Can I use nmap to discover IPs and mac addresses?

Question

When I need to locate the IPs of devices by their mac address on a Windows system, I normally use Advanced IP Scanner (from radmin.com) to scan the network, then I use arp -a to list the mac addresses.

Is it possible to use nmap to perform the same function in Linux and possibly in Windows? Can nmap to the scanning and produce both IPs and MAC addresses?

I have tried arp -a in Linux but it doesn't seem to work as quickly as in Windows or appears to require some use input.

/vfclists

score 13 · Answer 1 · edited Sep 09 '19 at 13:26

13

Using nmap a lot of info can be found..

nmap -A -v -v 192.168.1.0/24 gives a lot of information, even SO in some cases

nmap -sn 192.168.1.0/24 gives the MAC and IP addresses. Very Useful too

sudo nmap -PU 192.168.1.0/24 explains every IP address

edited Sep 09 '19 at 13:26

Lars Francke

125
5

answered Jan 25 '13 at 21:44

AAlvz

365
4
7
16

5

According to the nmap man page, `-sP` is now known as `-sn` – Alastair McCormack Jul 31 '16 at 08:11

Antonio Saco · Answer 2 · 2015-03-10T16:53:31.937

8

The following command with nmap with root privilegies (or using sudo):

sudo nmap -sP 172.31.201.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

results in:

172.31.201.80 => 00:50:56:AF:56:FB
172.31.201.97 => 00:26:73:78:51:42
server1.company.internal.local => 3C:D9:2B:70:BC:99
...

edited Mar 10 '15 at 16:53

answered Mar 10 '15 at 16:15

Antonio Saco

189
1
4

1

This glues lines a lot. The other answer is better: https://serverfault.com/a/669862/284568. – Velkan Apr 26 '17 at 06:16
2

@Velkan The other answer is missing sudo and also give me only IP : MAC, this answer give you IP/hostname : MAC, everything depends of your needs. Thanks! – Antonio Saco May 19 '17 at 07:13
Thanks for making it clear that it needs root privileges. – mszmurlo Aug 19 '18 at 06:03

Jasper · Answer 3 · 2015-02-20T14:06:01.503

7

This commands scans all IP addresses in a range and shows the MAC address of each IP address. It does this in a greppable format, or in other words; displays IP and MAC address on a single line. Thats handy if you want to export to Excel or run a grep on it.

nmap -n -sP 10.0.3.0/24 | awk '/Nmap scan report/{printf $5;printf " ";getline;getline;print $3;}'

It seems to also work for IP's/MAC's which are not already in the hosts ARP table. That's a good thing.

The command results in:

10.0.3.100 B8:27:EB:8E:C5:51
10.0.3.101 00:26:B6:E1:4B:EB
10.0.3.112 00:01:29:02:55:25
etc..

edited Feb 20 '15 at 14:06

answered Feb 19 '15 at 13:19

Jasper

1,024
9
7

For future reference, `-oG -` or similar should be far easier to parse. – Dessa Simpson Mar 21 '18 at 21:02
As it turns out, at lease `-oG` doesn't preserve the mac addresses. Wtf? – Dessa Simpson Mar 21 '18 at 21:13

score 6 · Accepted Answer · answered Jun 04 '10 at 07:48

6

You can use the Ping scans, which start with the P-flag. However, I personally use -sL for this job.

http://nmap.org/book/man-host-discovery.html

answered Jun 04 '10 at 07:48

Shyam

264
1
6

5

+1 I use -sP as well. But attention, to be able to get mac addresses you have to be on the same lan (no routers in between). – PiL Jun 04 '10 at 07:51
1

I have tested with the -sP option and it is exactly what I am looking for, thanks to Pier and Iraklis. It is for scanning for items getting their IPs via DHCP or static in the local network. – vfclists Jun 04 '10 at 08:34

score 0 · Answer 5 · answered Nov 09 '18 at 17:31

Adding to antonio-saco's response. I wanted to also list the vendor as well to the output. To do that you want to print the 3rd index (MAC address) to the end of the line.

sudo nmap -sn 10.10.10.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "substr($0, index($0,$3)) }' | sort

Results in:

10.10.10.24 => B0:5A:DA:EB:2A:C4 (Hewlett Packard)

Can I use nmap to discover IPs and mac addresses?

5 Answers5

Linked