[Winpcap-users] Rarp Packets !?
winpcap
winpcap at onemangang.dk
Tue Oct 18 07:10:11 GMT 2005
Hi all.
Thanks for the answers.
At least now i know why it doesnt work.
Regards
J. Thomsen, Denmark
----- Original Message -----
From: Steighton_Haley at mcafee.com
To: winpcap-users at winpcap.org
Sent: Monday, October 17, 2005 11:18 PM
Subject: RE: [Winpcap-users] Rarp Packets !?
Reverse ARP is a predecessor to BOOTP, on which DHCP is based. Generally, the spec. requires an *authoritative* response (hence the questions about a RARP server). It may very well be that there are TCP/IP implementations out there which will respond to RARP packets in the way you describe, but I have yet to find any.
Besides, RARP (because of it's associations with BOOTP), is totally the wrong thing to use... what you *really* want is INVARP which was invented for use by ATM switches so that their IP addresses could be queried directly based on MAC address. But, again, nobody outside of the ATM community implements INVARP in their TCP/IP stack.
Effectively, what this means is that there is *no way* within the scope of the standard protocols to force a system whose MAC address you know to tell you it's associated IP address.
There may be a way to do it outside of the standards (maybe by crafting an ICMP packet with a bogus IP and sending it directly to the system.. .and then reading the real IP out of the reply..), but that would have unpredictable results...
Anyway, sorry to continue the bad news :-(
SLH.
----------------------------------------------------------------------------
From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of winpcap
Sent: Thursday, October 13, 2005 3:21 AM
To: winpcap-users at winpcap.org
Subject: [Winpcap-users] Rarp Packets !?
Hi everyone.
This might not be the correct place for this, but here it goes.
I have made a little program using winpcap to send rarp packets,
to find out the ip address of a specific mac address.
When i have assembled my rarp packet i send it via winpcap.
I am using ethereal to check if my packets are correctly put together,
and according to ethereal, they is. The packets that i send can nicely be
seen in ethereals window, with the correct addresses and opcodes.
Now, the problem is that i never get a reply.
According to rfc 903 rarp is mostly used for diskless systems to find
out their ip when they boot.
I have tried any combination of arp/rarp type (0x0806 and 0x8035) and
any of the opcodes (1..4).
Now, the question remains, are normal workstations/servers not supposed
to answer rarp packets? I have a mixed environtment with 50++ computers,
windows workstations, windows servers and linux servers...
None of these answer my rarp packets.
Hopefully someone can shed some light on this.
Thanks.
J. Thomsen, Denmark.
------------------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20051018/03e4289d/attachment.htm
More information about the Winpcap-users
mailing list