Talking About PPPoE

By on


The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames.

PPP is running in Network Access Layer, which can be used through either Wi-Fi or an Ethernet cable.

PPPoE Stages

  1. When a client wants to establish a PPPoE connection, it must send a broadcast packet to discover PPPoE servers, then select one. This process is called the PPPoE Discovery (PAD).
  2. When a server was chosen, the PPP session starts, LCP packets appear. The client and server start to negotiate, authentic, etc. Once these are done, the client will get an IP address and the radius server allows gateways to route for this client.

PAD Tags

Tags show up in PAD stage, they play a very important role.
This is a PAD Tag:

0000   01 01 00 00 01 03 00 08 00 bd a6 7c 80 ff ff ff
0010   01 02 00 1b 43 51 2d 4e 41 2d 4e 50 2d 42 41 53
0020   2d 31 2e 4d 41 4e 2e 4d 45 36 30 2d 58 31 36

Tags are shown as payload in PAD stage. 0x0101 is the Service-Name1 (See the first two bytes in line 0000), next two bytes 0x0000 tell its length is 0.
Then 0x01030008 means Host-Uniq, which has 8 bytes. Therefore the next 8 bytes are the value of this attribute.

Note that the Host-Uniq, generated by the client, must be the same in the whole PAD process.

Magic Number

The magic number in PPPoE protocol is used to check whether a loop appears.
The first time magic number appears is in the Configuration Request. Each Ack packet must have the same magic number from Request packet which you are acknowledging.
or you’ll get a Nak packet later.


  1. See Appendix A in RFC 2516 ↩︎