The world's commercial aircraft broadcast ADS-B (Automatic Dependent Surveillance - Broadcast) every second. OpenSky Network is a volunteer-run global receiver network that aggregates those broadcasts into a free public feed. For airfield operations, conflict-zone monitoring and sensitive-site awareness, OpenSky is the maritime-AIS-equivalent for aviation.
This post is about the practical pipeline: which OpenSky endpoints to consume, how to filter for the signals that matter, and how to wire emergency-code + military-squawk + low-altitude-loiter alerts into an operations Slack channel.
What OpenSky publishes
Two consumption modes:
State-vectors REST
Every active aircraft state in the world, refreshed every 5-10 seconds:
https://opensky-network.org/api/states/all
No key required for global state-vector queries (rate-limited — 100 calls/day for anonymous). Free OpenSky account raises this to 4,000 calls/day.
Returns: ICAO 24-bit address, callsign, origin country, lat/lon, baro/geo altitude, ground/air, velocity, heading, squawk code.
Bounded queries
For asset-radius monitoring, bound the query to a bbox:
https://opensky-network.org/api/states/all?lamin=51.0&lomin=-0.5&lamax=52.0&lomax=0.5
Far cheaper in API budget terms — use bbox-bounded queries for asset-specific monitoring.
What you actually care about
Raw ADS-B is firehose. Five signals drive 90% of useful alerts:
1. Emergency squawk codes
Three universal-emergency squawk codes:
7500— Hijacking7600— Radio failure7700— General emergency
Any aircraft squawking any of these = drop everything and pay attention. Filter is trivial:
state.squawk === "7500" || state.squawk === "7600" || state.squawk === "7700"
2. Military / state aircraft
origin_country field + a known-callsign filter catches state aircraft. Common military callsigns:
RCH(US Air Force Reach)RFR(Royal Air Force)LAGR(Russian state)JCG(Japanese Coast Guard)NAFO(NATO)
Pattern-matching on callsign prefix + cross-reference against the ADS-B Exchange military-icao-database catches another 30-40%.
3. Low-altitude loiter
A non-commercial aircraft loitering at low altitude over your asset is interesting. Filter:
state.altitude < 5000 // feet, mean sea level
&& timeInZone > 600 // seconds (>10 minutes)
&& !isCommercialCallsign(state.callsign)
Catches reconnaissance overflights, news helicopters, agricultural / survey work.
4. Conflict-zone overflights
For corridor monitoring (e.g., Black Sea, Eastern Mediterranean), polygon zones around the conflict area + ADS-B alerts on any non-commercial state aircraft in the polygon.
5. Tanker / AWACS / surveillance patterns
NATO AWACS callsigns (NATO01-NATO20), USAF refueling tankers (KC-135, KC-10, KC-46 type codes), surveillance aircraft (RC-135, P-8) all have known callsign + ICAO patterns. Maintain a database, match incoming traffic.
Geofencing patterns
Three patterns:
1. Airfield circles
10-25km circle around any operated airfield. Set severity threshold by squawk + callsign type. Catches every ADS-B-equipped aircraft that lands or transits.
2. Sensitive-site polygons
For nuclear plants, government facilities, embassies — polygon zone with severity threshold based on altitude. Low-altitude unknown aircraft = high severity. High-altitude commercial = drop.
3. Conflict-zone corridors
Polygon zones around active or sensitive regions (Black Sea, Suwałki Gap, Taiwan Strait, etc.). Severity threshold based on state-aircraft detection.
Severity scoring
function adsbSeverity(s: AdsbState): number {
// Emergency squawks dominate.
if (s.squawk === "7700" || s.squawk === "7500") return 100;
if (s.squawk === "7600") return 80;
// Military state aircraft in non-routine zones.
if (isMilitaryCallsign(s.callsign)) return 70;
// Low-altitude loiter.
if (s.altitude < 3000 && s.timeInZone > 600) return 60;
// Routine commercial — usually drop.
if (isCommercial(s.callsign)) return 20;
return 40;
}
False-positive reductions
OpenSky has known noise:
- GPS jitter — aircraft stationary on ground occasionally show altitude drops. Filter
s.on_ground === truebefore scoring altitude. - Reserved test squawks —
7777is military-test,4000is FAA-test. Maintain an ignore list. - Receiver gaps — some regions (Russia, China, parts of Africa) have sparse OpenSky receiver coverage. Don't fire "lost contact" alerts in those regions.
Pattern-of-life baselines
For deeper signal, baseline the "normal" aircraft traffic in your zone over 30 days and alert on anomalies:
- Aircraft type never seen before in this zone → flag
- Time-of-day mismatch (e.g., business jet at 03:00 local) → flag
- Altitude / heading combination that breaks the typical pattern → flag
Pattern-of-life detection is where dedicated platforms (ADS-B Exchange, Flightradar24, Janes IHS) earn their fee. For OSINT-only monitoring, the squawk + callsign + loiter filters cover the highest-value signals.
Free starter stack
Minimum viable aircraft monitoring this week:
- Free OpenSky account → 4000 API calls/day
- Wire bbox-bounded queries for each asset airfield / sensitive site
- Filter: emergency squawks, military callsigns, low-altitude loiter
- Score on 0-100 → Slack channel
#ops-aircraft
Augur's OpenSky ingest wraps the bbox query batching + emergency-squawk + military-callsign filter + dwell-time alarm. Free OpenSky tier is enough for monitoring 5-10 zones.
What this looks like in production
Defence contractor security team: 8 facility-radius zones + emergency-squawk + military-callsign filters drives the SOC's aviation awareness. ~3-5 alerts per week. Caught one near-miss.
News bureau in conflict zone: Black Sea polygon + state-aircraft callsign filter + low-altitude loiter. Has surfaced multiple incidents days before official confirmation.
Major airport operations: 25km circle + emergency-squawk filter + go-around detection. Auto-alerts duty manager on 7700 squawks.
The data is public. The signal is in the filters.