SDR Spectrum Analyzer

The purpose of this tutorial is to shows how to use sdr card on callbox or UE as a spectrum analyzer. It is useful tool to check up the receiver functionality of the specified sdr card and check up the transmission functionality of other sdr (neighbouring) cards.

you don't need to have any separate hardware for the spectrum analyzer introduced in this tutorial. You can use any sdr cards that you already have installed in your Callbox or UEsim if you don't use it for any other purpose. For example, let's assume that you have two sdr cards in your system and you are running an LTE cell using the first sdr card (i.e, sdr0). Then you can use the second sdr cards (i.e, sdr1) as a spectrum analyzer.  If you are not running lte service meaning that you are not activating any cell (i.e, no LTE cell, no NR cell), you can use both cards (i.e, sdr0 and/or sdr1) as spectrum analyzer. So if you have a callbox or UEsim with multiple SDR cards, it is same as you have multiple spectrum analyzer for free.

Major features that SDR spectrum analyzer provides are listed below.

• Plot the signal power in time domain, frequency domain or in waterfall in real time
• Walk through the spectrogram(waterfall). It can display spectrogram and waveform plot on the same screen and allow you to walk through(scroll through) each frequency on spectrogram (see this)
• Capture I/Q data from the incoming signal and save it into files
• Plot the signal power in time domain, frequency domain or in waterfall from the saved binary file (NOTE : This binary file should be the ones that ware captured by Amarisoft software.)

In some aspect, this spectrum analyzer is not like dedicated spectrum analyzer. Followings are what you should not expect in comparision to a dedicated spectrum analyzer

• It does not provide wide frequency range. The frequency rate in this spectrum analyzer is a little bit limited. It is up to sample rate. Simply put, the frequency range would be barely enough for displaying the full bandwidth (e.g, 20 Mhz for LTE, 50 Mhz for NR with sdr 50, 100 Mhz for NR with sdr100).
• It does not have capability to show the constellation. (NOTE : If you want to show the constellation for incoming uplink while a call is connected, you can use WebGUI to display constellation. check out this tutorial for the constellation).
• It does not have Pre Amplifier

NOTE : A lot of new features has been added to sdr_spectrum. The look and feel of the screen and the detailed functionality may look different from the screenshot shown in this tutorial. But you may apply the same logic of software operation to whichever version you are using. Follow the operation key description on the left panel of the software.

NOTE : Be aware that I am doing most of the test in radiative setup (i.e, via antenna) not in conductive way (i.e, via RF cable) and sdr RX performance is not as good as commercialized/specialized spectrum analyzer. So the measurement result would not be as accurate as the dedicated spectrum analyzer. The purpose of this tutorial is to let you build up some intuitions on RF output from an sdr at various different conditions.    

NOTE (Warning) : When you use the sdr_spectrum, make it sure that the input power to the sdr card does not exceed +2 dBm peak for SDR 50  and +5 dBm peak for SDR 100.

Table of Contents

• SDR Spectrum Analyzer
• Introduction
• Summary of the Tutorial
• Why Spectrum Analyzer on Protocol Box ?
• Test Setup
• Setup A
• Setup B
• Key Command Line
• Running on Callbox
• Running on ssh
• Test 1 : LTE on sdr 0 and Spectrum on sdr 1
• Configuration
• Run Lte Service
• Running Spectrum Analyzer with basic parameters
• Running Spectrum Analyzer with more parameters
• Test 2 : LTE on sdr 0 with different frequencies and Spectrum on sdr 1
• Configuration
• LTE Band 1 at 2140.0 Mhz
• LTE Band 2 at 1960.0 Mhz
• LTE Band 3 at 1842.0 Mhz
• LTE Band 4 at 2130.0 Mhz
• LTE Band 5 at 881.5 Mhz
• LTE Band 7 at 2680.0 Mhz
• LTE Band 20 at 806.0 Mhz
• LTE Band 71 at 634.4 Mhz
• LTE Band 72 at 463.4 Mhz
• Test 3 : LTE on sdr 0 (and 1) with different bandwidth and Spectrum on a remaining sdr
• Configuration
• LTE with BW 1.4 Mhz in Band 7
• LTE with BW 3 Mhz in Band 7
• LTE with BW 5 Mhz in Band 7
• LTE with BW 10 Mhz in Band 7
• LTE with BW 15 Mhz in Band 7
• LTE with BW 20 Mhz in Band 7
• LTE with 2 x BW 20 Mhz in Band 7
• Test 4 : sdr_test-generated OFDM signal on sdr 0 and sdr_spectrum on sdr 1
• Configuration
• OFDM BW 5 Mhz at Center Frequency = 500 Mhz
• OFDM BW 5 Mhz at Center Frequency = 1000 Mhz
• OFDM BW 5 Mhz at Center Frequency = 1500 Mhz
• OFDM BW 5 Mhz at Center Frequency = 2000 Mhz
• OFDM BW 5 Mhz at Center Frequency = 2500 Mhz
• OFDM BW 5 Mhz at Center Frequency = 3000 Mhz
• OFDM BW 5 Mhz at Center Frequency = 3500 Mhz
• OFDM BW 5 Mhz at Center Frequency = 4000 Mhz
• OFDM BW 5 Mhz at Center Frequency = 4500 Mhz
• OFDM BW 5 Mhz at Center Frequency = 5000 Mhz
• OFDM BW 5 Mhz at Center Frequency = 5500 Mhz
• OFDM BW 5 Mhz at Center Frequency = 5990 Mhz
• Test 5 : sdr_test-generated CW signal on sdr 0 and sdr_spectrum on sdr 1
• Configuration
• CW at User Defined tone_offset
• CW at default tone_offset
• Enabling AGC / Finding Optimal Spectrum
• Power with Frequency Range
• Time Domain Waterfall Plot
• Trigger Mode
• Mixed Mode
• Analyzing LTE CRS 
• Full Frequency Spectrum
• Channel Scan
• Saving I/Q Data into a file
• Saving I/Q with command
• Saving I/Q in Spectrum Plot
• Spectrum from a file
• Signal Generation from a file

Introduction

Software Defined Radio (SDR) technology has revolutionized the way wireless communication systems are designed, tested, and analyzed, providing unprecedented flexibility and programmability across a broad range of radio frequencies and protocols. In advanced test environments such as Callbox or UE simulation platforms, SDR cards serve as versatile transceivers capable of emulating network nodes, user equipment, or even acting as diagnostic tools, such as spectrum analyzers. An SDR-based spectrum analyzer leverages the inherent capability of SDR hardware to digitize wide swaths of radio spectrum and process them in real time using powerful software algorithms. This enables engineers and researchers to visualize signal power in time or frequency domains, capture I/Q data, and analyze RF behavior without the need for dedicated, often costly, spectrum analysis equipment. By repurposing installed SDR cards—whether in a Callbox test system or a UE simulator—users can monitor RF environments, validate receiver and transmitter functionality, and troubleshoot wireless setups. While SDR-based spectrum analyzers may not fully match the sensitivity, bandwidth, or feature set of specialized commercial analyzers, they offer a highly accessible and integrated alternative for quick diagnostics and educational exploration within the constraints of SDR hardware. In the broader wireless ecosystem, such tools are essential for rapid prototyping, functional verification, and gaining hands-on RF intuition, especially in lab and development settings where flexibility and cost-efficiency are paramount.

• Context and Background
  • SDR technology decouples radio functionality from fixed hardware, enabling software control over modulation, demodulation, and signal processing.
  • Modern test platforms, such as Callbox and UEsim, often incorporate multiple SDR cards for enhanced flexibility in testing various wireless protocols and scenarios.
  • Utilizing SDR cards as spectrum analyzers eliminates the need for separate, dedicated hardware, streamlining test bench setups and reducing costs.
• Relevance and Importance of the Tutorial
  • Understanding SDR-based spectrum analysis is crucial for RF engineers, wireless developers, and researchers involved in protocol verification, device validation, and wireless troubleshooting.
  • This tutorial demonstrates practical methods to leverage existing SDR infrastructure for RF spectrum visualization and analysis, maximizing the utility of available resources.
  • It empowers users to perform essential receiver and transmitter checks, signal monitoring, and data capture without disrupting ongoing network simulation tasks.
• Tutorial Outcomes
  • Learn how to configure and operate SDR cards as spectrum analyzers within Callbox and UE simulation environments.
  • Gain hands-on experience in visualizing signal power over time, frequency, and waterfall spectrograms in real time.
  • Understand how to capture and analyze I/Q data for deeper RF investigations and post-processing.
  • Develop intuition about RF signal behavior under different operational conditions using software-based tools.
• Prerequisite Knowledge and Skills
  • Basic understanding of wireless communication principles and RF signal characteristics.
  • Familiarity with SDR concepts and operation, including installation and configuration on Callbox or UEsim platforms.
  • General experience with software-based signal analysis tools and interpreting spectrum plots.
  • Awareness of the hardware limitations and safety requirements for SDR devices, such as maximum allowable input power.

