RS232 'Sniffer' Probe

If you are involved with process control, then there are many times when you just wish you could 'see' the communications between two pieces of kit. When it comes to more modern LAN based pieces of equipment, then sniffer programs are very much the norm. They are also not a problem to connect up as the LAN is usually shared between the various pieces of kit and other PCs.

When it comes to devices that use "point-to-point" coupling, such as RS232, then life becomes a little difficult. There is only one transmit per device, and one receive.

If one of the devices is a PC then, yes, there are programs that claim to 'sniff' the com port traffic - but these don't come without their own set of troubles! And the brighter systems engineer will definitely not want to install such tools on a live system (and I don't blame him either!).

Needing to 'see' what is being 'said' on an RS232 coms line must therefore be done with a little hardware and a sniffer PC. If a laptop, this has only one com port (and that's if you're still lucky to have a com port!) and therefore only one receive.

RS232 snifferIn steps this handy little 'sniffer' probe allowing both communications paths to be monitored by one receiver. It is placed in either side of the link between the two pieces of kit (there is no need to plug it in to a specific side), and the tail (lower plug) is then plugged in to the sniffer PC com port.

The method of operation is quite simple. The transmit lines on RS232 are held negative. Diodes 1, 2, & 3 take this negative voltage and charge the capacitor. The resistor then biases the sniffer receiver input negative.

When either monitored transmit line sends data, the sniffer receiver input is pulled positive via the appropriate diode (4 or 5). S1 & 2 select which line is to be 'sniffed'. S1 selects Pin2, S2 selects Pin3.

This construction allows for either monitored port to be unplugged without causing the transmitted data of the still connected port to be sent back to its own receiver input (which can cause malfunction in some systems) or for any data sent by the sniffer port to arrive at any of the monitored ports.

There are limitations with this probe being that if both switches 1 & 2 are closed, then both ports are not allowed to "talk" together as this will corrupt what the sniffer 'sees' - but this will not interfere with the comms between the two devices, only corrupt what is being 'sniffed'. However, with most protocols (e.g. MODBUS) the commands and acknowledgements are distinctly separated and corruption tends to not occur.

Diodes are either 1N4148 or 1N914 (or any other suitable signal diode), the capacitor a 2.2µF, 25V tantalum, and the resistor anywhere between 4.7kΩ and 10kΩ, ¼-watt, metal film. The switches I used were simple miniature slide type.

All that is now required is a decent program that can interpret the commands being sent, and you're done!


One of the most extensive RS232 terminal programs I have come across in recent months is a freeware one simply called "Terminal" by 'Br@y++'.

The program is a 300kB Win32 executable (no installation required - thus can be kept on a "stick") and multiple copies of the program can run simultaneously allowing viewing of more than one port (a laptop with a dual RS232 PCMCIA card can therefore monitor two separate links).

One of the features included is the ability to switch to HEX receive (great for MODBUS, etc.) and the logging feature logs in the mode selected (thus saving having to convert the log file to HEX).


Experience has shown significant advantages are realized by having the sniffer in two parts; The first a 'T-connection', the second the sniffer itself (allowing for connection of oscilloscopes etc. to the link under test.

The sniffer is then put together in a simple casing allowing for quick removal and/or changing to another link under test without having to disturb the first (so long as there is more than one 'T-piece' in the toolbox).


For the really brave amongst some of you! This version uses two transistors as the switches allowing for software control of which data direction is being monitored.

super-duper RS232 sniffer

The RTS (Pin 7) controls monitoring of data on TX (Pin 3), and the DTR (Pin 4) controls monitoring of RX (Pin 2) data. The controlling of RTS and DTR is simply done through "buttons" within the Terminal program (featured above).

| | Ask a Question |

©  24.04.04 / 02.08.07