Title: PPP capture in Ethereal
Hi,
When I use Ethereal to capture PPP packets in my 56k dial-up modem, some problems puzzle me. OS in my PC is Win2k professinal + SP3, Ethereal is version 0.9.11,and modem is 56k Xircom. The capture interface I chose is NdisWan Adapter: \Device\NPF_NdisWanIp.When I dial up my ISP, I get one IP address and can surf internet normally. Ethereal show some packets as follows:
Frame 1 (37 bytes on wire, 37 bytes captured)
Ethernet II, Src: 20:53:45:4e:44:07, Dst: 20:53:45:4e:44:07
Destination: 20:53:45:4e:44:07 (20:53:45:4e:44:07)
Source: 20:53:45:4e:44:07 (20:53:45:4e:44:07)
Type: PPP Link Control Protocol (0xc021)
PPP Link Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x00
Length: 23
Options: (19 bytes)
Async Control Character Map: 0x00000000 (None)
Magic number: 0x1c100ace
Protocol field compression
Address/control field compression
Callback: 3 bytes
0000 20 53 45 4e 44 07 20 53 45 4e 44 07 c0 21 01 00 SEND. SEND..!..
0010 00 17 02 06 00 00 00 00 05 06 1c 10 0a ce 07 02 ................
0020 08 02 0d 03 06 .....
Frame 2 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: 20:52:45:43:56:07, Dst: 20:52:45:43:56:07
Destination: 20:52:45:43:56:07 (20:52:45:43:56:07)
Source: 20:52:45:43:56:07 (20:52:45:43:56:07)
Type: PPP Link Control Protocol (0xc021)
PPP Link Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x01
Length: 28
Options: (24 bytes)
Async Control Character Map: 0x000a0000 (DC1 (XON), DC3 (XOFF))
Authentication protocol: 4 bytes
Protocol field compression
Multilink MRRU: 1530
Multilink endpoint discriminator: 8 bytes
0000 20 52 45 43 56 07 20 52 45 43 56 07 c0 21 01 01 RECV. RECV..!..
0010 00 1c 02 06 00 0a 00 00 03 04 c0 23 07 02 11 04 ...........#....
0020 05 fa 13 08 01 31 32 33 34 35 .....12345
My question is why PPP has Ethernet II header ? Is it Ethereal's trouble or Win2k's ? Is it protocol format between modem and Win2k?
Thanks for your help!
Kind wishes
Dong