1 Aug 2001



PPP.com is supplied as a helpful tool to analyse PPP and Internet protocols.

It accesses the serial ports and display memory directly, and files using DOS.

There are no backdoors, and it is neither aware of, nor cares about any other operating system.

Obviously, you use it at your own risk!

Download PPP1V0.exe self-extracting zip file.




        1. Overview
        2. Function Key Commands
        3. Command Line Interpreter
        4. Forth Script Interpreter
        5. PPP character disturbance injector
        6. PPP packet disturbance injector
        7. Miscellaneous Commands
        8. Configuration Blocks
        9. Configuration Editor
        10. Packet echo timer
        11. PPP.cfg Configuration File



PPP.com is the latest version of a generic communications protocol debug package supplied freely by Inventio Software Ltd. You may use it and its source code for non-commercial purposes.

PPP.com is a PC/DOS based program to analyse, display and create PPP and Internet protocols. PPP.com is the current evolution of a general purpose scripting environment, adapted to the Point to Point Protocol. Currently it can open a PPP connection to an ISP and send ICMP, UDP or TCP packets to any IP address on the Internet. PPP.com has not been optimised for program size, as it is a 16 bit Forth program, and nearly fills up the maximum 63K bytes allowed for a .com program. This includes 4K of help text, roughly 3K of protocol descriptor text, an editor, 8086 assembler and Forth compiler. It supports five tasks, two of which monitor PPP and IP packets on each of COM1 and COM2 serial ports. 

PPP.com allows a user to interact with PPP packets and the Point to Point Protocol.

It requires the COM1 serial port ( and COM2 if used ) to be at the default I/O address and interrupt.

COM1 must be at 0x3F8 and interrupt 0x0C [ 4 on PIC 2 ] , COM2 at 0x2F8 and interrupt 0x0B [ 3 on PIC 2 ].

PPP packets may be viewed on either COM1, COM2 or both ( displayed in different colours ) .

PPP packets may be constructed and outputted to either COM1 or COM2.

PPP configuration parameters may be setup and a PPP link opened, and the following packets may be sent and/or displayed LCP, PAP, CHAP, IPCP, IP, UDP and TCP.

Address and Control Field Compression ( ACFC ) and Protocol Field Compression ( PFC ) are supported for received PPP packets ( whether negotiated or not ). Van Jacobson TCP header compression is supported for received packets.

IP fragmentation is supported for UDP output, but reassembly is not performed on received UDP fragments ( each fragment is displayed ).

TCP has only minimal support : TCP packets are displayed, and a TCP packet may be sent, but the timing and retry parts of the protocol are not fully implemented yet.

The program can also be configured to corrupt the serial data stream between COM1 and COM2 by adding, removing or changing characters. or packets


Function Key Commands

Note : controlBreak will usually restart a halted program

F4 will reset the configuration and restart the program.

The PC's function keys are set to perform the following actions :

F1 displays the Help text. Use N <cr> and B <cr> to view the help text. The file PPP.src must be in the same directory as PPP.com.

shiftF1 lists the PPP code numbers and names.

F2 starts opening a PPP link, you will only need this if the other PPP peer has not done this already.

shiftF2 displays the current state of all PPP options, including negotiated values. The remote PPP peer's values are referred to as "her". The local PPP peer's values are referred to as "my". The ACCM is shared and is therefore called "our" ACCM.

F3 closes the PPP link.

shiftF3 starts a background task which sends a PING every second.

F4 is the master reset and loads the configuration blocks.

shiftF4 edits the configuration blocks. See CONFIG below for details.

F5 selects "View only mode" . No acks or requests are sent.

shiftF5 selects "View +Ack mode" . No requests are sent, but acks are returned when requests are received.

F6 enables dumb terminal mode. All bytes received on the COM1 serial port are displayed on the console screen, all keyboard keys are sent to the COM1 serial port.

shiftF6 enables dumb terminal "hex" mode : as dumb terminal mode, except that all received bytes are displayed in hex. A PPP flag character ( 0x7E ) causes a new line to be displayed, to make packets easier to read.

F7 sends an ICMP "ping" message.

shiftF7 sets the PPP link into "open" state and sends a test UDP packet.

See U1 below.

F8 ( plus typing Y ) will exit the program.

shiftF8 executes the Forth script in the entered block number

F9 monitors packets on COM1, displaying them in ASCII,

shiftF9 monitors packets on COM1, displaying them in hex

F10 Stops all background tasks - this will stop the Monitor programs from updating the screen

shiftF10 Monitors both ports. COM1 is displayed in the default white-on-black, COM2 uses purple on black.

