Interference Hunting With R&S Handheld Equipment
Commtech East April 12, 2016 Chris Gillis Application Specialist Rohde & Schwarz Canada
Material adapted from Paul Denisowski
Topics ı ı ı ı ı ı ı ı ı ı ı ı
Overview All about interference Interference hunting tools Identifying and analyzing signals Directivity and propagation Importance of antennas Fundamentals of direction finding FSH Interference Hunting Options Interference Analyzer Triangulation Geotagging / Indoor Mapping Demo / Questions
The changing wireless world ı
ı
ı
ı
ı
ı
More transmitters – spectrum is becoming more and more crowded. More mobile devices – stationary transmitters are no longer the norm. New modulation types – analog signals becoming less common than digital signals. More complex modulation – higher order modulation requires a better RF environment. Spectrum refarming – moving services to different frequencies requires spectrum clearing and involves different propagation and interference types. Wireless connectivity – from “nice to have” to “must have.”
Effects of interference ı
ı
ı
ı
ı
Interference affects different signals in different ways. Analog audio suffers from noise, static, superimposed audio, etc. In cellular systems interference causes poor voice quality, dropped calls, low data throughput. For data services there is often the inability to initiate, sustain, or use connections at optimal rates. Severity of the effects may not increase linearly with the level of interference, especially for digital modulation (the “cliff effect”).
Pix ilation in a d ig ital video s ig nal
Modulated sources ı
ı
ı
ı
Modulated sources are devices which are intended to generate RF signals. Problems occur when these devices are faulty or are operated incorrectly. Even signals from well-behaving transmitters may produce interference due to harmonics, intermodulation, overload, etc. Because modulated sources are meant to carry information, extracting this information can help us identify the signal source.
Interference from modulated noise sources ı
ı
ı
Since modulated noise sources usually have a bandwidth of < several MHz or kHz, they appear as relatively narrow signals. These signals create interference either by being superimposed on another signal or by generating harmonics, intermodulation, etc. Sometimes these signals will exceed their normal spectral limits due to malfunctions (e.g. a broken Tx filter) or improper operation (overamplification, frequency instability, etc.).
A narrowband intermittent s ource interferi ng with TV channel 48
Harmonics ı
ı
ı
A harmonic of a signal is a copy of that signal appearing at a whole number multiple of the srcinal (fundamental) frequency. For example, a transmitter at 155 MHz can produce harmonics at 310 MHz, 465 MHz, etc. Always check to see if a copy of the interfering signal is a harmonic of another signal.
The 4 th harmonic of a s ig nal at 195.25 MHz appears at 781 MHz (LTE B and 13)
Intermodulation ı
ı
ı
Intermodulation results from two or more signals appearing in a nonlinear circuit. Sum and difference frequencies are created from the mixing of fundamentals and harmonics. Because intermod involves the mixing of multiple signals, it will only occur when all component signals are present.
S ig nals at 440 MHz (f1) and 445 MHz (f2) produce intermod products at 435 MHz (2f1 – f2) and 450 MHz (2f2 – f1) MHz
Spurious emissions (spurs) ı
ı
ı
ı
Spurious emissions (spurs) are unintentional RF signals. Although this can also refer to harmonics, intermod products, etc. we will use this term to discuss RF signals unrelated to the modulated signal. Almost all electronic devices generate spurs at some frequencies. A directional antenna or near-field probe is the best way to determine if a device is the source of spurious emissions.
External rectification (“rusty bolt effect”) ı
ı
The junction between two pieces of metal can create a rectifier (diode), especially when corrosion is present. This effect can generate spurious signals that are then radiated by metallic elements in the joint.
• Towers and guy lines are a good starting point, since they can rust, have long metal elements, and are close to powerful transmitters. • Utility poles/wires, metal fences, and gutters are also prime suspects.
Repeaters / BDAs
ı
ı ı
ı
Cellular repeaters or bidirectional amplifiers (BDAs) can be used to extend cellular coverage in buildings or in fringe areas. May also be installed on boats. The main interference issues are the retransmission of unwanted signals at the input of the BDA as well as malfunctioning BDAs. Difficult to troubleshoot but a very common source of interference in the cellular bands.
