PPPoE frame structure?

A

Axelertortt2015-06-27 21:42:02

Computer networks

Axelertortt, 2015-06-27 21:42:02

What is the actual PPP frame structure when encapsulated in PPPoE? If you read the same Wikipedia, spec. literature, it always indicates that the following fields are present:
Flag 0x7E | Address 0xFF | Management 0x03 | Data | Checksum | Flag 0x7E
The data is split into:
Protocol 0xXXXX | Data
But if you look at the contents of the ethernet frame of a PPPoE session using Wireshark, then there is no Flag 0x7E, Address 0xFF, Control 0x03, Checksum, Flag 0x7. There is only Protocol 0xХХХХ and Data (IP packets).
I would be very grateful for an explanation.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Valentin, 2015-06-29
@Axelertortt

An interesting question, I wanted to dig into it myself)
In short, the PPPoE standard differs from the PPP standard in terms of the Address and Control fields. And the rest of the fields were brought by one well-known American office Microsoft. More details below.
We open RFC 1661 , it describes how PPP should be encapsulated . We see that the Protocol Information field can be 8-16 bits in size. In particular, in PPPoE there are only 8 bits, in pure PPP - 16.
Classic PPP must support the same headers as the earlier HDLC , this protocol requires the Address and Control fields. The same fields have successfully migrated to PPP, although formally they are not needed in it .
We dig further. The PPP protocol implementation defines the LCP synchronization mechanism , it has an Address-and-Control-Field-Compression option . So RFC 2516 (PPPoE, not so big) explicitly says not to use this option, and it is quite logical to spit out the Address and Control fields . How this option is used in PPP can be read here .
So, dealt with Address and Control , let's deal with the flag 0x7e. Obviously, you will not find such a field anywhere in the PPP standard, but it is available in the description of the standard for win-systems . This is nothing more than a simple modification of the protocol for itself by the MS office)
And finally, a few pictures of simple ICMP-echo packets. Here's an example of a PPP
dump . As you can see, there are no flags, FCS fields in it. But there is Control and Address. And here is a picture with a PPPoE dump . It also does not have these fields, just as there are no Control and Address . PPPoE in this form does not need HDLC compatibility , but more timing options are needed. These options go in the PPP-Over-Ethernet-Session header .
And finally, a picture with a PPTP dump . Address and Control are present, although also not required, but there is a GRE header at the beginning .
Bottom line - do not read the wiki just like that without looking back, believe everything that is written there.
PS You can look at the dumps yourself on packetlife , you can view them directly in the browser via cloudshark

A

Andrey Akimov, 2015-06-28
@Ostan

Such things are not on Wikipedia need to look. You go to the IETF repository site and type "pppoe" into the search bar and sort through the documents. Having learned the RFC number, which describes what you need, you can look for a translation into Russian.
In general, it’s possible that you’re just looking at something wrong through Wireshark.