With Nmap it is possible to scan according mac address?

Question

I would like to know if it's possible to use Nmap in order to scan hosts according to their mac address.

Or if it's not possible to do it directly, is there an option (i didn't find) to select only hosts with a specific mac address?

What would you scan them for, their IP or routing information? Point is: There is not much to find scanning in usual networks, as services usually of interest are provided at a higher level of the ISO/OSI model. — Tobi Nary, Mar 17 '16 at 10:27

score 4 · Accepted Answer · edited Mar 20 '17 at 10:18

Keep in mind that nmap is an IP based scanner. Based on the information that you have provided, I would suggest using nmap to perform a host discovery i.e. identifying active hosts in a network. This step will give you a list of active IP addresses.

You can use ARP to resolve the IP addresses (Obtained during host discovery) to MAC addresses (Assuming its all in the same local area network). Once you have identified the MAC addresses that you wish to scan, feed the corresponding IP addresses to nmap for scanning.

In short:

Host Discovery > IP to MAC conversion > Identify target IP addresses using MAC > Port scanning

Refer this for more information on using nmap.

score 4 · Answer 2 · edited Nov 04 '20 at 15:40

4

This is a one-liner to find the IP of a Synology NAS by MAC address in the local network:

nmap -sP 192.168.1.0/24 | grep -B 2 "00:11:32:XX:XX:XX" | head -n 1 | cut -d " " -f 5

grep, head and cut trim the text to get the desired IP.

edited Nov 04 '20 at 15:40

schroeder

123,438
55
284
319

answered Nov 04 '20 at 13:50

Oscar

41
1

Thank you for this. It saved my bacon. The differences between arp and nmap on Ubuntu are frustrating (nmap scan does not update arp tables and arp-scan does nothing at all). Using this snippet you can remove arp from the equation altogether. – Andreas Huttenrauch Mar 22 '21 at 23:19

Tobi Nary · Answer 3 · 2016-03-29T17:33:43.863

1

With nmap, you do scan for services at the IP layer (3) of the ISO/OSI model. Mac addresses are layer 2.

This would not keep you from resolving mac addresses to IP addresses using

arp -na

and working your way from there, though.

edited Mar 29 '16 at 17:33

answered Mar 17 '16 at 10:32

Tobi Nary

14,302
8
43
58

score 0 · Answer 4 · answered Mar 17 '16 at 10:29

0

no, NMAP is a OSI Layer 3 scanner and it needs IP address, see official docs

answered Mar 17 '16 at 10:29

Alexey Vesnin

1,565
1
8
11

This is not entirely true for the local network - see `-PR` in the official docs: https://nmap.org/book/man-host-discovery.html What *is* true is that there is no interface to specify MAC addresses in the scan. – schroeder Mar 29 '16 at 19:40
@schroeder IMHO an unavailable feature does not counts, isn't it? – Alexey Vesnin Mar 29 '16 at 20:07

With Nmap it is possible to scan according mac address?

4 Answers4