Summary of the Tutorial

This tutorial demonstrates various test procedures and methodologies for analyzing RF signals using the Amarisoft Callbox and its integrated spectrum analyzer software (sdr_spectrum). The procedures cover setup, configuration, execution, and analysis across multiple test scenarios involving different signal types, frequencies, and bandwidths. Below is a structured summary preserving the original content's formatting and technical details.

• Test Setup
  • Setup A: Antenna or RF cables are connected to multiple SDR cards as needed. SDR1 measures power from SDR0 via antenna (for higher accuracy and stability, use RF cable for conductive measurement).
  • Setup B: SDR 0 TX1 → SDR 1 RX1 and SDR 0 TX2 → SDR 1 RX2 (used for certain tests requiring direct cable connection).
• Key Command Line Tools
  • sdr_spectrum - Used for spectrum analysis.
  • sdr_test - Used for generating OFDM or CW signals for test purposes.
  • sdr_play - Used to play IQ files through SDR hardware.
• Running Spectrum Analyzer
  • On Callbox: Switch to graphics mode and open separate terminals for LTE service and spectrum analyzer.
  • Via SSH: Use ssh -X to enable X11 forwarding for remote spectrum display (works on X11-based systems).

• Test 1: LTE on SDR0 and Spectrum on SDR1
  • Run LTE (eNB/gNB) on SDR0, measure spectrum on SDR1.
  • Use ./sdr_spectrum -args "dev0=/dev/sdr1" -rx_freq <frequency> to observe the spectrum.
  • Adjust RX gain using Up/Down keys. Switch display modes (power vs time, time scale) using 'o', '+/-', and other keys.
  • For advanced visualization, enable waterfall plot and adjust color/contrast with keys.
• Test 2: LTE on SDR0 with Different Frequencies, Spectrum on SDR1
  • Repeat Test 1 across various LTE bands (e.g., Band 1 at 2140 MHz, Band 2 at 1960 MHz, etc.).
  • Document and compare resulting spectrum plots for each frequency.
• Test 3: LTE on SDR0 (and 1) with Different Bandwidths, Spectrum on Remaining SDR
  • Transmit LTE signals with varying channel bandwidths (e.g., 1.4, 3, 5, 10, 15, 20, and 2x20 MHz).
  • Observe the impact of bandwidth changes on the measured spectrum.
• Test 4: SDR_Test-Generated OFDM Signal on SDR0, Spectrum on SDR1
  • Generate OFDM signals with sdr_test and observe with sdr_spectrum.
  • Use direct RF cable for accuracy. Vary center frequency and record results (e.g., 500 MHz to 5990 MHz).
• Test 5: SDR_Test-Generated CW Signal on SDR0, Spectrum on SDR1
  • Generate CW (continuous wave) signals with sdr_test, observe with sdr_spectrum.
  • Test both user-defined and default tone_offset parameters. Ensure parameter constraints are met.
• Additional Features & Methodologies
  • AGC (Automatic Gain Control): Optimize RX gain by pressing 'a' key; observe spectrum changes before and after AGC.
  • Power in Frequency Range: Available in software release 2022-04-01 or later; measures power within a selected frequency span.
  • Time Domain Waterfall Plot: Access by pressing 't' in spectrum analyzer; visualizes power variations over time.
  • Trigger Mode: Level trigger for event detection (e.g., PRACH detection in LTE); advisable to separate UL/DL in TDD with RF circulator.
  • Mixed Mode: From 2023-09-08 release, supports combined waterfall and frequency spectrum display; toggle with 'x' key, scroll with arrow keys, and analyze by time/frequency correlation.
  • LTE CRS Analysis: Use cable connections for clear analysis of multiple MIMO antenna ports; visualize reference signals in both time and frequency domains using sdr_spectrum.
  • Full Frequency Spectrum: Use -zoom option to scan the entire frequency range supported by SDR hardware.
  • Channel Scan: Detect all active channels within a specified band or frequency range; results can be saved to a file for further analysis.
  • Saving I/Q Data:
    • From command line using -save-and-exit; saves IQ samples as little-endian 32-bit floats in I/Q order.
    • From spectrum plot using 's' key; recommended to enable AGC first for optimal capture.
  • Spectrum from a File:
    • Analyze previously captured IQ data with sdr_spectrum -iq <filename>.
    • Time vs power mode enabled with '-t 1'. Waterfall available in recent releases.
  • Signal Generation from a File:
    • Use sdr_play to transmit IQ files via SDR hardware, either once or in a loop.
    • Observe resulting hardware signal with sdr_spectrum.

