PPP Network Detection for OSPF Demand Circuit Validation
https://stackoverflow.com/questions/10386260
-
04-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am looking for a way to detect if any incoming or outgoing network traffic is PPP (Point to Point). Is there a way that I can sniff for this type of traffic using the pcap library?
The reason I need to know if the traffic is PPP to validate a certain condition. That condition is if the DC (Demand-Circuit) bit in the Options Field of OSPF is enabled, then PPP must be enabled for that network. Only point-to-point networks receive the full benefit of OSPF Demand-Circuits (RFC 1793).
Solution
"Point-to-point", in RFC 1793, doesn't refer to particular types of traffic, it refers to particular types of networks. All traffic on, for example, a serial line running the Point-To-Point Protocol, is "point-to-point traffic"; no traffic on an Ethernet is "point-to-point". Non-point-to-point traffic could be tunneled over a point-to-point network, and point-to-point traffic could be tunneled over a non-point-to-point network, but, in the case of a tunnel, there will often be a network interface (in the software sense, e.g. what ifconfig -a would list in most UN*X systems or ipconfig/all would list on Windows) for the tunneled traffic, in addition to a network interface for the lower-level network's adapter.
On most UN*Xes, you can use the SIOCGIFFLAGS ioctl to get the flags for a network interface, and one of those flags is the IFF_POINTOPOINT flag, which would indicate whether the network for that interface is a point-to-point network or not.
On Windows, I can't find an ioctl to get the flags for a specific interface, but the SIO_GET_INTERFACE_LIST Winsock ioctl will return an INTERFACE_INFO structure with an iiFlags member that includes the IFF_POINTOPOINT flag.
