Toralf F�rster wrote:
Hi,
thank's for your reply
have you had an opportunuty to see what actually goes through the wire?
Unfortunately not :-(
It appears, from the packets you sent in your other message (which
would've been less confusing if you'd sent it as a reply to your own
message) that the PPPoE header, as captured, is bogus; it claims that
the payload length is 14 bytes, not 1294 bytes.
I don't know whether that's because the payload length is really wrong
on the wire, or because the Linux PPPoE implementation just tweaks the
PPPoE header in-place before the packet gets handed to the socket layer
(and thus to libpcap and thus tcpdump/Wireshark/whatever program is
capturing).
I would not be in the least surprised to find that it's the latter, as
we've had problems with captures done on Linux before this, for the same
reason. I thought there was copy-on-write logic that would prevent
modified-in-place packets from being handed to programs capturing
traffic, but I guess it either doesn't exist or isn't being used.