Alternate F10 and shiftF10 to stop/start the monitoring.


Command Line Interpreter

Most commands are executed by one or more background tasks, the exceptions being TTY1 , TTY2 , BOTH and DISTURB which require keyboard input and so are run in the main OPERATOR task.

To stop all background tasks press F10 or type \TASKS .

Commands may be entered while background tasks are active in order to change parameters or functionality.

The function keys simply execute the functions specified in block 779.

Pressing F9 executes the function K9 which calls BOTH . Typing BOTH has the same effect.

Note that the function keys are named K1 , K2... K0 avoid confusion with the hexadecimal values F1, F2... F0. K0 is function key F10

Commands must be in UPPERCASE and are entered by pressing Enter.

123 NUM sets up 123 byte packets

U1 sends a UDP fragment 0 packet with a 123 byte payload

P1 sends 123 'X' characters with a PPP Flag character before and after

UN repeats U1

PN repeats P1

\TASKS stops UN or PN

HH kick starts UN or PN if no packet is received.

Any command which sends an IP packet ( TEST_IP , PING etc ) will attempt to open the PPP link if it is not already open, except U1 and UN which force the local end of the link state to "open". This is useful if PPP.com has been reset ( by pressing F4 for example ) and you would like to send a packet to the other PPP peer without renegotiating PPP.

BOTH and BOTHX give a dump of characters received on both COM1 and COM2 serial ports in ASCII or hexadecimal respectively.

See F9 and shiftF9 above.

Forth Script Interpreter

Pressing shiftF8 or typing SELECT and entering in a number from 0 to 99 will run the Forth script in the corresponding block. In the file PPP.cfg.

Entering 0 will execute the script in block 1800, 1 will execute the script in block 1801 etc.

i.e. the entered number is the offset in blocks in the file PPP.cfg which is mapped to start at block 1800.

The Forth scripts in the file PPP.cfg are currently set to dial out to WAP sites.

Type 1800 QX lists the top line of the first 60 scripts. NX shows the next 60.

For example : shiftF8 and entering 85 <cr> will execute the script in block 1885, which will dial up a modem and initiate a PPP connection.

Type 1885 LIST to view and edit the script

Any valid Forth source can be put into the PPP.cfg scripts.


PPP character disturbance injector

DISTURB runs the PPP character disturbance injector

COM1 and COM2 are connected straight through ( note that there is a one character delay in each direction ). Use a null modem cable on one of the serial ports to create a "virtual cable".

Pressing 1 will remove the next character received on COM1, and will not send it out of COM2. Press 2 to add a random character into the byte stream coming out of COM2. Press 3 to bit-wise invert the next character received on COM1 before sending it out of COM2. Press R to start a random selection of these disturbances, press S to stop it.

The PC must have COM1 and COM2 at the default I/O addresses and interrupts :

COM1 hex 3F8 interrupt hex 0C ( 4 on PIC 2 )

COM2 hex 2F8 interrupt hex 0B ( 3 on PIC 2 )

Several of the system option values may be changed, shiftF2 displays them :

OUT indicates that the option will be included in the Configure Request sent to the other PPP peer.

IN indicates that this option will be accepted in a Configure Request received from the other PPP peer.


PPP packet disturbance injector

PPPDIST runs the PPP packet disturbance injector.

COM1 and COM2 are connected straight through ( note that there is a one character delay in each direction ). See DISTURB above.

With the phone connected to COM2 and the PPP peer to COM1, PPP configure-ack packets ( except CHAP ) and CHAP success packets when received on COM1 are optionally not transmitted on COM2.

This allows the phone's timeout and retry to be tested.

A variable is set up for each packet type as follows :

3 LCP_RXD# !

2 PAP_RXD# !


2 CCP_RXD# !


3 ALL sets up all of the variables to the same value ( 3 in this case )

.ALL displays the variables' values.

The value in each variable gives the number of configure-ack packets that will be discarded. For example :


will cause the next three LCP configure-ack packets to be discarded.

Normal operation will be resumed on the fourth configure-ack.

The file PPPinj.com is a version of PPP.com with


in block 3 of the configuration blocks.

Press shiftF4 and PageUp 3 times to view or edit this.


Miscellaneous Commands

+PAP adds the PAP option to the LCP configure request sent to the other PPP peer. -PAP turns it off again.

+MRU adds the MRU option to the LCP configure request sent to the other PPP peer. -MRU turns it off again.

HEX IP! changes our IP address to decimal

DECIMAL IP= IP! parses the number and sets our IP address

      1. IP! sets our IP address to zero. This will request the other PPP peer to give us our IP address.

PHONE sets up options the same as the phone ( IP address 0 , -PAP ).