The tutorial provides a comprehensive, step-by-step approach to conducting spectrum analysis and signal verification using SDR hardware and Amarisoft tools, supporting a range of configurations, frequencies, and signal types. It emphasizes practical troubleshooting, multi-band/multi-bandwidth measurements, and advanced visualization for both development and validation purposes.

Why Spectrum Analyzer on Protocol Box ?

Based on my first and second hand experience in the field of testing in Protocol, RF and even in baseband, I experienced and saw many cases of verification/validation engineers struggling with troubleshooting their issues just because of the lack of cheap troubleshooting tools while they are using sub million dollar test equipment. For example, a lot of RF test fails because of protocol issues, not RF issues. In this case, relatively small investment for quick protocol test equipment (or selecting RF test equipment with better protocol analysis option) would save a lot of time and effort to troubleshoot and find root cause of the fails. On the contrary, many of protocol fails not because of protocol issues but because of RF (radio link) issues. Usually most of the protocol equipment is very expensive (usually starting from a few hundred K USD to over million dollars). When some test with such a super expensitive box fails  and  no clear root cause is found in terms of protocol itself, in many cause such a super expensive box goes idle and expensive verification engineers tend to get lost in wrong direction. In many cases when I see this kind of situation, I was wondering why it is so difficult for them to make such a small investment like just a few 10K USD for some basic spectrum analyzer to troubleshoot sub million dollar test equipmemt.

I think most of the readers would know why.. but it is what it is.  The best case would be to have a protocol box and spectrum analyzer in a bundle. That's what Amarisoft Callbox (UEsim as well) does.

Amarisoft box does not provide the spectrum analyzer as a separate hardware only for spectrum analyzer. It provides a special program (sdr_spectrum) that can convert a SDR card installed in the box into a spectrum analyzer. For example, if you have a Amarisoft callbox with 4 SDR cards. When you are using only one of the SDR cards for a specific test, you can use any one (or all) of the remaining 3 SDR card as spectrum analyzer. You can use it as a quick troubleshooting or visualization tool as introduced in this tutorial or you can use them to capture I/Q signal for your algorithm test or verification software.

Test Setup

Test setup for this tutorial is as shown below.  I would suggest you to connect antenna (or RF cables) to as many sdr cards as possible as per your needs. (NOTE : In this setup, sdr1 is measuring power from sdr0 via antenna. so the measured spectrum would not be as accurate and stable as RF cable. If you need more accurate / stable spectrum, connect the two sdr in conductive way (RF cable)). I just want you to build up some intuitions on the output power of a sdr depending on center frequency, channel bandwidth etc.

NOTE : Unless explicitely mentioned, it is assumed that the test is done with the < Setup A >.  < Setup B > is used only for a specific test.

NOTE (Warning) :  You should not input the total power greater than +2 dBm peak for SDR 50  and +5 dBm peak for SDR 100  to SDR input. If your power from SDR TX is high, adjust it with tx_gain parameter or put an external attenuator so that the sdr input power does not go over the input limit.

Setup A

Setup B

       SDR 0 : TX1--------> SDR 1 : RX1  AND  SDR 0 : TX2 --------> SDR 1 : RX2  

Key Command Line

Followings are the list of the important command used in this tutorial. You may copy and paste these examples and modify the parameter values as you need

• sdr_spectrum.
• /sdr_spectrum -args "dev0=/dev/sdr1" -rx_freq 2680e6
• ./sdr_spectrum -args "dev0=/dev/sdr1" -rx_freq 2680e6 -rate 50.0e6 -dft_sample_ratio 1
• ./sdr_spectrum -args "dev0=/dev/sdr1" -rx_freq 2680e6 -save-and-exit -duration 3.0 -save_path "/tmp"
• ./sdr_spectrum -iq filename
• sdr_test
• ./sdr_test -c 0 rfic_tx_test 30.72e6 500e6 30 ofdm 5e6
• sdr_play
• ./sdr_play -args "dev0=/dev/sdr0" -rate 50.0e6 -tx_freq 2680e6 -tx_gain 90 iq_file_name

Running on Callbox

If you want to run this directly on Callbox, you need to switch to graphics mode to launch spectrum window.

Switch to the graphics mode using following command

Open up two (or more) Terminals. One for running lte service and another for running spectrum analyzer

Running on ssh

If you want to run the spectrum from a remote PC via ssh. you can run the spectrum without running startx on the callbox. However, to run the spectrum (display the spectrum) on the remote PC, the remote PC should be running on X11.  The only restriction you have to do is to connect ssh with -X option as in following example.

# ssh -X  root@10.0.0.185

A couple of example setup that works or does not work with ssh -X are as follows.

Example 1 >  Remote PC running on Fedora GUI (or any other X11 based Linux) mode  ==> OK

Example 2 >  Remote PC running on Windows ==> NOT OK. This would give you the message 'Could not display' when you run './sdr_spectrum'

Example 3 >  Remote PC running on Windows with Virtual box running X11 based GUI (e.g, Ubuntu) ==> OK

Test 1 : LTE on sdr 0 and Spectrum on sdr 1

Configuration

You may use any configuration. In this tutorial, I used the configuration for basic LTE attach as shown here .  In this test, I am measuring the spectrum for an LTE cell without any UE connected. It means the cell is just transmitting PSS/SSS/PBCH and SIB messages and there is no user traffic going on in this test.

Run Lte Service

In this tutorial, I will run a eNB/gNB on sdr0 and run the spectrum analyzer on another sdr (sdr 1 or 2 or 3) and measure spectrum of the signal transmitted by the tx port of sdr 0

Running Spectrum Analyzer with basic parameters

Go to /root/trx_sdr directory

Run sdr_spectrum program as follows. Notice that sdr1 is used and the center frequency is set to the tx frequency of sdr card to measure

         ./sdr_spectrum -args "dev0=/dev/sdr/sdr1" -rx_freq 2680e6

Change rx gain by Up/Down keys from previous screen to get this waveform

Press 'o' key (show sample power) on previous screen to switch to 'power vs time' mode as below

Press '+/-' key (change time scale) on previous screen to change time scale

If you are using the Callbox or UEsim later than the release 2022-02-23, you can get the waterfall plot as shown below. You can get the waterfall plot by pressing 'w' key. +/- keys for color change by shifting the power offset and 'Ctrl and +/-' keys for color contrast change. Use Left/Right arrow key to shift the plot on horizontal axis. Press 'n' key to capture only one radio plot and pause (i.e, capture the snapshot of one radio frame).

Running Spectrum Analyzer with more parameters

Run sdr_spectrum program with more parameters as follows. Notice that sdr1 is used and the center frequency is set to the tx frequency of sdr card to measure

Change rx gain by Up/Down keys from previous screen to get this waveform

Press 'o' key (show sample power) on previous screen to switch to 'power vs time' mode as below

Press '+/-' key (change time scale) on previous screen to change time scale

If you are using the Callbox or UEsim later than the release 2022-02-23, you can get the waterfall plot as shown below. You can get the waterfall plot by pressing 'w' key. +/- keys for color change by shifting the power offset and 'Ctrl and +/-' keys for color contrast change. Use Left/Right arrow key to shift the plot on horizontal axis. Press 'n' key to capture only one radio plot and pause (i.e, capture the snapshot of one radio frame).

Test 2 : LTE on sdr 0 with different frequencies and Spectrum on sdr 1

Configuration

You may use any configuration. In this tutorial, I used the configuration for basic LTE attach as shown here and just change frequency. In this test, I am measuring the spectrum for an LTE cell without any UE connected. It means the cell is just transmitting PSS/SSS/PBCH and SIB messages and there is no user traffic going on in this test.

LTE Band 1 at 2140.0 Mhz

NOTE : The two channels shown on the left side is from the live network. It is captured here since I am using antenna for the test.

LTE Band 2 at 1960.0 Mhz

LTE Band 3 at 1842.0 Mhz

LTE Band 4 at 2130.0 Mhz

LTE Band 5 at 881.5 Mhz

LTE Band 7 at 2680.0 Mhz

LTE Band 20 at 806.0 Mhz

LTE Band 71 at 634.4 Mhz

LTE Band 72 at 463.4 Mhz

Test 3 : LTE on sdr 0 (and 1) with different bandwidth and Spectrum on a remaining sdr

Configuration

You may use any configuration. In this tutorial, I used the configuration for basic LTE attach as shown here and just change channel bandwidth except the last case (the last case in this test is based on gnb-2cell-ho.cfg). In this test, I am measuring the spectrum for an LTE cell without any UE connected. It means the cell is just transmitting PSS/SSS/PBCH and SIB messages and there is no user traffic going on in this test.

LTE with BW 1.4 Mhz in Band 7

LTE with BW 3 Mhz in Band 7

LTE with BW 5 Mhz in Band 7

LTE with BW 10 Mhz in Band 7

LTE with BW 15 Mhz in Band 7

LTE with BW 20 Mhz in Band 7

LTE with 2 x BW 20 Mhz in Band 7

This configuration is based on gnb-sa-ho.cfg with frequency and bandwidth changes as follows.

Test 4 : sdr_test-generated OFDM signal on sdr 0 and sdr_spectrum on sdr 1

Configuration

In this test, I am not using Callbox software. I am using a generic OFDM signal generated by the tool called 'sdr_test' transmitted by sdr 0 and run sdr_spectrum on sdr 1.  To get more accurate spectrum, I used RF cable connection between sdr 0 and sdr 1 for this test as shown in Test Setup B.

The two commands that I used in this test are as follows :

     ./sdr_test -c <sdr_no> rfic_tx_test <sample rate> <frequency> <tx_gain> ofdm <bw>     <== OFDM signal generation

     ./sdr_spectrum -args "dev0=/dev/sdr1", -rx_freq <frequency>  <== spectrum plot

OFDM BW 5 Mhz at Center Frequency = 500 Mhz

OFDM BW 5 Mhz at Center Frequency = 1000 Mhz

OFDM BW 5 Mhz at Center Frequency = 1500 Mhz

OFDM BW 5 Mhz at Center Frequency = 2000 Mhz

OFDM BW 5 Mhz at Center Frequency = 2500 Mhz

OFDM BW 5 Mhz at Center Frequency = 3000 Mhz

OFDM BW 5 Mhz at Center Frequency = 3500 Mhz

OFDM BW 5 Mhz at Center Frequency = 4000 Mhz

OFDM BW 5 Mhz at Center Frequency = 4500 Mhz

OFDM BW 5 Mhz at Center Frequency = 5000 Mhz

OFDM BW 5 Mhz at Center Frequency = 5500 Mhz

OFDM BW 5 Mhz at Center Frequency = 5990 Mhz

Test 5 : sdr_test-generated CW signal on sdr 0 and sdr_spectrum on sdr 1

Configuration

In this test, I am not using Callbox software. I am using a generic CW signal generated by the tool called 'sdr_test' transmitted by sdr 0 and run sdr_spectrum on sdr 1.  

The two commands that I used in this test are as follows :

     ./sdr_test -c <sdr_no> rfic_tx_test <sample rate> <frequency> <tx_gain> tone <tone_offset>     <== CW signal generation

     ./sdr_spectrum -args "dev0=/dev/sdr1" -rx_freq <frequency>  <== spectrum plot

NOTE : special comments for tone_offset parameter

• If not specified, it is set to 7.68Mhz by default
• If you want to specify your own offset frequency, consider following limitation
• cannot be 0
• multiple of 100
• sample_rate must be multiple of offset freq

NOTE : You can use your own spectrum analyzer instead of ./sdr_spectrum

CW at User Defined tone_offset

CW at default tone_offset

Enabling AGC / Finding Optimal Spectrum

Right after sdr_spectrum execution. rx_gain not optimized and you would notice high adjacent power.

After the application of AGC, sdr_spectrum automatically adjust rx_gain and optimum spectrum ( NOTE : press 'a' key to enable / disable AGC).

Power with Frequency Range

You should use the software release 2022-04-01 or later to use this feature.

Time Domain Waterfall Plot

You can get the time domain waterfall plot by higging 't' key from other plots. You should use the software release 2022-04-01 or later to use this feature.

Trigger Mode

sdir_spectrum support level trigger. As an application of the feature, you can detect PRACH using the trigger. This example shows the detected PRACH in LTE.

NOTE : It would be relatively easy to detect PRACH in this way in FDD, but it would be much tricky to detect PRACH in TDD because the spectrum would get both Uplink and Downlink through the input port and the trigger may gets ON by DL signal (e.g, MIB/SIB signals). It would be better to separate UL and DL signal using RF Circulator in TDD case and connect UL signal only to the spectrum input port.

Mixed Mode

From 2023-09-08 release, a special display mode called 'Mixed Mode' is supported. It shows both waterfall and the frequency waveform on the same display. You can switch back and forth between frequency spectrum and mixed mode by toggling 'x' key as shown below.

Following is a full screen showing the mixed mode display.  By default, the 'frequency waveform (the upper plot)' corresponds to the frequency scan line at the top of the waterfall plot.

You can scan (scroll) up and down along the waterfall plot in 'line mode'. You can get in and out of the line mode as shown below.  Once you get in the line mode, you can scroll up and down using the up/down arrow key.

Following is an example of showing a waveform corresponding to a specific time indicated by 'red line' in waterfall.

Here you see how it looks in Animation.  This example is from one radio frame of LTE radio frame with 5Mhz channel bandwidth. This was captured when eNB is running but no UE is connected. So you see CRS (Cell Reference Signal), PBCH/PSS/SSS and PDSCH for SIBs as it walk down along the radio frame. Since there is no UE connected and no user traffic PDSCH, you would see some empty symbols.

Analyzing LTE CRS 

This is a small use case of utilizing sdr_spectrum in a real application, which in this case is spectrum analysis of LTE CRS (Cell Reference Signal). In this example, I will show you the reference signal of LTE 4x4 MIMO. By the 3GPP specification, The type and position of the cell reference signal (CRS) for each antenna is specified as follows. The goal here is to visualize these reference signal using sdr_spectrum.

NOTE : To analyze / visualize these signal accurately you would need vector spectrum analyzer with LTE signal analysis functionality. But sdr_spectrum is not the special purpose spectrum analyzer with vector analysis functionality. It is just a general purpose spectrum analyzer. So it would not be possible to perform very clear / accurate analysis (especially more limited in frequency domain visualization in this specific case). If you have any high end vector signal analyzer with LTE signal analysis feature, you can do the same analysis with clearer and better accuracy.

The test setup that I used for this analysis is as shown below. Here, Callbox is transmitting LTE 4x4 signal without any data meaning that it is just transmitting PSS/SSS, PBCH, PFICH, PDSCH for SIB and CRS (Cell Reference Signal). I ran enb with enb.default.cfg modified for 4 DL antenna (4x4 MIMO). I used UEsim just just as a spectrum analyzer (i.e, just to run sdr_spectrum).

NOTE : It is important to connect the transmitter (eNB in this case) and reciever (UEsim/spectrum analyzer) with RF cable to visualize the spectrum of each individual antenna port separately, otherwise each RX antenna would receive the signals from every TX antenna.