Oscillating BDAs typically raise the noise over the entire uplink band Narrowband products may also entering be visible. Downlink levels increase when buildings Easier to identify using a wider span.
BDA Spectral Characteristics ı
A broad increase in the noise floor over several tens of megahertz is a typical sign of an oscillating BDA.
ı
BDAs can pick up noise, harmonics, spurs, intermodulation products, etc. inside a building, then amplify and repeat them at the tower.
Typical spectral pattern created by malfunctioning BDA. Note (from waterfall) that automatic gain control was also malfunctioning.
Wireless microphones ı
ı
ı
ı
Often used by organizations, schools, churches, etc. Many 700 MHz still in use years after spectrum was reallocated for LTE Typically modulatednarrow-band, signals. MayFM be very powerful transmitters for their size. An excellent way to track down wireless microphones is using audio demodulation / recording.
Cable Egress ı
ı
ı
ı
The frequencies used by cable providers (up to 750-1000 MHz) overlap with many over the air frequencies. When these signals
escape from the cable, this is referred to as egress. Typical egress points are cable connectors, amplifiers, cabinets, and consumer devices. Digital cable signals (QAM) are 6 MHz wide. DOCSIS 3.1 signals (OFDM) can be up to 192MHz wide.
Analyzing Spectrum ı ı ı
Very easy to recognize – repeating pattern of 6 MHz wide QAM signals Always on, levels of leakage from hardline can be quite high Egress modality may cause frequency-dependent egress (not all channels are leaking)
Visual indications of cable egress ı ı ı ı
Cable egress comes from cable infrastructure. Loose covers on amplifiers and taps Unterminated or damaged cables Lines may be overhead or buried
Wrong region devices ı
ı
ı
ı
Spectrum allocations vary from country to country. Interference can be caused by devices designed for a different country / region. Ships may have on-board systems that can disrupt service when entering regions with different allocations. Examples : wireless phone systems, baby monitors, microphones, etc.
Umodulated sources ı
ı
ı
Unmodulated sources are devices which unintentionally generate RF signals. Common sources are electric motors, faulty transformers, vehicle ignition systems, electrical fences, fluorescent lighting, etc. Easy to recognize, often shows up as jumps in the noise floor or a wide, random spectral pattern.
Noi s e in the air cr aft band (g enerated by a nearby electri cal motor)
Fluorescent Lighting ı
ı
Fluorescent lighting ballasts from various manufacturers generate significant noise spurs across a wide range of frequencies, from VHF to cellular bands Ballasts generally must be replaced.
Fluorescent lighting spectrum ı
ı
Interference generated by fluorescent ballasts generally consists of unstable emissions ~ 200 kHz wide (but varies by ballast type) Interfering signals in 700 MHz may be harmonics of lower frequency signals.
Deliberate interference ı
ı
ı
ı
Deliberate interference may be narrow-band (e.g. talking on a public safety frequency) or broad-band (jamming). Pirate or unlicensed (“freeband”) operations can also cause issues to licensed users. Sources may be mobile, possibly to avoid detection / radiolocation. Although most businesses and individuals are very cooperative in resolving interference, deliberate interferers will usually deny or conceal their activities.
Mobile G PS jamming device
Recognizing jammers ı
ı
Jammers are typically easy to identify and locate : strong, broad, always-on signal. Tend to increase the noise floor even outside of their nominal operating range.
Interference Hunting Tools ı
ı
Two primary tools : spectrum analyzer and the monitoring receiver. Two major differences between spectrum analyzers and monitoring receivers :
Internal architecture Heterodyne principle FFT (Fast Fourier Analysis) Operational features Spectrum analysis functions Demodulation Task-oriented features Direction finding
Preselection, AGC, attenuation
FSH and PR100
FSH-S pectrumAnalyzer
PR100 – Monitoring Receiver
Understanding propagation ı ı
ı
ı
A good knowledge of radio propagation is vital in localizing interference. The distance at which a signal can be received is a function of both power and frequency. Signals also have different characteristics based on frequency. These include multipath, directivity and penetration. Spectrum refarming means that services traditionally found in one portion of the spectrum may now be found in a different portion with different propagation characteristics (700 MHz LTE, digital TV).
