Welcome!

Welcome to the home page of Charles N Wyble. Charles is a 24 year old systems guy, hacker and entrepreneur currently living in El Monte CA, with his wife of 3 years.

He is currently employed as a system engineer for Ripple TV with responsibility for a nation wide advertising network.

In his spare time he serves as Chief Technology Officer for the SoCalWiFI.net project, runs a hacker space in the San Gabriel Valley and tries to save the local economy.


Tuesday, June 17, 2008

Everything you wanted to know about AT&T DSL in SoCal but were afraid of violating your TOS. :)

So over the past week or so I have done a couple posts regarding my DSL modem and hacking local peers etc. (Yes a little internal link love.)

I analyzed the technician readout and now am going to analyze the connection log.

Step 1. Clear the log.

Step 2. Disconnect / reconnect (via the management interface)
Below find the log entries and my analysis

2008/06/17 17:22:49 GMT | L3 | PPPOE: Sending PADT packet for PPP , Session 0x00ec is closed

Hmmm..

So PPPoE is PPP over ethernet. What is PADT?
From the PPPoE article:

PADT

PADT stands for PPPoE Active Discovery Termination.
This packet terminates the connection to the POP. It may be sent from either the user's computer or from the DSL-AC.


So what is PPPoE Active Discovery? From the PPPoE article:

If a user wants to dial up to the Internet using DSL, then his computer
first must find the DSL access concentrator (DSL-AC) at the
user's Internet service provider's point of presence (POP).
Communication over Ethernet is only possible via MAC addresses.
As the computer does not know the MAC address of the DSL-AC,
it sends out a PADI packet via an Ethernet broadcast (MAC: ff:ff:ff:ff:ff:ff).
This PADI packet contains the MAC address of the computer sending it.


2008/06/17 17:22:49 GMT | L4 | RFC1483-1 up

RFC1483 is Multiprotocol Encapsulation over ATM Adaptation Layer 5


2008/06/17 17:22:52 GMT | L3 | Service-Name=ANY
2008/06/17 17:22:52 GMT | L3 | Host-Uniq 0000000A

Not sure what those mean. Searching for atm service name returns a Juniper link, which mentions
PPPoE service names. Searching for PPPoE service names returns a link to
IBM Websphere documentation

Very interesting.


2008/06/17 17:22:52 GMT | L3 | AC-Name=90084030600402-rback39.irvnca

Hmmm. What is AC-Name? It's mentioned in the PPPoE wikipedia article:

PADO stands for PPPoE Active Discovery Offer.
Once the user's computer has sent the PADI packet, the DSL-AC replies with a PADO packet, using the MAC address supplied in the PADI. The PADO packet contains the MAC address of the DSL-AC, its name (e.g. LEIX11-erx for the T-Com DSL-AC in Leipzig) and the name of the service. If more than one POP's DSL-AC replies with a PADO packet, the user's computer selects the DSL-AC for a particular POP using the supplied name or service.


Interesting. So SBC replies back with the AC name

AC-Name=90084030600402-rback39.irvnca

so perhaps different services (such as business class etc) reply back with different AC names. Very interesting.


2008/06/17 17:22:52 GMT | L3 |  Service-Name=ANY
2008/06/17 17:22:52 GMT | L3 | lcp: LCP Send Config-Request+

Link control protocol

2008/06/17 17:22:52 GMT | L3 | MRU 0x5d4+ MAGIC 0x1bfb4dd2+

This appears to be the maxiumum receive unit per the RFC.

2008/06/17 17:22:52 GMT | L3 | lcp: LCP Recv Config-Req:+
2008/06/17 17:22:52 GMT | L3 | MRU(1492) (ACK) AUTHTYPE(c023) (PAP) (ACK) MAGICNUMBER
2008/06/17 17:22:52 GMT | L3 | (3fddc36) (ACK)
2008/06/17 17:22:52 GMT | L3 | lcp: returning Configure-Ack
2008/06/17 17:22:54 GMT | L3 | pap: received Authenticate-Ack, id 1
2008/06/17 17:22:54 GMT | L3 | pap: Remote message:


This is most likely the password authentication protocol.


2008/06/17 17:22:54 GMT | L3 | ipcp: IPCP Config-Request+
2008/06/17 17:22:54 GMT | L3 | ADDR(0x0) DNS(0x0) DNS2(0x0) WINS(0x0) WINS2(0x0)
2008/06/17 17:22:54 GMT | L3 | ipcp: IPCP Recv Config-Req:+
2008/06/17 17:22:54 GMT | L3 | ADDR(75.19.47.254) (ACK)
2008/06/17 17:22:54 GMT | L3 | ipcp: returning Configure-ACK
2008/06/17 17:22:54 GMT | L3 | ipcp: IPCP Config-Request+
2008/06/17 17:22:54 GMT | L3 | ADDR(0x0) DNS(0x0) DNS2(0x0)

This is receiving the DSL server information. (Current DSL servers are:

DNS Servers 68.94.156.1 dnsr1.sbcglobal.net
68.94.157.1 dnsr2.sbcglobal.net


2008/06/17 17:22:54 GMT | L3 | ipcp: IPCP Config-Request+

IPCP is the Internet Protocol Control Protocol (theres a mouthfull for ya)

2008/06/17 17:22:54 GMT | L3 | ADDR(0x4b132492) DNS(0x445e9c01) DNS2(0x445e9d01)


2008/06/17 17:22:54 GMT | L3 | ipcp: negotiated remote IP address 75.19.47.254

This is the address of the DSLAM (card).

2008/06/17 17:22:54 GMT | L3 | ipcp: negotiated IP address 75.19.36.146

This is my WAN address. I'm in the process of writing some scripts to pull the log off on a regular
basis and keep track of my IP address and how often it changes and when it changes. I took
a snapshot of the changes over the past few days.

2008/06/17 17:22:54 GMT | L3 | ipcp: negotiated TCP hdr commpression off

Hmmm. Maybe I want TCP hdr compression. Why does it negoiate it to be off?



So that's all for now. I need to learn more. For example evidently the DSL modem learns the speed
of the line. I need to figure out how to get it to relearn. Reboot and soft disconnect/reconnect doesn't
seem to do it.

No comments: