> The issue here is how to capture traffic in both directions. These
> devices aren't built to listen on both the TX & RX lines. I suspect
> that you will have to install 2 of these devices. Now you have to
> figure out how to capture from 2 interfaces in ethereal.
Well, you currently can't - but if he's planning on snooping on the
computer on one end of the wire, rather than doing third-party snooping,
that may not be an issue; in fact, if that's what he's doing, it may be
that the OS he's using already supports that sort of capturing.
> Nortel (Bay Networks) uses a proprietary protocol called Welfleet standard,
> and I believe that Cisco also has a proprietary protocol based upon HDLC.
It appears that there may be Cisco HDLC code in Linux "syncppp.c" and/or
in FreeBSD (the Whistle Interjet apparently support it, and they've
contributed a lot of the networking stuff they did to FreeBSD, e.g.
their Netgraph protocol-plumbing infrastructure), so said protocol may
not be secret. (It may even be hidden somewhere on the Cisco Connection
site, but trying to find documentation there is sometimes like trying to
find a needle in a haystack.)
