This tiny 2"x2" PCB is intended to be attached with double-sticky tape or some
other equally hackish method to a Netopia CM-SDSL daughtercard, the 5 test
points labeled BCLK, RDAT and TDAT on the silk screen are to be blue-wired to
the corresponding pins on the Bt8970 bitpump chip on the Netopia card, and the
test points labeled +5V and GND are to be blue-wired to some convenient points
where the named voltage rails can be easily accessed on the same Netopia card.

Here are the relevant pins from the Bt8970 pinout:

Pin 85		TDAT
Pin 88		RDAT
Pin 89		BCLK

Once a Netopia CM-SDSL wanlet is outfitted with this sniffer card, installing
this wanlet onto an R7100/D7100/R7171/D7171 UMB3 and connecting the resulting
complete router to a CE200 DSLAM will allow one to sniff the entire HDLC frame
exchange between the Netopia box and the CE200.  The bit stream from the CE to
the Netopia will appear on the J1 header, and the bit stream going in the
opposite direction will appear on the J2 header.  Each bit stream tap output
header is an EIA-422 port with data and clock, driven by the 26LS31 driver U2:
just take it to your favourite EIA-422 synchronous serial DTE device capable of
HDLC frame dump.

The goal is to help reverse-engineer CMCP and CM's IMUX protocol.

This sniffer card can probably also be used to sniff the bit streams from other
SDSL devices which use a Bt8970 or RS8973 bitpump and run its channel unit
interface in one of the serial modes, but the hack creator's immediate need at
the time of this writing is to sniff from Netopia's CM-SDSL wanlet.

Happy hacking,
Michael Sokolov
