Hi, The short answer is: yes this is PPP.
The long answer is: With recent versions of WinPcap and Windows (don't ask details) it is possible to capture this stuff on a serial link (dialup conection). It is conviniently wrapped in a pseudo Ethernet header and handed to Wireshark to display. So you get to see PPP LCP, CHAP and NCP's for IP etc. And for the rest the datapackets as if they were send on an Ethernet link. Thanx, Jaap On Fri, 27 Oct 2006, Mosly Chang wrote: > Hi everyone!! > I have some question wireshark parsing. > When I try to understand PPP protocol,I find some material about it. > I can see it is Data Link layer protocol.,so I think it have no DA SA > compared to the most general packet format EthernetII. > It's frame format is " Flag + Address + Control + Protocol +Information > +FCS ". > The "Protocol" indicates what is the upper-layer protocol, such as IP, > IPX,LCP. > By this reasoning, I guess Wireshark cann't parse PPP protocol. > But I just try to find sample packet file in Wireshark Wiki > http://wiki.wireshark.org/SampleCaptures#head-5d1cb7d95d26641c61a5ba82ab7c0c76c08133e7 > I am Surprised that it have PPP file . > In PPPHandshake.cap > <http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=PPPHandshake.cap> > ,the first packet is the follow ing form: > ................ > EthernetII: > Destination :xxxxxxxxx > Source, xxxxxxxx > Type unknown (0xc223) > PPP Challenge Handshark Authenticaiton Protocol > Code: Failure(0x04) > Identifier:0x00 > Length:52 > ...... > > Is this PPP protocol???? Who knows about it ? > Thanks a lot!!! > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev