A Method for Transmissing PPP Over Ethernet (PPPoE) (RFC2516)

Publication date : February 1999
RFC Author(s) : R.Wheeler, D.Simone, D. Carrel, J. Evarts, K. Lidl, L. Mamakos
Category : informational

The Point-to-point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links.

PPPoE has two differents stages, first one is PPP Discovery stage that contains four steps when a host discovers the MAC address of peer (Concentrator) and the PPPoE session ID.
In the fact, the Mac address and PPPoE_SESSION_ID uniquely define a ession.
The relationship between the peers is a simple client/server when a client asks server(Concentrator) for informations to establish
the session.

The Frame sent is a simple Ethernet frame where the ETHER_TYPE is set to either 0x8863 (Discovery Stage) or 0x8864 (PPP Session Stage).

Here is the Ethernet Payload for PPPoE:
[ VER:4 | TYPE:4 | CODE:8 | SESSION_ID:16 | LENGTH:16 | PAYLOAD:16 ]

Discovery Stage : Ethernet Frame have the ETHER_TYPE field set to 0x8863

1. Client to server: Initiation (PPPoE Active Discovery Initiation)
PADI:
* Host send a broadcast packet, with the code field set to 0x09
* The session id set to 0x0000

2. Server to client: Offer (PPPoE Active Disocvery Offer)
PADO:
* Access Concentrator reply to an unicast address, with code set to 0x07
* The session id set to 0x0000
* PADO packet contains AC-Name TAG, Service-Name TAG

3. Client to server: Request (PPPoE Active Discovery Request)
PADR:
* Host receive one or more PADO packet and has to choice one
* Choice is based on AC-Name or Services offred
* Host send one PADR packet to Concentrator
* Destination is the unicat Ethernet address of Cencentrator
* code field is set to 0x19 and session id is set to 0x0000

4. Server to client: Session-confirmation (PPPoE Active Discovery Session-confirmation)
PADS:
* When Access receive PADR it prepare to begin PPP session
* generate a unique session id
* reply with an unicat Ethernet address
* code field is set to 0x65
* contains exactly one TAG of TAG_TYPE Service-Name

5. Either end to other end: Termination (PADT)
* packet sent bu host or Access Concentrator
* session is established
* Destination address is unicast
* session is the SESSION_ID generated
* code field is set to 0xa7

Examples Using scapy:
1. PADI:
sendp(Ether(type=0x8863,src=”00:60:4c:72:e7:69″,dst=”ff:ff:ff:ff:ff:ff”)/PPPoED(code=0x09,sessionid=0x0000),iface=”nas0″)

PADO:
2. sendp(Ether(type=0x8863,src=”00:bf:12:fa:90:fd”, dst=”00:60:4c:72:e7:69″)/PPPoED(code=0x07,sessionid=0x0000),iface=”nas0″)

Advertisements

EtherIP: Tunneling Ethernet Frames in IP Datagrams (RFC3378)

Publication date : September 2002
RFC Author(s) : R.Housley, S.Hollenbeck
Category : informational

EtherIP protocol developed in 1991, and used to tunnel Ethernet and IEEE 802.3 media access control (MAC) frames (including IEEE 802.1Q [VLAN] datagrams) across an IP internet.

The EtherIP datagrams contains 16-bit header and a variable-length encapsulated Ethernet or IEEE 802.3 frame that immediately follows IP fields.

The 16-bit of EtherIP header contains two fields, the version 4-bit that must be set to 3 (0011) and 12-bit reserved reserved for future that have to be set to zero, for encapsulation and decapsulation operations. An IP datagram with a EtherIP header must set the IPv4 protocol to 97 (decimal).

The brigde-like station must listen for IP datagram that contains the protocol 97 and ignore the rest LAN frames. if this case it extract MAC from datagrams on the LAN and calculate the (FCS) frame check sequence even the IP checksum does not provide integrity protection for Ethernet/IEEE 802.3, and append the frame as part of data link layer.

One security consideration solution is to protect the IP datagram that carry EtherIP with IPsec [RFC2401].

Sending text message using AT command

Playing with my USB dongle that is a 3g modem, i felt the need to send message using this modem.
but i saw that it has no support to send message using AT command, well to check this use the AT+CSMS command before any shake.

In the case when you have a GSM/GPRS modem/mobile phone with full support of what we talk about before :
You can easily sending message using the great Kannel, or from scratch:
In this article we will focus on how to send message using AT command and we can resume this in five steps :
1. Initializing the modem
2. Setting SMSC
3. Storing the message into storage
4. Sending
5. Delete the message from storage

First of all, to interact with the device you need a serial tools like screen or may be minicom.
Well i recommend the use of screen when you work on pseudo devices :

Let’s connect to the device (ttyUSB0) using screen with a baud of 9600 :
$ screen /dev/ttyUSB0 9600

1. Send the initialize strings :
AT
OK
ATZ
OK

2. Define the service center address as follow and verify that it is correct:
AT+CSCA=”+85290000000″,145

145 means that we deal with formatted address using typical ISDN/telephony numbering plan
(ITU E.164/E.163) and it is an international number.

3. In the fact if you may send a text messages to +85291234567, write the message first to storage area, as like as:
AT+CMGW=”+85291234567″,145,”STO UNSENT”Hello world

4. And finally you can now send the message, referenced with it index:
AT+CMSS=3

You can also do this if you rather to send it to mutli destinations:
AT+CMSS=3,”91234567″
AT+CMSS=3,”97777777″
AT+CMSS=3,”96666666″

Lastly, delete the message from storage area.
5. AT+CMGD=3

To read the first message indexed with 1 :
AT+CMGR=1

Also if you need to play or list all the message in the storage
AT+CMGL=”ALL”


Great document about this can be found here