RARP - Reverse Address Resolution Protocol =============================================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is RARP?** RARP stands for Reverse Address Resolution Protocol. It is a network protocol used by a device to discover its own IP address when it only knows its MAC (hardware) address. It’s essentially the reverse of ARP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is RARP useful?** * RARP was useful in early networked systems where: * Devices (like diskless workstations) did not have permanent storage to save their IP address. * They needed to request their IP address from a RARP server at boot time. * It allowed automatic IP assignment based on the device’s MAC address. * RARP is now largely obsolete and has been replaced by more flexible protocols like BOOTP and DHCP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * Device boots up – It knows its MAC address but not its IP address. * Sends RARP request – A broadcast message is sent asking, “What is my IP address?”. * RARP server responds – The server looks up the MAC address in a table and replies with the corresponding IP address. * Device configures itself – It uses the received IP address to join the network. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is RARP used?** * Diskless workstations – Early computers that booted over the network. * Embedded systems – Devices that needed to get an IP address without user configuration. * Legacy networks – Before DHCP became the standard. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * It uses MAC addresses to identify devices. * It works below the IP layer, helping devices obtain their IP address. * Like ARP, it uses Ethernet frames for communication, not IP packets. * Therefore, RARP belongs to the Data Link Layer (Layer 2) of the OSI model. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS RARP windows specific?** * No, RARP is **not Windows-specific**. * It is an older, vendor-neutral protocol. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS RARP Linux Specific?** * No, RARP is **not Linux-specific**. * It has been supported on various operating systems historically. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by RARP?** * RARP operates directly over the Ethernet protocol. * It does **not use TCP or UDP**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by RARP?** * RARP does **not use any port numbers** as it runs directly over Ethernet frames. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is RARP using Client server model?** * Yes, RARP uses a **client-server model**. * The client broadcasts a request to get its IP address from a RARP server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`RARP Version&RFC Details ` * :ref:`RARP Basic Setup on Ubuntu using IPv4 ` * :ref:`RARP Protocol Packet Details ` * :ref:`RARP Usecases ` * :ref:`RARP Basic Features ` * :ref:`RARP Feature : MAC to IP resolution ` * :ref:`RARP Feature : Data Link Layer ` * :ref:`RARP Feature : Statless Protocol ` * :ref:`RARP Feature : Broadcast based Req ` * :ref:`RARP Feature : Server Dependent ` * :ref:`RARP Feature : Limited to IPv4 ` * :ref:`RARP Feature : No Support for Dynamic Allocation ` * :ref:`Reference links ` .. _RARP_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _RARP_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _RARP_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _RARP_step5: .. tab-set:: .. tab-item:: RARP Version&RFC Details .. csv-table:: :file: ./RARP/rarp_rfc_details.csv :widths: 10,10,10,30 :header-rows: 1 .. _RARP_step19: .. tab-set:: .. tab-item:: RARP Basic Setup on Ubuntu using IPv4 **TESTCASE: Successful RARP Request** * To send a valid RARP request from an active client interface with a known MAC address and confirm successful IP assignment by the RARP server. .. note:: - A RARP server must be installed and configured on the same network as the client. - Both client and server should use the same interface name (e.g., `enp0s8`). - MAC and IP mappings must be correctly defined on the server. * Step-1 : Install RARP server on the server machine .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install rarpd * Step-2 : Edit `/etc/ethers` on the server .. code-block:: shell test:~$ sudo nano /etc/ethers 08:00:27:3a:03:ca client .. note:: - `08:00:27:3a:03:ca` is the MAC address of the client machine. - `client` is the hostname that will be resolved to an IP. * Step-3 : Edit `/etc/hosts` on the server .. code-block:: shell test:~$ sudo nano /etc/hosts 192.168.0.29 client .. note:: - `192.168.0.29` is the IP address to assign to the client. * Step-4 : Check RARP server status .. code-block:: shell test:~$ sudo systemctl status rarpd * Step-5 : Download source code of RARP client :download:`Download source code of RARP client ` * Step-6 : Compile the RARP client on the client machine .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-7 : Send the RARP request from the client .