discuss-gnuradio
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss-gnuradio] Re: USRP2 802.11 BBN code on the TX side

From: George Nychis
Subject: [Discuss-gnuradio] Re: USRP2 802.11 BBN code on the TX side
Date: Sun, 6 Dec 2009 15:37:26 -0500
Hi Doug,

Thanks for the response.  Correct, through USRP2 to an Atheros card running tcpdump that is definitely in promiscuous mode.  I have not been able to decode a packet yet.  What I've done is replaced the payload with an 802.11 Probe Response packet to have something noticeable.  If I set the card to report packets that have PHY or CRC errors, I occasionally see a packet reported:

03:44:07.572350 10855977948us tsft 1.0 Mb/s 2417 MHz (0x0480) -8dB signal -71dB noise antenna 1 63dB signal Probe Response[|802.11]
The SNR notably not an issue... also what I've done is tried using a matched filter against the preamble.  I extracted the corresponding samples to the modulated preamble from an 802.11 packet captured with the USRP2, and correlated it with a captured trace that has 11 802.11 packets.  There is CLEARLY a correlation (as expected):
http://cyprus.cmcl.cs.cmu.edu/~gnychis/mfilter/trace_signature.png

Note that the packet I extracted the signature from the USRP2 capture is decodable by the BBN decoder.  Now, if I use the same signature and try to correlate it with a packet that the BBN code generates, it does NOT correlate:
http://cyprus.cmcl.cs.cmu.edu/~gnychis/mfilter/captured_sig_with_our_packet.png

If I use the BBN code to generate a signature of the preamble, it correlates great with itself (as expected) and NOT with an 802.11 packet captured with the USRP2:
http://cyprus.cmcl.cs.cmu.edu/~gnychis/mfilter/gr_sig_with_our_packet.png
http://cyprus.cmcl.cs.cmu.edu/~gnychis/mfilter/gr_sig_with_trace.png

Interestingly enough, if I disable the barker option in the BBN code to generate a signature, it correlates better (but not that well) with the USRP2 trace of captured 802.11 packets:
http://cyprus.cmcl.cs.cmu.edu/~gnychis/mfilter/gr_nobarker.png

So......... something is wrong somewhere.  To try and verify things, Dan Halperin and I hacked up an 802.11b modulator in matlab, and our code correlates pretty directly with the BBN code (it can demodulate our packets and our signatures correlate), but again our does not generate correlateable signatures with captured 802.11 packets.  :\

So I suspect something is different about how the 802.11 card is modulating packets at 1Mbps with a long preamble.  I suspect that once I get the 802.11 card to successfully decode a packet generated by the BBN code, it might be able to generate a proper signature. 

- George



I will have to get back to you on that - I am back in the office this
week, but I'll be attending all-day training Mon-Weds. This is with
transmitting with the BBN/GNURadio code through a USRP2, and receiving
with some commercial card, yes? Out of curiosity, which card, and what
sort of capture tool (I use an AirPcap EX and Wireshark - since I know
the AirPcap is always in promiscuous mode, and thus dumps all detected
valid 802.11 frames, regardless of destination address).
 Doug

 

reply via email to
[Prev in Thread] Current Thread [Next in Thread]