My ISP provides PPPOE based dialer where client dials using dialer. After authentication (PAP) computer is connected to internet.
When I try to view packets in wireshrk using filter "eth.dst == my_pppoe_access_concentrator_mac_address" . I don't see any packets.
Interesting thing is, I only see packets sent by my NIC to access concentrator (server).Why?
Why wireshark is not able to get packets sent by others to AC?
Best Answer
Ok so normally when I try to capture PPP traffic (to see if everything is ok PADI / PADO / PADR / PADS ) you use the following filter in wireshark:
In tcpdump it would be:
This will "normally" result if the mac address of the AC in the PADO and the PADS message.
If this doesn't work or shows up as you say it is then please answer the following questions:
Where is your trace captured (linux interface / tapping point in network / ...) ?
What is your end-goal to achieve? As I don't see any issues as authentication is successfull so why the need to troubleshoot?
Do you see your authenticate-ack (pap-code 2) from your ISP?
Is there any reason to assume the PPPOE based dialer has a custom PPPOE protocol implementation?