HEX 0A00000. ACCM! sets our ACCM with bits hex 11 and 13 on ( XON and XOFF ).

DECIMAL 1000 MRU! sets our MRU to 1000

HEX 12345678. MAGIC#! sets our magic number

Press shiftF2 to display the results of these changes

Press F4 to reset all values to their defaults.

Values labled "HER_XXX" refer to the other PPP peer's values which we now know. A value of 0 means not set.

OUR_ACCM refers to the ACCM agreed between both PPP peers, the OR'd value of each peer's ACCM.

After the system values have been changed press F2 to re-negotiate using them. Do not press F4 because this will reset the default values.


Configuration Blocks

Pressing F4 or typing RUN restarts the program and loads the system configuration.

The system configuration is set up by editing the configuration "blocks".

These are four 1K byte arrays in the file PPP.com ( or PPPinj.com ) which are Forth "blocks", and contain Forth source code or script.

Note : this Forth is 8086 polyForth and is case-sensitive.

For more information on Forth, go to www.Forth.com , www.Forth.org, or follow the links at www.inventio.co.uk.

In order to understand the content of the configuration blocks you will need to understand Forth, so here is a tutorial :

Forth functions are called words and are ASCII strings bounded by spaces.

When the configuration blocks are loaded the text they contain is interpreted by executing each Forth word in turn in the order that they appear in the block. This is equivalent to typing each word in turn and pressing Enter.

A word may take parameters from the parameter stack. Parameters are put on the parameter stack either by preceding Forth words or by strings containing only numeric characters or the characters . , + - which are interpreted as literals. Numbers containing . , + are interpreted as 32 bit doubles, otherwise as 16 bit values. The number base is globally defined by HEX or DECIMAL . To see the current values on the parameter stack type .S

Examples :

DECIMAL 115,200. BAUD \ sets the default baud rate to 115,200.

Note that the number must contain either . or , to make it a 32 bit double, required by BAUD .


\ IP= parses the following text and leaves the 32 bit IP address on the stack

\ HER_IP_DEFAULT is a double variable

\ 2! stores the 32 bit double into the variable

4445 HER_PORT !

\ as above, but HER_PORT is a 16 bit variable, so ! must be used

Note that the number must not contain . or , otherwise it will be interpreted as a double and put two 16 bit values on the stack.

LOC HER_PORT \ displays the source code for HER_PORT

This requires PPP.src to be in the same directory as PPP.com

Note that LOC ! will display "Can't" because ! is a Forth system word and the source is not public domain. See the Web sites listed above for books and information on Forth. Q shows the documentation block or source block.


Configuration Editor

Typing CONFIG or pressing shiftF4 displays the first of four configuration screens, so that the default configuration can be changed.

These blocks are part of the file PPP.com ( or PPPinj.com ) , so that it is completely self-contained. The file PPP.src contains the source code for PPP.com and the Help text displayed by F1.

The editor is described in any polyForth or chipForth manual, or in the book "Starting Forth" by Leo Brodie.


Press F1 , then B <cr> to see the editor help screen :


892 Ext= 64

0 ( Command line block editor help screen )

1 Block actions : UNDO to undo, FLUSH to save

2 123 LIST \ lists block 123

3 N \ lists the Next block = 124

4 B \ goes Back one block = 122 ( from block 123 )

5 Line actions :

6 5 T \ highlights line 5 for editing

7 X \ deletes the highlighted line 5 and saves it for :

8 P \ Puts the saved line over the highlighted line

9 P some text \ Puts "some text" over the highlighted line

10 U \ acts like P , but puts Under the highlighted line

11 String actions :

12 F this \ Finds and highlights next instance of "this" text

13 E \ Erases "this" highighted text. D does both F and E

14 I that \ Inserts "that" text. R does both E and I

15 K \ swaps "this" and "that" buffers ok


Packet echo timer

Type 1472 PET to run the Packet Echo Timer.

This will send one UDP packet with 1472 bytes of ASCII 'U' payload, then echo back any received packets as UDP packets with the same payload. ( This is the maximum for an MRU of 1500, allowing for 20 bytes of IP header and 8 bytes of UDP header ).

It displays the time before and after, and difference in seconds, and the number of bytes ( raw characters ) sent.

This may be used to time the PPP peers stack for various packet sizes and fragmentations.


PPP.cfg Configuration File

In order to allow different configurations to be used, the file PPP.cfg contains eight 8 block configuration options. This is intended for future functionality.





loads configuration 0 , 1 .... 7


edits the first block of option 3.


Please give feedback and bug reports to Howerd Oakford :