An RS232 "spy" cable

Skip to main content (skip navigation menu)






An RS232 'spy' cable

 

The RS232 norm defines a one-on-one communication link between DTE device (Data Terminal Equipment, such as a PC or a printer) to a DCE device (Data Communications Equipment, typically a modem). One DTE device talks to one DCE device, or to one other DTE device through a null-modem cable —a null-modem cable is a cable where the transmit and receive lines are crossed. With a special cable, though, it is possible to have a third apparatus "listen in" on the data.


A male-female "gender changer" with a third (female) connector split off

The motivation for such a cable is that a standard debugger running on a PC is not very practical in debugging serial protocol problems (or for deciphering the protocol). Two different apparatus/programs are involved in a serial link, and if you stop one of these (on a breakpoint) for inspection, the other may time out and abort the communication. A better approach is to pick up the stream of bytes on a separate monitoring computer and verify/decipher the protocol from this trace. In this case, both sides run at their normal communication speeds and neither is aware that what it sends gets captured by a PC "in the middle".

The RS232 connection has separate transmit and receive lines, which means that the hardware can send data and receive data at the same time ("full duplex"). However, the majority of the protocols are half duplex: also called "master-slave" or "query-reply". What the splitter cable does is to re-route the transmit lines of both devices to the read line for the monitoring PC. This will only work correctly for half duplex protocols; when both devices that are involved in the serial connection send at the same, the signals will collide on the split-off receive line.

This schematic assumes that the split-off cable has a female connector, for connection to a PC. When you need a male connector for J3, connect the diodes and resistors to pin 3 of J3 —instead of pin 2.

Here is how it works: when a device (on either side of the communication link) is not sending, it pulls its transmit line low (where low is typically a voltage between -12V and -5V). If neither device is sending, both transmit lines are therefore low and they pull the receive line of the split-off cable low as well. If either device is sending, the "high" pulses (between +5V and +12V) pass through a diode and pull the receive line of the split-off cable up.

The two 4k7 resistors cause some cross-talk between the transmit lines of the two communicating devices, but this should not cause any problems (alternative designs that I have seen use 2k2 or even 1k resistors, so 4k7 is probably on the save side).

On the PC that must monitor the data stream, you can run any common RS232 communication program, such as the HyperTerminal that comes with Windows (better alternatives are freely available, see the bottom of this page). Note that the monitoring PC cannot send anything: the transmit line is left unconnected.

Alternatives: active cables or a PC with two RS232 ports

Instead of a special cable, a set-up that works in most cases is to use a PC or laptop that has two RS232 ports, plus special software that forwards data received from one port to the other, and vice versa. Software suitable for RS232 port monitoring and port forwarding is Termite, see the references below.

The PC-in-the-middle approach will add latency to the transmission. Hardware handshaking between the monitored devices will also be less reliable, because both devices now "handshake" with the PC, rather than with each other.

A cable like the one described above, with active electronics to separate the transmit lines at both ends, overcomes these problems. For the monitored devices, the sniffer plug/cable is completely transparent, and full duplex communication can be supported too. See the references below for a commercially available sniffer cable.

References

Termite: a simple RS232 terminal
A free simple terminal that we developed, which focusses on ease of use and an effortless installation. The page for Termite describes a monitoring set-up that uses a PC with two RS232 ports instead of a special cable. It also lists several alternative RS232 terminals.
RS232 serial spy monitor cable by Lammert Bies
A design for a full duplex cable (requiring two RS232 ports on the monitoring PC). The site also has an alternate design for a half duplex cable with only one resistor and one diode, but that cable failed some of the devices that I tried it on.
    Another typical design that floats on the Internet uses only the two diodes and leaves out the resistors. I did not try this one, but it feels like a "hack" that depends on the serial ports to have an internal "pull down" on the receive line.
EZ-Tap & EZ-Tap Pro by Stratus Engineering, and Docklight Tap & Tap Pro by Docklight
An active sniffer cable that monitors the DTE/DCE and RTS/CTS lines as well as the Tx/Rx lines. It is aimed at trouble-shooting protocols with strict timing requirements, full-duplex transmissions and/or protocols requiring strict (hardware) handshaking.