Category: RTL-SDR

KerberosSDR 4-Channel RTL-SDR Passive Radar with Peak Hold Display

Recently we've been testing a simple peak hold for the KerberosSDR passive radar display. This results in some nice graphs that show aircraft and vehicle activity over time. 

Passive radar works by using already existing transmitters such as those for HDTV and listening for reflections that bounce off of RF reflective objects. With a two antenna setup, it is possible to generate a bistatic range/doppler speed graph of reflected objects.

With the reference Yagi antenna pointed towards a 600 MHz DVB-T tower, and the surveillance antenna pointed to an airport we were able to obtain the graph below. The top two large traces show aircraft heading towards our station, whereas the bottom traces show aircraft leaving the airport. Also visible are multiple blips with smaller doppler speeds, and these correspond to vehicles.

KerberosSDR Passive Radar Display Peak Hold
KerberosSDR Passive Radar Display Peak Hold

The code on the KerberosSDR git will be updated in a few days time. We are also working on a more comprehensive passive radar tutorial that will try to explain concepts like processing gain, bistatic ranges and other important tips for getting good passive radar results. At the same time we're also working on improving direction finding ease of use by prototyping antenna switches for calibration, and working on getting 4-channel beamformed passive radar working which will allow us to plot passive radar returns on a real map.

The KerberosSDR is our 4-channel phase coherent capable RTL-SDR unit that we previously crowdfunded back in 2018.  With a 4-channel phase coherent RTL-SDR interesting applications like radio direction finding, passive radar and beam forming become possible. It can also be used as 4 separate RTL-SDRs for multichannel monitoring. KerberosSDR is currently available from the Othernet store and Hacker Warehouse for US$149.95.

CyberRadio: A Minimal GPU Accelerated Radio App for Most SDRs

Programmer Luigi F. Cruz has recently released a new SDR app called "CyberRadio". CyberRadio is a minimal SDR app, which allows you to listen to FM and AM radio. It does not have any spectrum analyzer or waterfall display. As it is based on SoapySDR, it supports almost every SDR including the RTL-SDR, and runs on Linux, maxOS Sierra, Windows 10 and ARM SoCs.

Luigi also notes that he has made use of cuSignal and Numba functions which enable GPU acceleration on CUDA compatible graphics cards.

The app is still in pre-release status, so no binaries are available. However, Luigi has provided installation instructions for Linux on the GitHub.

CyberRadio Screenshot
CyberRadio Screenshot

Using an RTL-SDR Blog V3 in Direct Sampling Mode to Receive HF DRM on an Android Phone

Over on the SWLing blog contributor Dan Van Hoy wrote in and shared a report on how he's successfully been able to receive HF DRM 30 digital audio with an RTL-SDR Blog V3 dongle running in direct sampling mode on an Android phone.

To do this he used an Android app called "DRM+SDR Receiver" which is available for US$4.99 on the Play store. The app supports RTL-SDR and HackRF devices. So all you need to do is set the RTL-SDR Android driver to run in Q-branch direct sampling mode, then tune to a DRM signal for it to begin decoding.

A demonstration video uploaded to his Google drive account shows clean decoding of the DRM AAC audio, as well as the app displaying Journaline and live metadata. He notes that his signal was very strong, so he only required a short wire, but DXers would need an appropriate antenna.

DRM Received on an Android phone with an RTL-SDR Blog V3 running in direct sampling mode.
DRM Received on an Android phone with an RTL-SDR Blog V3 running in direct sampling mode.

Meteor-M N2-2 Weather Satellite Updates: No More 137 MHz LRPT, L/X-Band Working in Daylight

In late December 2019 we posted about Russian weather satellite Meteor M N2-2 which had unfortunately been struck by a micro-meteorite on Dec 18, causing it to lose control and go offline. Meteor M N2 and N2-2 satellites are often monitored with RTL-SDR dongles as it is relatively simple to receive their LRPT signal at 137 MHz which contains a high resolution weather satellite image.

Recently Happysat updated his Meteor M status page, noting that Meteor M N2-2 has been partially recovered, but due to low power it can no longer transmit a 137 MHz LRPT signal ever again. However, the L and X-bands are transmitting while the satellite is in daylight. Happysat writes:

January 2020 There will be only short-term power-ups in the radio visibility zone, and the battery life will be reduced tenfold.

Of particular concern are the batteries they are very quickly overheated and switching from regular to backup.

Unfortunately the power supply features do not allow the 137 MHz transmitter to be used in abnormal power, mode (from solar panels) which is used now although technically it is working fine.

There will be no LRPT Transmission's anymore.

The older Meteor M N2 satellite remains operational transmitting at 137.100 MHz.

The Meteor-M2 Satellite
The Meteor-M N2 Satellite

Remote Spectrum Monitoring with OpenWebRX, RTL-SDR and the Balena Cloud Service

Thanks to Alan Boris of for submitting their new blog post titled "Running OpenWebRX on balena to remotely monitor local radio spectrum". is an IoT cloud service that is used for "building, deploying, and managing fleets of connected Linux devices".

In the blog post, they show how it's possible to use a RTL-SDR and Raspberry Pi running OpenWebRX to remotely monitor the radio spectrum over the internet. This of course has been done many times before, however, the novel thing here is the use of the Balena cloud platform which makes installing and managing the Raspberry Pi running OpenWebRX much easier.

Balena has a has a special balenaOS image that is first burned on the Raspberry Pi's SD card. The OS image is pre-generated with your home WiFi details, so upon boot it automatically connects to the internet and can be accessed on the balenaCloud dashboard. At that point you can easily remotely push the pre-made Balena "sdr-spectrum-monitor" docker image to the Pi from the Balena online dashboard. This docker image has OpenWebRX and the RTL-SDR drivers already installed on it. It's then a simple matter of connecting to OpenWebRX via the local IP address as you would normally.

This is quite a nice system as it avoids needing to perform the "fiddly" steps of setting up WiFi, connecting to the Pi, determining the Pi's IP address, and installing the RTL-SDR drivers and OpenWebRX software manually.

Balena also has a very simple way to make the OpenWebRX server accessible from outside your network. The only steps required are to set a port variable in the Balena cloud dashboard, and enable the "public device URL" option. No need to fiddle around with unblocking ports or dynamic DNS services. appears to be free for personal use, allowing you to add and manage up to 10 devices before needing to pay.

RTL-SDR & OpenWebRX Installed and Managed via Balena Cloud.
RTL-SDR & OpenWebRX Installed and Managed via Balena Cloud.

PyPacket: An APRS iGate For Your RTL-SDR

[Pypacket] was developed by GitHub user [cceremuga] and allows you to take advantage of a Linux computer (such as a Raspberry Pi) and an RTL-SDR to quickly and easily build your own APRS iGate.

For those not familiar with APRS, it stands for the [Automatic Packet Reporting System] and is used by amateur radio operators for applications like transferring messages and location data over RF networks and the internet. The internet connection is where an iGate comes into play. An iGate is used to connect an APRS RF network to the internet, so that many isolated RF APRS networks can communicate worldwide. Furthermore this software can be configured as a “SatGate”, which like an APRS iGate will take messages from APRS satellite’s and route them over the internet.

For example, you could have an amateur radio vehicle continually transmitting it’s location via RF to an APRS iGate. The vehicles position can then be viewed online on an APRS aggregation site like, or it could be re-transmitted over RF elsewhere in the world.

An iGate is usually accomplished by using a ham radio tuned to the local APRS frequency (or sat frequency) and then special PC software is configured to gate the messages.  However, with the release of PyPacket the amount of work and cost required to setup an iGate has been cut drastically. 

Using a KerberosSDR to Monitor Air Traffic Control Voice, ADS-B, ACARS & VDL2 Simultaneously on a Raspberry Pi 3B+

The KerberosSDR is our 4-channel phase coherent capable RTL-SDR unit that we previously crowdfunded back in 2018.  With a 4-channel phase coherent RTL-SDR interesting applications like radio direction finding, passive radar and beam forming become possible. KerberosSDR is currently available from the Othernet store and Hacker Warehouse for US$149.95.

Although the KerberosSDR was mostly created to help unlock projects requiring phase coherency, we've had interest from multiple users asking for information on how to use the KerberosSDR as a tool for monitoring multiple separate signals at once.

Doing this is actually very simple. If you ignore the extra circuitry to make the KerberosSDR phase coherent, the KerberosSDR is at it's core just 4 separate RTL-SDR dongles connected to a quality USB hub. So if you're not using our coherent demo software, then plugging a KerberosSDR into a PC or single board PC will result in four RTL-SDR dongles that can be accessed individually.

The tutorial below could also be done with four individual RTL-SDR dongles, but you would also want to have a reliable powered USB hub.

Example Aviation Radio Monitor

Below we show an example tutorial of how the KerberosSDR could be used as a 4-channel aviation monitor for monitoring air traffic control, ADS-B, ACARS and VDL2 simultaneously on a single Raspberry Pi 3B+. The video below shows a demo.

