Author Topic: ESP32 Wi-Fi Signals observed by Germanium Diode and HackRF  (Read 323 times)

0 Members and 1 Guest are viewing this topic.

Offline bb1

  • Contributor
  • Posts: 32
  • Country: us
ESP32 Wi-Fi Signals observed by Germanium Diode and HackRF
« on: August 15, 2022, 01:21:26 am »
The salient feature of the ESP32 is Wi-Fi radio.
It is interesting to see actual Wi-Fi signals emitted by ESP32.
Wi-Fi neighborhood is often very busy.
To exclude irrelevant signals, it makes sense to put the radio receiver very close to the ESP32 antenna.
In such case the receiver does not need to be very sensitive.
Germanium diode connected to 10X Keysight scope probe does the job.

The Keysight screenshots for different arrays of data transmitted by ESP32 are attached.
ks_esp32_1000BytesTransfer_zoom.png shows transfer of 1000 bytes of data,
and ks_esp32_100000BytesTransfer.png naturally shows transfer of 100000 bytes.

The diode voltage is shown by Ch2 (green) trace.

We can see that it takes about 80 mS to transfer 100000 bytes, which means that the average bit rate is about 10 Mbit/sec,
which is much less than 72.2 Megabits/sec defined by the 802.11n standard for one 20 MHz channel.

This discrepancy can be seen in detail on the 1000 bytes screenshot.
The yellow Ch1 line shows voltage on the built-in ESP32 blue LED.
The LED is turned on just before the command for array transfer is given,
and is turned off right after that command ends.

We see 3 high short pulses preceding the array transfer.
They are actually slow housekeeping pulses, not related to the size of the data array. They do not use 802.11n standard.
Immediately after the last of these pulses there is (not seen on the scope screenshot) Clear To Send command from the Access Point.
ESP32 takes about 2.5 mS time after that command to actually start the array transfer.
It is interesting that most of the array transfer happens after the LED (yellow trace) reports that the transfer is finished.

The 1000 bytes array transfer is shown by the 75mV (lowest of 4 pulses) pulse,
which starts almost at the end of the LED(yellow) pulse.
This array transfer indeed is very fast. It only takes 159 uS.
It uses fastest nominal transfer rate of 802.11n, 72.2 Megabits/sec.
The real transfer speed, is, of course, slower, about 50 Megabits/sec.

Bigger picture of Wi-Fi channel signal can be observed using HackRF with antenna placed so close to the ESP32 that ESP32 signals become slightly larger than the Access Point signals.
HackRF capture of IQ data for half of a second is shown on Hackrf_IQ_data.png.

We can see beacons from 2 different Access Points.
For each access point the beacons are separated by 102.4 mS.
We also see 3 larger very narrow spikes coming from ESP32.
Only first of these spikes is related to the 1000 bytes array transfer.

Hackrf_IQ_data_Zoomed.png shows zoom of this first spike.
We see about twice as many packets as observed by the diode.

The first set of packets are: Null data from ESP32, Ack to it, about 150 uS empty interval,
then RTS from AP, CTS from ESP32, Encrypted 5 bytes of array size sent from PC to ESP32, Block Ack to these 5 bytes,
and mentioned above CTS from AP.

After about 2.5 mS there are remaining 2 packets: encrypted 1000 bytes array transfer from ESP32 to PC, and Block Ack to it.

It is interesting that ESP power current is increased few mS before the first packet, and returns to low level about 120 mS later.
Of course, during actual transmission the current is yet much higher.
All this can be seen from voltage drop of ESP32 Vin 4.55V power supply shown by green trace on ks_esp32_Vin_2sec.png.
The yellow trace, as before, shows voltage on the blue LED.
The following users thanked this post: evb149

Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo