The second experiment was performed.
Hardware.
[1] <---> [2] <---> [3] <---> [4] <---> [5]
|
|
[6]
[1] NTE5/A and SSFP.
[2] Huawei HG610.
[3] Firebrick FB105.
[4] ZyXEL VMG1312-B10A.
[5] Computer requiring normal Internet access.
[6] Computer to perform the Wireshark package capture.
The Huawei HG610 was configured to be a VDSL2/PTM endpoint. (The HG610 was given a 192.168.1.1 IPv4 address.)
The Firebrick FB105 was configured so that Port 1 (the first port on the trusted side of the firewall) was monitored by Port 4 (the fourth port on the trusted side of the firewall). Port 4 was configured with all normal I/O disabled. (The FB105 was left with its default, "stealth", 217.169.0.1 IPv4 address.)
The ZyXEL VMG1312-B10A had its LAN4 port configured as an EWAN port. The EWAN port was configured for IPoE, with its DHCP Option 60 string set as "No_TalkTalk_Back_Door", and as the VLAN (tagged 101) endpoint. The LAN-side DHCP server was disabled, along with all the other frivolous configuration options. (The VMG1312-B10A was given a 192.168.0.254 IPv4 address.)
The computer requiring normal Internet access was running minimalist configured RHEL7 as OS with a Linux-5.17.1 kernel. (It was given a 192.168.0.10 IPv4 address.)
The computer running the Wireshark (v3.6.3) package capture was given a 192.168.0.60 IPv4 address and had no gateway nor DNS server defined.
Endpoints.The HG610 was my VDSL2/PTM endpoint with a Huawei MA5603T, in a
cabinet (associated with EABSE P28), as it peer.
The VMG1312-B10A was my VLAN (tagged 101) endpoint but
where is its peer? The OLT? The MA5603T?
Cables and Ports.An Ethernet patch cable linked the LAN1 port of the HG610 to the LAN1 port of the FB105.
An Ethernet patch cable linked the LAN2 port of the FB105 to the EWAN port of the VMG1312-B10A.
An Ethernet patch cable linked the LAN1 port of the VMG1312-B10A to the computer requiring normal Internet access.
An Ethernet patch cable linked the LAN4 port of the FB105 to the computer performing the Wireshark packet capture.
Procedure.The FB105 was powered on. (It performed its usual "cycling of lights", as a "look at me", whilst waiting for other devices to become active.)
A Wireshark packet capture was started.
The HG610 was powered on and achieved synchronisation with the DSLAM. Frames 1 to 54 were captured.
After approximately five minutes frame 55 was captured.
The VMG1312-B10A was powered on. Frames 56 to 64 were captured.
Following the establishment of the IPoE session, frames 65 to 118 were captured.
Frame 119 & onwards followed the boot of the RHEL7 system.
Having logged into the RHEL7 system, a "ping -c10 kitz.co.uk" command was issued and the process was observed in frame 297 & onwards.
The Wireshark capture was terminated after frame 380.
Observations from the Wireshark Capture.A display filter of
!vlan showed that frames 1 to 52, 54 to 57, 61 & 117 matched.
A display filter of
vlan showed that frames 53, 58 to 60, 62 to 116 & 118 to 380 matched.
A display filter of
!vlan && dhcp showed nothing.
A display filter of
vlan && dhcp showed that frames 58 to 60, 62, 148 to 157, 359 & 360 matched.
A display filter of
dhcp showed that frames 58 to 60, 62, 148 to 157, 359 & 360 matched, as expected by sight of the above.
Concluding Comments.There are many other details that can be teased out of the capture with the application of appropriate display filters. For example, the synchronisation of the computer clock with an NTP server.
To my eye, there is nothing outstanding nor confidential. In view of the latter two words, the Wireshark capture can be provided to anyone who is interested in taking a look. Just send me a PM, detailing an e-mail address to which the approx. 62kB capture file (pcapng format) may be sent . . .