KerberosSDR Monitoring Air Traffic Control Voice, ADS-B, ACARS & VDL2 on a Raspberry Pi 3 B+

The first step is to simply burn the latest Raspbian Buster to an SD Card, and set up your WiFi wpa_supplicant file as you would on any standard Raspbian install. Also add a blank file called "SSH" or "SSH.txt" to the boot directly to enable an SSH connection. Alternatively you could set this up with a monitor. We used Raspbian Buster Lite, as we are not intending to use the desktop GUI.

Next use PuTTY or your preferred terminal software to connect to your Raspberry Pi via SSH. You may need to use your routers config software/page to find the IP address of the Raspberry Pi. The default SSH port is 22.

Finally, update the repos on your install before continuing with the software installation process.

sudo apt update
sudo apt install librtlsdr-dev rtl-sdr

KerberosSDR Hardware Setup

Here we connected a single quarterwave ground plane antenna tuned to the airband frequencies to three input ports on the KerberosSDR via a cheap RF TV splitter. The fourth antenna input was to a RadarBox ADS-B antenna.

The KerberosSDR and Raspberry Pi are powered via two official Raspberry Pi 5V plug packs, and the KerberosSDR is connected to the Pi via a single short high quality USB cable.

Setup Topology
Setup Topology

Installing RTL-Airband

RTLSDR-Airband is an efficient command line based scanner program for the RTL-SDR. It works by rapidly scanning over a set of frequencies and looking for active signals, and playing the active AM or FM transmission. When an active signal is found it can be configured to stream the audio to an Icecast server, record to a file, or to play directly to your speakers. Alternatively you can also configure it to stream multiple channels simultaneously. If set up to stream to an Icecast server you can listen to the scanned audio from any device on your network with an internet browser.

Here we will use RTL-Airband to scan the air traffic control voice bands which are used by air traffic controllers and pilots to communicate by voice with one another. The transmissions are in AM and are found between 118–136.975 MHz.

First install the pre-requisites, and then install RTL-Airband.

sudo apt-get install -y build-essential libmp3lame-dev libshout3-dev libconfig++-dev libraspberrypi-dev librtlsdr-dev

wget -O RTLSDR-Airband-3.0.1.tar.gz
tar xvfz RTLSDR-Airband-3.0.1.tar.gz
cd RTLSDR-Airband-3.0.1
make PLATFORM=rpiv2
sudo make install

Next install an Icecast server onto your Raspberry Pi. This will allow us to connect to the Pi via a web browser to listen in to the audio.

sudo apt-get install icecast2 -y

The install steps will ask you to input admin passwords of your choice, make sure you remember or write these down.

Now edit the rtl_airband.conf file with:

sudo nano /usr/local/etc/rtl_airband.conf

Paste in the configuration below making sure to set the actual frequencies used by air traffic control and airlines in your particular area by adding or removing frequencies from the "freqs" line.

Also be sure to set the "index" to whatever antenna input you have used (0 - 3) on your KerberosSDR for your VHF air band antenna. You may want to experiment with the gain value, but for now you can leave it as default.

If you are using another template for the config file, ensure that the "correction" value is set to 0 as the KerberosSDR uses a TCXO and requires no PPM correction.

Finally, don't forget to also set the Icecast server password that you set up in the previous step, making sure to leave the username as "source".

type = "rtlsdr";
index = 2;
gain = 32;
correction = 0;
mode = "scan";
freqs = ( 118.1, 118.7, 119.5 );
labels = ( "Tower A", "Tower B", "Tower Control");
outputs: (
type = "icecast";
server = "";
port = 8000;
mountpoint = "stream.mp3";
name = "Airband Voice";
genre = "ATC";
description = "My local airport - aggregated feed";
username = "source";
password = "kerberos";
send_scan_freq_tags = false;

Next set up the Icecast server if required using the instructions here. If the default port and number of source is fine for you, you can leave everything as default.

Now to start RTL-Airband run:

sudo rtl_airband -f

To listen to the scanned audio, browse to http://RASPI_IP_ADDRESS:8000/stream.mp3 on any device connected to the same network

Installing dump1090

Leave the RTL-Airband PuTTy window open, and open a new instance of PuTTy and once again connect to the Raspberry Pi in a new session. We will install the FlightAware branch of dump1090, as this is the most up to date version. dump1090 allows you to track aircraft that are transmitted ADS-B.

sudo apt-get install build-essential debhelper librtlsdr-dev pkg-config dh-systemd libncurses5-dev libbladerf-dev
git clone
cd dump1090
dpkg-buildpackage -b

Now we can run dump1090 with the following line. Make sure to set the "--device 3" flag to the antenna input that you have connected your ADS-B antenna to. In our case we connected it to the last SMA input which is input 3.

./dump1090 --device 3 --interactive --net

Now to view the data on a map, you can install Virtual Radar Server on any Windows PC on the same network. Once installed, add an "AVR or Beast Raw Feed" receiver, with the IP address of your Raspberry Pi and Port 30002.

Installing ACARSDeco2

Again, leave both PuTTy windows open, and open a new PuTTy SSH terminal and connect again. Here we'll install ACARSDeco2 which is a multiband ACARS decoder. ACARS is an acronym for Aircraft Communications Addressing and Reporting System which is a digital communications system that aircraft use to send and receive short messages to and from ground stations. Most messages are unreadable telemetry data intended for computers, but often you will see messages about weather, wind, dangerous cargo warnings, fuel loading information and more.

ACARSDeco2 is not an open source program, so you'll need to first download the compressed file from on a PC. Make sure to get the Raspberry Pi 2/3 version of ACARSdeco2 for Stretch.

Now use a program like WinSCP to transfer the .tgz file to the Raspberry Pi. In WinSCP select SCP as the file transfer protocol, log in with "pi/raspberry" and drag the file over to the Pi's home folder.

Then back on the Raspberry Pi, simply move the file into it's own folder, and extract the files.

mkdir acarsdeco2
mv acarsdeco2_rpi2-3_debian9_20181201.tgz acarsdeco2
cd acarsdeco2
tar -xvzf acarsdeco.tgz

Now you can run the program with the following command. Make sure to specify the ACARS frequencies used in your area if they are different. Also here we used antenna input 1 for the ACARS antenna and specified that with "--device-index 1". If you are running Virtual Radar Server on your Windows PC as explained in the dump1090 install, you can enter the Windows VRS server IP address, so that location data will be sent back to the ACARSdeco2 server.

./acarsdeco2 --device-index 1 --freq 131550000 --freq 131450000 --gain 34 --http-port 8081 --vrs-url

Now on your Windows PC, open a browser and open PI_IP_ADDR:8081 to view the incoming ACARS messages.

Installing dumpvdl2

Again, leave both PuTTy windows open, and open a new PuTTy SSH terminal and connect again. Here we will install dumpvdl2 which is a VDL2 decoder. VDL2 is a replacement for the aging ACARS system which is being phased out in some areas. In some areas VDL2 is now more common than ACARS, and in some areas it's the opposite.

First install pre-requisites.

sudo apt-get install build-essential cmake git libglib2.0-dev pkg-config librtlsdr-dev

Dumpvdl2 requires libacars to work, so install libacars first:

git clone 
cd libacars
mkdir build 
cd build 
cmake ../ 
sudo make install 
sudo ldconfig

Finally, install dumpvdl2

git clone
cd dumpvdl2
mkdir build
cd build
cmake ../
sudo make install

Now to run dumpvdl2:

dumpvdl2 --rtlsdr 2 --gain 35

dumpvdl2 has no webserver so it can only be viewed from the terminal window.

Alternative Tools

Stations in the USA could replace one program with dump978, which decodes UAT positional data from smaller aircraft. If you live near a glider range, a FLARM decoder could also be used. You could also run an AIS receiver if you live near a water way.

Further Steps

If setting this up as a permanent station, you might want to go ahead and create a startup script that runs these programs on boot. Then you won't need to open up PuTTy terminals to start all the programs. The easiest way to do this is to use the @reboot code in crontab to run your script. Be sure to use sudo crontab -e for running RTL-Airband as this requires root.

Increasing L-Band Active Patch SNR by using it as a Feed for a Satellite Dish

Recently RTL-SDR.COM reader Bert has been experimenting with our active L-band patch antenna product. He's written in to share that he's found that using it as a feed for a satellite dish works well to improve SNR on those weaker 10500 AERO signals which Bert found that he could not decode from his location due to insufficient SNR. Our active L-band patch antenna receives signals from 1525 - 1637 MHz and can be used for signals from Inmarsat, Iridium and GPS satellites.

To use the patch as a feed Bert used a 40mm drain pipe and mounted the antenna on the end of the pipe. The drain pipe fits perfectly into the LNB holder, and once mounted the distance and polarization rotation can easily be adjusted for best SNR. He also found that adding a secondary sub-reflector about 17x17cm in size helped to boost SNR by about 3-5 dB too.

Build steps to use the Active L-band Patch with a Satellite Dish
Build steps to use the Active L-band Patch with a Satellite Dish

Bert has tested the active L-band patch as a feed on a 65cm satellite dish and a smaller 40cm dish, both with good results.

SNR Results
SNR Results