Now let's start the analysis. I will display the spectrum from all 4 RX antenna by running following command :

./sdr_spectrum -args "dev0=/dev/sdr0.dev1=/dev/sdr1" -channel 4 -rx_freq 2680e6 -rx_gain auto

The default display shows frequency spectrum for each RX channel (i.e, signal from each eNB antenna port).

If you press 'w', you can get the time domain spectrum (power vs time, often called Zero-span plot in spectrum analyzer world). As illustrated below, you may easily figure out the pulse for R0, R1, R2, R3 by comparing the time domain location and Resource Grid shown in 3GPP document. (NOTE : Strictly speaking it is possible to differentiate between R0/R1 and R3/R4, but it is not possible to differentiate between R0 and R1 or between R3 and R4 since this does not show the frequency domain power distribution).

To get some visualization in both time domain and frequency domain, you can switch to waterfall mode (spectrogram mode) by pressing 'w' key. Then you can get the plot as shown below. In this plot, x axis indicates frequency and y axis indicates time.

To get higher resolution for time domain, press 'x' key to change the direction of the spectrogram. In this plot, x axis represent time and y axis represent frequency. Here you may easily identify R0, R1, R2, R3 in time domain. But you can get only high level outline of the frequency domain profile. (NOTE : If you use the vector signal analyzer with dedicated LTE signal analysis, you would get clear resource grid as shown here )

Full Frequency Spectrum

you can plot the spectrum for the full frequency range that the sdr card support using -zoom option as shown below.

Channel Scan

You can scan and detect all the active channel within a specified band as shown below.

NOTE : This feature is verified only for sdr50. It would take unreasonably long time or may not work properly with sdr100

NOTE : This feature may not work properly in latest release. In this case, try out ltescan tool.

After the scan is completed, sdr_spectrum prints out all the detected channels in text.

You can save the result of the scan into a file by running with a redirection to file as shown below.

When the Channel scan is done, the result is saved in the specified file as shown below.

You can specify the range of the scan in frequency rather than band using the options -scan_start and -scan_end as shown below.

Saving I/Q Data into a file

You can save the IQ data into a binary file and you can analyze it with your own program (e.g, Matlab etc)

 

Saving I/Q with command

Save a file in command line as shown below

The command will popup the spectrum window first and collect / save the IQ data into the specified folder (/tmp in this case).

NOTE : The I/Q samples are saved as little endian 32 bit float values, in I/Q order. The sample values are between -1 and 1

Saving I/Q in Spectrum Plot

You can save I/Q directly from the spectrum plot usng 's' key as shown in the Keys menu in the plot.  A good way to capture the I/Q in a good quality are as follows.

i) Check if you see any form of spectrum with a certain bandwidth (If you don't see any spectrum with bandwidth and everything looks like noise floor, it would be likely that there is no signal or the signal is weaker than noise floor)

ii) If you see any signal with a certain bandwidth, press 'a' key to allow sdr_spectrum software perform AGC and find the best rx_gain and best spectrum. It will take several seconds to complete AGC.

iii) then press 's' key to save the signal into file. Every time you press 's' key, the signal with the duration of 1 sec will be saved in /tmp directory.

Spectrum from a file

Assume that you have a binary file captured as shown below.

You can get the spectrum by following command. NOTE : in this case you don't have to specify any sdr card since this is not using any hardware

In the spectrum from file, you would notice there is only a few menu available. Most of other menus especially related to hardware (e.g, rx_gain, AGC etc) are not available

If you want to plot the file in 'time vs power' mode, you have to speficy it at the command line as shown below ('-t 1' indicates 'time vs power' mode)

If you are using the Callbox or UEsim later than the release 2022-02-23, you can get the waterfall plot as shown below. You can get the waterfall plot by pressing 'w' key. +/- keys for color change by shifting the power offset and 'Ctrl and +/-' keys for color contrast change. Use Left/Right arrow key to shift the plot on horizontal axis. Press 'n' key to capture only one radio plot and pause (i.e, capture the snapshot of one radio frame).

Signal Generation from a file

You can play the binary file (IQ file) in the hardware (i.e, generating physical signal from sdr card) using a program called sdr_play as shown below.

This command plays the file only once and quit the program

This command (with -loop option) continuously playing the file.

And you can plot the spectrum using sdr_spectrum as shown below.