcast or multicast"

Capture 500 bytes of data for each packet rather than the default of 68 bytes:

tcpdump -s 500

Capture all bytes of data within the packet:

tcpdump -s 0

Mount usb to Raspberry Pi

Insert the usb-storage into an open usb port on the raspberrypi and issue

sudo fdisk -l

My usb-storage is displayed as /dev/sda1 and the filesystem is FAT32, but if your usb-storage has
 filesystem NTFS 3g you will need to install the package ntfs-3g:

sudo apt-get install ntfs-3g

Linux need to mount the usb-storage in order to access the folders and files on it.
The contents of the usb-storage will appear as a folder in /media. You can mount disks in other folders, but it's conventional to use /media. You need to create a directory where the mounted disk will appear in the media directory:




sudo mkdir /media/usbhdd

Change ownership of usb-storage to pi:

sudo chown pi:pi /media/usbhdd




Mount the usb-storage via:

sudo mount -t vfat -o uid=pi,gid=pi /dev/sda1 /media/usbhdd


The '-t vfat' tells the mount command that your drive has a fat32 file system. If your drive is formatted with NTFS, you should use '-t ntfs-3g' instead.

The '-o uid=pi,gid=pi' part of the command means that the disk will be owned by user pi.
You can use this command to unmount the disk:

sudo umount /media/usbhdd

Now you need to edit the file system table so that this disk is mounted every time your Raspberry Pi starts up:

sudo leafpad /etc/fstab &

You need to use sudo because the fstab file is owned by root. If you don't use sudo, you'll be able to open the file in leafpad, but you won't be able to save changes. The '&' means the command runs in the background, and you can keep using the terminal for other commands while leafpad is running. You should see something like this:

proc /proc proc defaults 0 0 /dev/mmcblk0p1 /boot vfat defaults 0 2 /dev/mmcblk0p2 / ext4 defaults,noatime 0 1


Add the following line, and save the file:

/dev/sda1 /media/usbhdd vfat uid=pi,gid=pi 0 0

Reboot your Pi via

sudo reboot

and you should be able to access your USB-storage via /media/usbhdd.

Some curl basic examples

The command line browser curl is most useful and one example is sending cookies via the b-directive:

curl  -b "name=daniel"  http://www.site.com

To send cookies stored in a file, assemble cookies in a file and run:

curl -b some-cookie-file http://www.site.com

To view a websites HTTP-response-headers do:

curl http://www.site.com --head

If the website is using redirects curl must have the L-flag set to follow the redirect:

curl -L http://www.redirect.com

You may want to test out a website that is yet not in the DNS. Then set a custom Host : header identifying
the server name you want to reach but use the target ip address in the url:

 curl --header "Host: www.site.com" http://127.0.0.1/


Specify a chosen user-agent :

curl -A "Mozilla/4.0" http://www.site.com


Do a  POST request:




curl -d "param1=value1&param2=value2" http://hostname/resource

GET request with XML:

curl -H "Accept: application/xml" -H "Content-Type: application/xml" -X GET http://hostname/resource

File upload is done via:

curl --form "fileupload=@filename.txt" http://hostname/resource

Log in to a site and dump received headers to a file called headers:

curl -d "username=admin&password=admin&submit=Login" --dump-header headers http://site.com/Login

Use proxy:


curl -x proxy_ip:proxy_port http://www.site.com