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 .. note:: - `enp0s8` is the active client interface name. - The interface name must be consistent on both client and server. * Step-8 : Capture the Wireshark packets during the RARP request * Step-9 : Expected client output .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 RARP request sent successfully from interface enp0s8 (MAC: 08:00:27:3a:03:ca) Waiting for RARP reply... RARP reply received! IP address assigned: 192.168.0.129 * Step-10 : Wireshark capture :download:`Download Wireshark capture ` **TESTCASE: Invalid Interface Name** * To verify that the RARP client returns a proper error when a non-existent or incorrect interface name is provided. .. note:: - This test validates how the client handles configuration errors like misspelled or non-existent interface names. - No packets will be generated or sent on the network. * Step-1 : Ensure you have the RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Attempt to run the RARP client with an invalid interface name .. code-block:: shell test:~$ sudo ./send_rarp_request enps08 * Step-4 : Expected output .. code-block:: shell Error getting interface index (SIOCGIFINDEX): No such device .. note:: - `enps08` is an invalid or non-existent network interface name. - The client should return a clear error message without crashing or hanging. * Step-5 : Wireshark capture (optional) - Since the interface doesn't exist, no packets will be sent. - Wireshark will show no activity for this test. :download:`Download Wireshark capture ` **TESTCASE: No RARP Reply Received** * To verify that the RARP client correctly handles timeout scenarios when no RARP server responds. .. note:: - This test simulates the absence of a RARP server on the network. - The client should gracefully timeout and report that no reply was received. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Ensure there is **no RARP server running** on the network .. note:: - Stop or disable the RARP server if it was running: .. code-block:: shell test:~$ sudo systemctl stop rarpd * Step-4 : Run the RARP client .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 * Step-5 : Expected output .. code-block:: shell RARP request sent successfully from interface enp0s8 (MAC: 08:00:27:3a:03:ca) Waiting for RARP reply... Timeout: No RARP reply received. .. note:: * The client will broadcast the RARP request. * Since no server is available, no reply is received within the timeout window. * The program should not crash and must provide a clear message. * Step-6 : Wireshark capture :download:`Download Wireshark capture ` .. note:: * You will observe only the **RARP Request** frame; no RARP Reply will follow. **TESTCASE: Run Without Sudo (Socket Error)** * To verify that the RARP client fails gracefully when not run with elevated privileges. .. note:: - Raw sockets require root privileges. - Running without `sudo` should result in a permission error, not a crash. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Run the RARP client **without** sudo .. code-block:: shell test:~$ ./send_rarp_request enp0s8 * Step-4 : Expected output .. code-block:: shell Error creating socket. Ensure you run with sudo!: Operation not permitted .. note:: - The program should clearly instruct the user that elevated permissions are required. - This is normal behavior for applications using raw sockets. * Step-5 : Wireshark capture :download:`Download Wireshark capture ` .. note:: * No packets will be generated. * Wireshark will show **no activity**, since the socket creation itself failed. **TESTCASE: IP Address Flushed Before RARP** * To verify that the RARP client can correctly obtain an IP address after the existing address on the interface is removed. .. note:: - Flushing the IP address ensures the interface has no assigned IPv4 address before running RARP. - This test confirms that the RARP reply properly assigns an IP to the client. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Flush existing IP address on the interface .. code-block:: shell test:~$ sudo ip addr flush dev enp0s8 * Step-4 : Confirm no IPv4 address exists .. code-block:: shell test:~$ ip addr show dev enp0s8 .. note:: - The output should show `inet` is missing, confirming no IPv4 address. * Step-5 : Run the RARP client .