At a towered airport, air traffic controllers (ATC) needs to know where every plane in their airspace is, and where they are going. In the past this has been done with radar, large towers with a reflector antenna sweeping horizontally. The problem with radar is that it only gives the relative distance of the aircraft, with no other useful information. This doesn't give ATC the aircraft's altitude, and requires external systems for identification and tracking. So, in comes Automatic Dependent Surveillance-Broadcast (ADS-B). With ADS-B the aircraft sends its position, altitude, speed, heading, and callsign are send to ATC with an identification code. With this system, ATC can tell an aircraft to use a specific identification code (squawk code) to send them their information, and then confirm their position with the radar. This allows for faster tracking of aircraft, and ensures that ATC can keep those aircraft where they need to be.

    The problem with ADS-B is that it it is sent unencrypted and requires to authentication. Anybody can send or receive this data. Communication in aviation works very differently from communication in computing. Any aircraft that wants to take-off or land at a towered airport needs be able to talk to the talk to ATC and send information. So, in the event of an emergency, you don't want to have any barriers to communication. However the open-ness of ADS-B means that someone, who is not in an aircraft, could send fake data to the tower. Importantly, squawk codes could cause a decent bit of trouble. 

    When an aircraft wants to take off from a towered airport, they will have to talk to the approach controller, who will give the aircraft a squawk code. The pilot of the aircraft will enter the code into their ADS-B transponder, and it will broadcast its information. The approach, tower, and ground controllers will the use this to track where the aircraft is. However, there are codes set aside for special cases. For example 7700 is used for an emergency where the aircraft need to land immediately, such as an engine loosing power. 7600 is used for a loss of communication, if the aircraft, for whatever reason, can't talk to ATC, seeing this code will tell them let them know to use lost comms procedures with that aircraft. And 7500 is the hijack code, exclusively used for situations where the aircraft has been taken over. ATC will immediately do everything they can to safely get the plane on the ground, and if close enough, military aircraft will be sent to intercept hijacked plane. Aircraft trying to take off will not be allowed to, and ones trying to land will be sent to nearby airports.

    If someone were to get close enough to an airport, with a powerful enough transmitter, they could completely stop an airport's completely. Though, there is good news, the FAA and FCC know about this, it's illegal, and not very hard to track down. Airports are constantly worried about people jamming radio frequencies they need for communication, so many have ways of figuring out where a signal is coming from. Combined with security cameras, it wouldn't really be possible to do this and get away with it.

    The benefit of ADS-B being transmitted over the air unencrypted is, we can listen to it to see where planes around us are. This is very common, and there a lots of databases that gather logs from all around the US. I want to try to capture some data myself, from the Greater Rochester International Airport (KROC). 

    Here's my setup: I have a Nooelec RTL-SDR, with the antenna included in their kit. This isn't ideal for capturing mode S as it's 1090 MHz, but I am close enough to the airport that I should still be able to capture some good data. For software, I'm using dump1090, a simple ADS-B receiver and decoder that also has a built in web UI for viewing the captured data on an interactive map. I wrote a python script to get the data from dump1090 and attach a time stamp to each message.

    While testing I was able to capture a few airliners as they were coming into land. They would pop up at about 1500ft and disappear as they got close to 500ft. These first few tests got some decent results, and I felt confident enough that I wouldn't be capturing gibberish at the airport.

    The closest I was able to get was a parking lot near runway 25 (marked in red). From there I was able to capture all aircraft taking off from all of the runways as well as most aircraft in the vicinity.

  Total Messages: 23349     
  Unique Tails: 35
  Highest: 41000
  Fastest: 359 kts (413 mph)

  Summary: summary.json
  Full Capture: KROC_10-5-24-1732.csv