PPP

Point to Point Protocol


PPP (Point to Point Protocol) is more or less the standard for transporting TCP/IP over serial lines, and thus to connect to an internet provider over a serial line (a modem connection) in stead of trough a network interface card. It deals, amongst other things, with the problem of user authentication, and with dynamically assigned IP addresses.

PPP takes place between two machines connected by a serial line, a cable connection between serial ports ( COM ports) on the 2 machines. In most cases, part of this serial cable will be replaced by a telephone line, so you'll need an additional piece of equipment that can dial the other side, and transform the bits from the serial port into a signal that can travel over the phone (PSTN) or ISDN line. This piece of equipment is called a modem.

Once this modem connection is established, your ISP will want to make sure that you have a user account (he does not want to provide internet access to people without an account). To use TCP/IP, the standard internet protocol suite, you'll also need an IP address for your machine, IP addresses of the nameservers that will translate URL's in server IP addresses, etc. Most of this information is no longer fixed (so you could keep it in a configuration text file on your computer), but is assigned dynamically, while you set up the connection with your ISP.

So the PPP protocol will have to take care of authentication of the user and configuration of the machine that wants to connect to the internet. This is how that works :

The modem dials out to your ISP's number, a modem on the other side replies, they wistle to each other to agree on a transmission speed, then start exchanging packets.

Your computer sends a frame, an 'ethernet' frame, with inside it the PPP configuration request. This request may get rejected.


Frame 4 (21 bytes on wire, 21 bytes captured)
PPP Link Control Protocol
    Code: Configuration Reject (0x04)
    Identifier: 0x01

PPP Configuration requests pass back and forth, and get rejected, until one gets accepted (acknowledged) by the remote machine.

Frame 6 
Ethernet II, Src: 20:52:45:43:56:00, Dst: 20:52:45:43:56:00
PPP Link Control Protocol
    Code: Configuration Request (0x01)
    Identifier: 0x4d
    Length: 24
    Options: (20 bytes)
        Async Control Character Map: 0x000a0000 (DC1 (XON), DC3 (XOFF))
        Authentication protocol: 4 bytes
            Authentication protocol: Password Authentication Protocol (0xc023)
        Magic number: 0x437103ed
        Protocol field compression
        Address/control field compression

-------------------------------------------------------------------------------

Frame 8 
    Time relative to first packet: 0.904864000 seconds
Ethernet II, Src: 20:52:45:43:56:00, Dst: 20:52:45:43:56:00
    Type: PPP Link Control Protocol (0xc021)

	PPP Link Control Protocol
	    Code: Configuration Ack (0x02)
    

During the previous exchange, it has already been established that authentication would be by PAP - Pasword Authentication. An other Authentication protocol supported by PPP is CHAP - Challenge Handshake Authentication.

So with the following frames, the user password is sent, checked, and accepted.


Frame Number: 9
Ethernet II, Src: 20:53:45:4e:44:00, Dst: 20:53:45:4e:44:00
    Destination: 20:53:45:4e:44:00 (20:53:45:4e:44:00)
    Source: 20:53:45:4e:44:00 (20:53:45:4e:44:00)
    Type: PPP Password Authentication Protocol (0xc023)
PPP Password Authentication Protocol
    Code: Authenticate-Request (0x01)
    Identifier: 0x01
    Length: 32
    Data (28 bytes)
        Peer ID length: 21 bytes
            Peer-ID (21 bytes)
        Password length: 5 bytes
            Password (5 bytes)

Frame Number: 10
Ethernet II, Src: 20:52:45:43:56:00, Dst: 20:52:45:43:56:00
   	PPP Password Authentication Protocol
    	Code: Authenticate-Ack (0x02)
    	

After the user has been authenticated, PPP starts its support for IP (Internet Protocol).


Frame Number: 11
Ethernet II, Src: 20:53:45:4e:44:00, Dst: 20:53:45:4e:44:00
    Destination: 20:53:45:4e:44:00 (20:53:45:4e:44:00)
    Source: 20:53:45:4e:44:00 (20:53:45:4e:44:00)
    Type: PPP IP Control Protocol (0x8021)
PPP IP Control Protocol
    Code: Configuration Request (0x01)
    Identifier: 0x01
    Length: 34
    Options: (30 bytes)
        IP address: 0.0.0.0
        Primary DNS server IP address: 0.0.0.0
        Primary WINS server IP address: 0.0.0.0
        Secondary DNS server IP address: 0.0.0.0
        Secondary WINS server IP address: 0.0.0.0

This is the moment that IP¨addresses - the bottom of the TCP/IP model, just above the 'datalink' or 'host to network' layer where the PPP protocol works.

The remote machine offers a copuple of configurations, which are rejected, until an acceptable one is offered : (in this case : ) one that provides your machine with an IP address, and gives the IP addresses of the DNS server(s) as well.

Meanwhile, some negociations about compression are started.


Frame Number: 17
Ethernet II, Src: 20:52:45:43:56:00, Dst: 20:52:45:43:56:00
    Destination: 20:52:45:43:56:00 (20:52:45:43:56:00)
    Source: 20:52:45:43:56:00 (20:52:45:43:56:00)
    Type: PPP Link Control Protocol (0xc021)
PPP Link Control Protocol
    Code: Protocol Reject (0x08)
    Identifier: 0x4e
    Length: 21
    Rejected protocol: Compression Control Protocol (0x80fd)
    Rejected packet (15 bytes)
    PPP Compression Control Protocol
        Code: Configuration Request (0x01)
        Identifier: 0x01
        Length: 15
        Options: (11 bytes)
            Microsoft PPC: Supported Bits: 0x00000001
                .... .... .... .... .... .... .... ...1 = Desire to negotiate MPPC
                .... .... .... .... .... .... ...0 .... = Obsolete (should ALWAYS be 0)
                .... .... .... .... .... .... ..0. .... = 40-bit encryption OFF
                .... .... .... .... .... .... .0.. .... = 128-bit encryption OFF
                .... .... .... .... .... .... 0... .... = 56-bit encryption OFF
                .... ...0 .... .... .... .... .... .... = Stateless mode OFF
            Stac Electronics LZS
                History Count: 1
                Check Mode: Extended Mode (0x04)



Less then 2 seconds after the first frame was sent, you get your own IP address assigned to you, and your computer gets informed about the DNS servers it can use.


Frame Number: 20
Ethernet II, Src: 20:52:45:43:56:00, Dst: 20:52:45:43:56:00
    Destination: 20:52:45:43:56:00 (20:52:45:43:56:00)
    Source: 20:52:45:43:56:00 (20:52:45:43:56:00)
    Type: PPP IP Control Protocol (0x8021)
PPP IP Control Protocol
    Code: Configuration Ack (0x02)
    Identifier: 0x03
    Length: 22
    Options: (18 bytes)
        IP address: 62.235.232.53
        Primary DNS server IP address: 62.235.14.4
        Secondary DNS server IP address: 212.35.2.2

Basically, PPP's role is now played out, and it can make room for TCP/IP protocols

As with DHCP, an ARP message is broadcasted and ICMP (Internet Control Message Protocol) is used to find the default router on the network you've just connected to


Frame Number: 21
Ethernet II, Src: 44:45:53:54:00:00, Dst: ff:ff:ff:ff:ff:ff
    Type: ARP (0x0806)
Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: 44:45:53:54:00:00 (44:45:53:54:00:00)
    Sender IP address: 62.235.232.53 (62.235.232.53)
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 62.235.232.53 (62.235.232.53)

_________________________________

Frame Number: 22
    Packet Length: 42 bytes
    Capture Length: 42 bytes
Ethernet II, Src: 44:45:53:54:00:00, Dst: 01:00:5e:00:00:02
    Destination: 01:00:5e:00:00:02 (01:00:5e:00:00:02)
    Source: 44:45:53:54:00:00 (44:45:53:54:00:00)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 62.235.232.53 (62.235.232.53), Dst Addr: 224.0.0.2 (224.0.0.2)
  
	Internet Control Message Protocol
    		Type: 10 (Router solicitation)
    		Code: 0 
    		Checksum: 0xf5ff (correct)

As IP is now running, TCP and UDP, and the application protocols (HTTP, FTP, ...) kan do their thing until the connection is terminated :

Ethernet II, Src: 20:53:45:4e:44:00, Dst: 20:53:45:4e:44:00
PPP Link Control Protocol
    Code: Termination Request (0x05)
    Identifier: 0x03
    Length: 4

----------------

Ethernet II, Src: 20:52:45:43:56:00, Dst: 20:52:45:43:56:00
PPP Link Control Protocol
    Code: Termination Ack (0x06)
    Identifier: 0x03
    Length: 4


Koen Noens
July 2003