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 * Step-6 : Expected output .. code-block:: shell RARP request sent successfully from interface enp0s8 (MAC: 08:00:27:3a:03:ca) Waiting for RARP reply... RARP reply received! IP address assigned: 192.168.0.129 .. note:: - The client successfully receives an IP address from the RARP server. - This demonstrates correct RARP behavior when the interface starts with no IP. * Step-7 : Wireshark capture :download:`Download Wireshark capture ` .. note:: - You should see both a **RARP Request** and **RARP Reply**. * Step-8 : (Optional) Manually assign the IP address if it is not automatically assigned by the RARP client .. code-block:: shell test:~$ sudo ip addr add 192.168.0.129/24 dev enp0s8 .. note:: - This command assigns the IP address ``192.168.0.129`` to the interface ``enp0s8``. - Use this step only if the IP is not automatically assigned by the RARP client. **TESTCASE: RARP Request on Multiple Interfaces** * To verify RARP request behavior on two different interfaces: one receiving a reply and the other timing out due to no reply. .. note:: - Both interfaces must exist on the client machine. - The RARP server should be configured to respond only to known MACs. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Send RARP request on interface `enp0s8` (expected to succeed) .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 * Step-4 : Expected output for `enp0s8` .. code-block:: shell RARP request sent successfully from interface enp0s8 (MAC: 08:00:27:3a:03:ca) Waiting for RARP reply... RARP reply received! IP address assigned: 192.168.0.129 * Step-5 : Send RARP request on interface `enp0s3` (expected to timeout) .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s3 * Step-6 : Expected output for `enp0s3` .. code-block:: shell RARP request sent successfully from interface enp0s3 (MAC: 08:00:27:65:45:e8) Waiting for RARP reply... Timeout: No RARP reply received. .. note:: - Interface `enp0s8` successfully receives IP from RARP server. - Interface `enp0s3` does not receive a RARP reply, resulting in timeout. - This confirms the server only responds to known MAC addresses. * Step-7 : Capture Wireshark packets during RARP requests - Start Wireshark and apply this display filter to observe RARP frames: .. code-block:: none rarp - You should observe: - A **RARP Request** and **RARP Reply** on interface `enp0s8`. - A **RARP Request** on interface `enp0s3` without any reply. * Step-8 : Wireshark Capture :download:`Download Wireshark capture ` **TESTCASE: RARP Request with Changed MAC Address** * To verify the behavior when sending a RARP request from an interface with a manually changed MAC address that is not recognized by the server. .. note:: - Changing the MAC address to an unknown one should result in no RARP reply. - The interface must be brought up after changing the MAC address. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Change the MAC address of the interface `enp0s8` .. code-block:: shell test:~$ sudo ip link set dev enp0s8 address 02:00:00:00:00:01 * Step-4 : Bring the interface `enp0s8` up .. code-block:: shell test:~$ sudo ip link set dev enp0s8 up * Step-5 : Send RARP request from the interface `enp0s8` .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 * Step-6 : Expected output .. code-block:: shell RARP request sent successfully from interface enp0s8 (MAC: 02:00:00:00:00:01) Waiting for RARP reply... Timeout: No RARP reply received. .. note:: - Since the MAC address is not known to the RARP server, no reply is sent. - This demonstrates that the RARP server only responds to recognized MAC addresses. * Step-7 : Capture Wireshark packets during the RARP request - You should see a **RARP Request** frame sent from the modified MAC address. - No **RARP Reply** will be observed. * Step-8 : Restore the original MAC address and bring the interface up .. code-block:: shell test:~$ sudo ip link set dev enp0s8 address 08:00:27:3a:03:ca test:~$ sudo ip link set dev enp0s8 up * Step-9 : Wireshark Capture :download:`Download Wireshark capture ` **TESTCASE: Multiple RARP Servers Responding** * To verify the client behavior when multiple RARP servers respond to a single RARP request. .. note:: - The client sends one RARP request from an active interface with a known MAC address. - Multiple RARP servers on the network reply with their IP address mappings. - The client should process only the first RARP reply it receives. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Ensure the interface is up and has correct MAC .. code-block:: shell test:~$ sudo ip link set dev enp0s8 address 08:00:27:3a:03:ca test:~$ sudo ip link set dev enp0s8 up * Step-4 : Run the RARP client .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 * Step-5 : Expected Client Output .. code-block:: shell RARP request sent successfully from interface enp0s8 (MAC: 08:00:27:3a:03:ca) Waiting for RARP reply... RARP reply received! IP address assigned: 192.168.0.129 * Step-6 : Wireshark Capture :download:`Download Wireshark capture ` .. note:: - You will see only **one RARP request** packet sent from the client. - There will be **two RARP reply** packets coming from the multiple servers on the network. - On the client console, only the reply from the first responding server is displayed. **TESTCASE: Sending RARP Request on a Down Interface** * To verify that sending a RARP request on a network interface that is down results in an error. .. note:: - The network interface must be explicitly brought down before sending the RARP request. - The RARP client should handle this condition gracefully and display an appropriate error. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Bring the network interface down .. code-block:: shell test:~$ sudo ip link set dev enp0s8 down * Step-4 : Attempt to send the RARP request .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 * Step-5 : Expected output .. code-block:: shell Error sending packet (sendto): Network is down .. note:: - The client should report that the network is down and not send any packet. * Step-6 : Capture Wireshark packets during the test :download:`Download Wireshark capture ` .. note:: - No RARP packets should be seen since the interface is down. * Step-7 : Bring the network interface back up .. code-block:: shell test:~$ sudo ip link set dev enp0s8 up .. note:: - After bringing the interface up, you can proceed with normal RARP testing. **TESTCASE: Ensure RARP client works correctly in a dual-stack (IPv4 + IPv6) environment** * To verify that the RARP client functions properly when both IPv4 and IPv6 are active on the system and that IPv6 traffic does not interfere with RARP communication. * Step-1 : Download RARP client source code :download:`Download source code of RARP client ` * Step-2 : Compile the RARP client .. code-block:: shell test:~$ sudo gcc send_rarp_request.c -o send_rarp_request * Step-3 : Ensure IPv6 is enabled on the interface .. code-block:: shell test:~$ ip -6 addr show dev enp0s8 .. note:: * If a global IPv6 address is not present (e.g., `2001:db8::1/64` or `fe80::...`), assign one manually: .. code-block:: shell test:~$ sudo ip -6 addr add 2001:db8::1/64 dev enp0s8 test:~$ sudo ip link set dev enp0s8 up .. note:: * `2001:db8::/64` is a documentation-only subnet safe for local testing. * Step-4 : Verify both IPv4 and IPv6 addresses are active on the interface .. code-block:: shell test:~$ ip addr show dev enp0s8 .. note:: * You should see: * An IPv6 address like `2001:db8::1/64` * An IPv4 address (or none if flushed; RARP will assign it) * Step-5 : Start Wireshark capture * This lets you observe both RARP and IPv6 traffic. * Step-6 : Run the RARP client to request IP address .. code-block:: shell test:~$ sudo ./send_rarp_request enp0s8 * Expected output: .. code-block:: shell RARP request sent successfully from interface enp0s8 (MAC: 08:00:27:3a:03:ca) Waiting for RARP reply... RARP reply received! IP address assigned: 192.168.0.129 * Step-7 : Download Wireshark capture :download:`Download Wireshark capture ` .. note:: - You will also see RARP Request and Reply packets. - RARP itself does **not** support IPv6, so IPv6 traffic is unrelated but coexists without interference. .. _RARP_step6: .. tab-set:: .. tab-item:: RARP Protocol Packet Details **RARP Request Packet** .. csv-table:: :file: ./RARP/rarp_packet_details1.csv :widths: 10,20,30,10 :header-rows: 1 **RARP Reply Packet** .. csv-table:: :file: ./RARP/rarp_packet_details2.csv :widths: 10,20,30,10 :header-rows: 1 .. _RARP_step7: .. tab-set:: .. tab-item:: RARP Usecases .. csv-table:: :file: ./RARP/rarp_usecases.csv :widths: 10,20,30 :header-rows: 1 .. _RARP_step8: .. tab-set:: .. tab-item:: RARP Basic Features .. csv-table:: :file: ./RARP/rarp_features.csv :widths: 10,10,30 :header-rows: 1 .. _RARP_step9: .. tab-set:: .. tab-item:: RARP Feature : Mac to IP resolution **MAC to IP resolution - Testcases** .. csv-table:: :file: ./RARP/rarp_feature1_mac_to_ip_resolution_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _RARP_step10: .. tab-set:: .. tab-item:: RARP Feature : Data Link layer **Data Link Layer - Testcases** .. csv-table:: :file: ./RARP/rarp_feature2_dll_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _RARP_step11: .. tab-set:: .. tab-item:: RARP Feature : Statless Protocol **Statless Protocol - Testcases** .. csv-table:: :file: ./RARP/rarp_feature3_statless_protocol_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _RARP_step12: .. tab-set:: .. tab-item:: RARP Feature : Broadcast based Req **Broadcast based Req - Testcases** .. csv-table:: :file: ./RARP/rarp_feature4_broadcast_based_req_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _RARP_step13: .. tab-set:: .. tab-item:: RARP Feature : Server Dependent **Server Dependent - Testcases** .. csv-table:: :file: ./RARP/rarp_feature5_server_dependent_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _RARP_step14: .. tab-set:: .. tab-item:: RARP Feature : Limited to IPv4 **Limited to IPv4 - Testcases** .. csv-table:: :file: ./RARP/rarp_feature6_limited_to_ipv4_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _RARP_step15: .. tab-set:: .. tab-item:: RARP Feature : No Support for Dynamic Allocation **No Support for Dynamic Allocation - Testcases** .. csv-table:: :file: ./RARP/rarp_feature7_no_support_for_dynamic_allocation_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _RARP_step18: .. tab-set:: .. tab-item:: Reference links * Reference links