PPP Dial-Up Sequence

When a user dials in to a PPP-compatible server, three things happen:

  1. The Data Link Control Layer (HDLC) defines how data is encapsulated before transmission on the WAN. By providing a standard framing format, PPP ensures that various vendors' remote access solutions can communicate and distinguish data packets from each other. PPP uses HDLC framing for serial, ISDN, and X.25 data transfer.

    The PPP Data Link Control layer is a slightly modified version of the HDLC layer. The HDLC format, extensively used by IBM and others for synchronous data transfer, was modified by adding a 16-bit protocol field that allows PPP to multiplex traffic for several Network Control Protocol layers. This encapsulation frame has a 16-bit checksum, but the size of this field can be negotiated.

  2. Link Control Protocol (LCP) establishes, configures, and tests the integrity of the data-link connection. LCP also negotiates authentication and determines whether compression is enabled and which IP addresses will be used. When LCP negotiates authentication of protocols, it determines what level of security validation the remote access server can perform and what the server requires.

    LCP can negotiate with any of these authentication protocols:

    • Password Authentication Protocol (PAP) uses a two-way handshake for the peer to establish its identity. This handshake occurs only when the link is initially established. Using PAP, passwords are sent over the circuit in text format, which offers no protection from playback.
    • Shiva Password Authentication Protocol (SPAP) offers encryption of PAP passwords and Novell NetWare bindery access for user account information. When Windows 95 is set up for user-level security using a NetWare server account list, this is the security type used for remote access clients.
    • Challenge-Handshake Authentication Protocol (CHAP) periodically verifies the identity of the peer, using a three-way handshake. The authenticator sends a challenge message to the peer, which responds with a value using a one-way encryption. The authenticator then checks this response and, if the values match, the authentication is acknowledged; otherwise, the connection is ended. CHAP provides protection against playback attack, because the challenge value changes in every message. Because the password is never sent over the link, it is virtually impossible to learn it. CHAP allows different types of encryption algorithms to be used, such as DES (MS-CHAP) and MD5 (MD5-CHAP). Windows 95 doesn't support ongoing challenges with CHAP, but does implement MS-CHAP, as does Windows NT.
  3. Network Control Protocols establish and configure different network protocol parameters. The type of Network Control Protocol that PPP selects depends on which protocol (NetBEUI, TCP/IP, or IPX) is being used to establish the Dial-Up Networking connection. Windows 95 supports the following:
    • NetBIOS Frames Control Protocol (NBF CP) is used to configure, enable, and disable the NetBEUI protocol modules on both ends of the link. NBF CP is a Microsoft-proposed protocol for NetBEUI configuration. NBF CP is currently in "draft" status with the Internet Engineering Task Force (IETF). Windows 95 provides implementations for the current draft of NBF CP (as of March 1994).
    • Internet Protocol Control Protocol (IPCP), defined in RFC 1332, is used to configure, enable, and disable IP Protocol modules at both ends of the link.
    • Internet Packet eXchange Control Protocol (IPXCP), defined in RFC 1552, is used to configure, enable, and disable IPX protocol modules on both ends of the link. IPXCP is widely implemented by PPP vendors.