Directivity and penetration ı
ı
ı
ı
Generally speaking, higher frequencies (GHz range) tend to be line-of-sight and more easily reflected. Penetration of signals into structures can be poor depending on building composition. Lower frequencies (VHF/UHF) may refract or “bend” around structures and these frequencies penetrate well into buildings. HF signals can propagate for great distances depending on ionspheric conditions. Ground-wave propagation is also possible. Naturally, penetration also is very dependant on transmitter power.
Multipath ı
ı
ı
ı
ı
Multipath means receiving a signal from different directions simultaneously. The severity of multipath is also a function of the frequencies involved. Caused by reflections, most commonly in an urban environment. Multipath can make direction finding difficult. Careful selection of monitoring / DF sites can reduce the impact of multipath.
Antennas
ı
Radio transmitters require antennas. Antenna design/size is related to frequency and function. Antenna direction also useful in identification. Even if an antenna is not in active use, it can act as a reradiator. Check the antenna site for signage and other clues as to owner/purpose.
ı
Antennas may be hidden or disguised.
ı ı ı ı
J ammer dis g uis ed as a pack of ci g arettes
Cell phone repeater antenna
At the base station ı
ı
ı
For a signal to be interfering, it must be seen by the base station antennas. Thus it is useful to connect to these antennas. Many 2G / 3G sites may have an RF “sniffer” port that allows you to see what the receiving antennas see. Remote radio heads (RRH) used in LTE often prevent (easy) access to the antennas. Some LTE base stations can provide a (rough) visualization of received spectrum by plotting noise per received physical resource block.
Identifying signals ı
Some of the more common ways of identifying signals are :
Pattern of interference Audio demodulation Spectrum characteristics Signal analysis and digital demodulation Online resources Direction finding
S ig nal s platter (overmodulation)
C arri er drift
Looking for patterns ı
Important questions to ask in analyzing interference :
ı
ı
Outdoor s ources may c hang e bas ed on weather c ondition s
When does the interference occur? Is the interference constant or intermittent? Does the interference coincide with any other events?
If possible, attempt to see if interference can be eliminated by disconnecting or powering down transmitters or other electrical devices. For some types of signals, propagation will change depending on time of day or season.
Audio demodulation ı
ı
ı
ı
Audio demodulation means listening to the signal Modulation generally is AM or FM, but there are variations of these (narrow band FM, single sideband, etc.) Recording signals for later analysis / documentation is useful What are we listening for?
ı
Station ID / call signs Language and content (what are they saying?) Morse code IDs
Even digital signals can sometimes identified this way
Spectral analysis ı
ı
The most fundamental display in interference hunting is a spectral display (amplitude vs. frequency). A max hold function is also important in detecting short duration signals or looking for an elevated noise floor.
Max hold (red) s hows maximum s ig nal amplitude for frequency and als o indicates s ig nals that are not curr ently pres ent
Waterfall analysis ı
A waterfall display shows frequency, time, and level information and is extremely useful in analyzing signals.
S ig nal width of 870 MHz s ig nal is 1.4 MHz
Dur ation of jamming s ig nal exactly 9 s econds (T1 – T2)
Signal analysis / digital decoding ı
ı
ı
The ratio of digital to analog transmitters is increasing at an exponential rate Signal analysis involves modulation type, bandwidth, baud rate, etc. Much easier to locate a digital signal if we know what kind it is.
Online Resources Industry Canada ı ı ı ı
Spectrum Management System : https://sms-sgs.ic.gc.ca/ Radio Equipment List Spectrum allocation etc
Additional Resources ı
R&S Interference Hunting Learning Center http://www.rohde-schwarz-usa.com/IH.html
ı
Interference Hunter mobile app
Video Library Interference Screenshots Frequency lookups Interference hunting tools Tip of the Day Available for Apple / Android
Direction Finding (radiolocation) ı
ı
ı
If a signal cannot be identified via demodulation or signal analysis, locating its source is often the only way to resolve interference DF requires a receiver and a directional antenna. Mapping and triangulation software are also extremely helpful Understand the strengths and weaknesses of various DF techniques and equipment
Tri angulation of a trans mitter bas ed on multiple DF beari ng s
DF equipment ı
ı
ı
DF can be performed using fixed, mobile (vehicle) or portable (handheld) units, or a combination of these. Fixed / mobile units are most useful during initial hunting and when covering large geographical areas Portable units are used best used for the last hundred meters, as well as in cases where vehicle access is not practical
Recording bearings ı
ı
ı
For results to be useful, we need to record both position and bearing (azimuth) information. Traditionally, this information was calculated / recorded manually (e.g. using a magnetic compass and a map/ruler) but this is prone to human error. Modern equipment can use GPS and electronic compass data for an automated determination.
A n example of a handheld DF antenna with an integ rated electronic compas s and G PS receiver
Triangulation ı
The main reason for recording bearings is to combine them in order to locate a transmitter. This is known as triangulation.
ı
Bearings are plotted (manually or automatically) on a map, and the transmitter is near the intersection of the lines.
A utomatic tri angulation calculation, calculated unc ertainty radiusincluding
DF best practices ı
ı
ı
ı
ı
Rotate handheld antennas slowly. Tripod mounts can also help obtain stable / reproducible readings. Binoculars or a telephoto lens are extremely for finding and identifying useful antennas. A good DF location is one away from obstructions. Higher is usually better. Rooftops and top floors of parking garages are good urban DF sites. Be aware of the influence of reflection / multipath.
FSH Interference Hunting Options ı
FSH-K15 : Interference Analysis General spectral analysis including spectrogram, carrier to noise, and carrier to interference measurements Plotting of azimuth values (bearings) and triangulation Tone-based direction finding FSH-K16 : Geotagging Recording of events based on time, distance or received signal strength Screenshot, trace, and/or GPS information saved per event
ı
ı
Results plotted to Google Earthon instrument or exportable FSH-K17 : Indoor Mapping
Antennas ı
ı
ı
Antennas are both for signal acquisition and position / bearing information. The FSH supports both the HE300 and HL300 antennas. Both antennas have integrated compass / GPS Third-party antennas may also be used. In this case position information and/or bearings will have to be manually entered.
HE300 ı
Modular handle and swappable elements cover wide frequency range : 20 MHz to 200 MHz 200 MHz to 500 MHz 500 MHz to 7.5 GHz Integrated GPS / electronic compass Integrated low noise preamplifier
ı ı
HL300 ı ı ı
ı
Frequency range 450 MHz to 8 GHz. Fixed single element Integrated GPS and electronic compass Integrated switch to save bearings lines or activate FSH internal preamplifier
Selecting Mode ı
The FSH interference hunting options are accessed by choosing the “Receiver / Interference” mode (F6)
GPS and Compass Features ı
ı
ı
GPS and compass must be set to Enabled for the FSH to process location information. Use Show Compass Information to display the current bearing / azimuth on the display. If compass is disabled, the current azimuth line will not be displayed on the map.
Interference Analyzer ı
ı ı
ı
ı
The Interference Analyzer mode provides the ability to visualize and measure spectrum Similar to spectrum analyzer mode Standard measurements include channel power, OBW and ACLR. Interference-specific measurements include Carrier to Noise and Carrier to Interference Spectrogram display, record, and playback are also included with the Interference Analyzer option
Carrier to Noise ı
ı
The Carrier-to-Noise (C/N) measurement is a tool to determine if a signal has sufficient power compared to the surrounding spectrum The FSH determines the distance between the level of the carrier and the lowest signal level that has been measured (usually the noise floor).
Carrier to Interference ı
ı
The Carrier-to-Interference (C/I) measurement is a tool to determine if a signal is affected by interference from neighboring channels. The FSH determines the distance between the level of the carrier and the second strongest level.
Spectrogram ı
ı ı
Spectrograms display amplitude vs. frequency over time. Amplitude is indicated by the color of the spectrogram display. Spectrogram reference, range, and other parameters can be specified Extremely useful in interference hunting – allows the observation of a signal’s behavior over time.
Spectrogram playback ı
ı
Spectrograms can be saved and played back, either directly on the FSH on using the FSH4View software on a PC. Spectrograms can be recorded for up to 72 hours
Maps ı
ı
The map mode provides oninstrument display of maps and measurement data. Three map modes are supported : Triangulation – Used for plotting
bearings (azimuth) and calculating triangulation Geotagging – Used to record selected measurement values at given intervals Indoor Mapping – Used to record measurement values on a custom map with no GPS signal OpenStreetMap is used for map data. Maps are downloaded and stored on the FSH SD card
ı
Map Selection and Navigation ı
ı
ı
Maps can be automatically selected based on current position (lat / long) or manually selected. Map resolution can be changed using Zoom In / Zoom Out Cursor keys can be used to navigate around the map.
Triangulation Mode – Trace Current Position ı
ı
Trace Current Position centers the map around the current location of the FSH (as determined by the GPS lat/long information) Particularly useful when driving
Saving Positions and Azimuth ı
ı
ı
The azimuth (or bearing) is the direction in which the antenna is currently pointed This information can be using the menu or the trigger on the HL300 antenna The power bar and power result can help determine the direction of maximum receive power (i.e. bearings towards the transmitter)
GPS Position List ı
ı
ı
Position and Azimuth measurements are stored in the GPS Position List. Selected positions can be displayed on the map and/or used in calculating a triangulation points. Additional information about each GPS Position can also be viewed
Computing Triangulation ı
ı
ı
The Triangulate function computes the triangulation point for up to five selected bearings. The lat / long and error radius of the triangulation point are also displayed. The computed triangulation point can be saved to the SD card.
Tone Function ı
ı
ı
The Tone function outputs an audible tone whose level varies according to the received signal strength level. The current receive level (dashed line) and squelch level (solid line) are displayed in the power bar. Tone can be used both for obtaining bearings as well as for sweeping an area to determine the precise location of an interferer.
Geotagging - Overview ı
ı
ı
ı
The FSH Geotagging feature saves a geotag (position and level information) when user-defined criteria are met These criteria may be level, distance traveled, or elapsed time threshold Results can be viewed directly on the FSH map or exported to .kml (Google Earth) Requires a GPS and any antenna
Save on Event ı
ı
The Geotagging feature saves measurement data when an “Event” occurs. The user can define the type of event and the event parameters – the Event Source. When Save on Event is active, a green “S” is displayed at the top of the screen
Event Source ı
ı
When Save on Event is selected, an Event Source must be specified. Four different event sources:
Time Interval – saves measurement every X seconds Limit Failure – saves measurement if limit line is violated Distance Interval – saves measurement after moving a given distance Every Sweep – saves measurement for each sweep performed. Results can be stored either to an SD
ı
card or a USB device
Capture Settings ı
The FSH can save different types of information when an event occurs
ı ı
Screen capture (.jpg or .png) Dataset (.set) for the sweep containing the event
A entry in a of .gpx fileare also possible Combinations these Captured data is stored in /Save On Event Results
Levels ı
ı
ı
Geotagging defines three levels : good, average, and bad. The values for these levels and their colors are defined by the user. Note that the FSH stores the actual measured values – the coverage levels are only used to define how these results are displayed (i.e. which colors to use for which levels)
Colors ı
ı
The colors used to represent current position as well as good, average, and bad coverage are all user-definable This also allows defining higher signal levels (interference) as red and lower signal levels (normal noise floor) as green.
Default Indicator ı
If one or more geotags are superimposed on each other, you can define rules which geotag (or its color) is actually displayed – this is called the Default Indicator
Best: the geotag with the best signal level is displayed. Average: the geotag with the average level is displayed. Worst: the geotag with the lowest signal level is displayed.
Displaying Results ı
ı
Live map update shows displays the map in real time Saved results are displayed by selecting the saved GPX file
Export to KML ı
ı
Using the FSH4View tool, the geotagging .gpx files can be converted to .kml for use in Google Earth or other applications. Good, average, and bad coverage levels can also be specified.
Starting Indoor Mapping mode (FSH-K17) ı
ı
ı
To enter indoor mapping mode, first use the ‘Mode’ button and then ‘Receiver / Interference’ softkey to select ‘Maps’ Next choose the ‘Indoor Mapping’ measurement mode. The ‘Map’ softkey is used to display and choose from the indoor maps stored on the SD card
Denisowski - Indoor Mapping with R&S FSH K-17 v1.0
Image export parameters
Denisowski - Indoor Mapping with R&S FSH K-17 v1.0
Opening saved GPX file in Google Earth
Denisowski - Indoor Mapping with R&S FSH K-17 v1.0
Demo / Questions
