pppoe-sniff

pppoe-sniff [-I <interface>] [-T <timeout>] [-V]

-I interface
    Specifies the network interface to sniff on. For example, eth0 or enp0s3. If not specified, pppoe-sniff defaults to eth0.

-T timeout
    Sets the maximum time in seconds to sniff for packets. The command will exit after this duration. Default is 30 seconds.

-V
    Prints the version number of pppoe-sniff and exits immediately.

The pppoe-sniff command is a utility designed to detect PPPoE Access Concentrators (ACs) on a local network segment. It passively listens for PPPoE Active Discovery (PAD) packets, specifically PADO (PPPoE Active Discovery Offer) packets, which are sent by ACs in response to PADI (PPPoE Active Discovery Initiation) packets from clients.

This tool is invaluable for diagnosing PPPoE connection issues, identifying available ACs, and determining their MAC addresses, service names, and AC names. It operates by putting the specified network interface into promiscuous mode to capture all relevant PPPoE discovery traffic. By observing these packets, administrators can verify the presence and responsiveness of ACs, which is crucial for establishing a PPPoE connection.

pppoe-sniff requires root privileges to operate, as it needs to put the network interface into promiscuous mode and capture raw network packets. It only sniffs for discovery packets (PADI, PADO, PADR, PADS, PADT) and does not participate in the PPPoE session establishment itself. It relies on existing network traffic or active PPPoE client attempts (which would send PADI packets) to observe AC offers. If no clients are initiating discovery, it might not see any PADO packets unless ACs are configured to periodically send unsolicited offers (which is uncommon).

To sniff on the eth0 interface for 60 seconds:
sudo pppoe-sniff -I eth0 -T 60

To simply check for any ACs on the default interface for 30 seconds:
sudo pppoe-sniff

When pppoe-sniff detects an Access Concentrator, it typically outputs information like the MAC address of the AC, the AC name (if provided), and the service name (if provided) associated with the offer. This information is crucial for configuring a PPPoE client to connect to a specific AC or service.

The pppoe-sniff utility is part of the rp-pppoe (Roaring Penguin PPPoE) client package, which has been a staple PPPoE client implementation for Linux and other Unix-like operating systems since the early 2000s. Developed to provide robust PPPoE connectivity, the rp-pppoe suite includes various tools for managing PPPoE sessions, and pppoe-sniff was included as a diagnostic aid for troubleshooting and discovering PPPoE access concentrators. Its design reflects the simplicity and directness typical of Unix command-line utilities.

pppoe(8), pppoe-start(8), pppoe-stop(8), tcpdump(1), wireshark(1)