11

When I need to locate the IPs of devices by their mac address on a Windows system, I normally use Advanced IP Scanner (from radmin.com) to scan the network, then I use arp -a to list the mac addresses.

Is it possible to use nmap to perform the same function in Linux and possibly in Windows? Can nmap to the scanning and produce both IPs and MAC addresses?

I have tried arp -a in Linux but it doesn't seem to work as quickly as in Windows or appears to require some use input.

/vfclists

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
vfclists
  • 1,562
  • 5
  • 20
  • 36

5 Answers5

13

Using nmap a lot of info can be found..

nmap -A -v -v 192.168.1.0/24 gives a lot of information, even SO in some cases

nmap -sn 192.168.1.0/24 gives the MAC and IP addresses. Very Useful too

sudo nmap -PU 192.168.1.0/24 explains every IP address

Lars Francke
  • 125
  • 5
AAlvz
  • 365
  • 4
  • 7
  • 16
8

The following command with nmap with root privilegies (or using sudo):

sudo nmap -sP 172.31.201.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

results in:

172.31.201.80 => 00:50:56:AF:56:FB
172.31.201.97 => 00:26:73:78:51:42
server1.company.internal.local => 3C:D9:2B:70:BC:99
...
Antonio Saco
  • 189
  • 1
  • 4
  • 1
    This glues lines a lot. The other answer is better: https://serverfault.com/a/669862/284568. – Velkan Apr 26 '17 at 06:16
  • 2
    @Velkan The other answer is missing sudo and also give me only IP : MAC, this answer give you IP/hostname : MAC, everything depends of your needs. Thanks! – Antonio Saco May 19 '17 at 07:13
  • Thanks for making it clear that it needs root privileges. – mszmurlo Aug 19 '18 at 06:03
7

This commands scans all IP addresses in a range and shows the MAC address of each IP address. It does this in a greppable format, or in other words; displays IP and MAC address on a single line. Thats handy if you want to export to Excel or run a grep on it.

nmap -n -sP 10.0.3.0/24 | awk '/Nmap scan report/{printf $5;printf " ";getline;getline;print $3;}'

It seems to also work for IP's/MAC's which are not already in the hosts ARP table. That's a good thing.

The command results in:

10.0.3.100 B8:27:EB:8E:C5:51
10.0.3.101 00:26:B6:E1:4B:EB
10.0.3.112 00:01:29:02:55:25
etc..
Jasper
  • 1,024
  • 9
  • 7
6

You can use the Ping scans, which start with the P-flag. However, I personally use -sL for this job.

http://nmap.org/book/man-host-discovery.html

Shyam
  • 264
  • 1
  • 6
  • 5
    +1 I use -sP as well. But attention, to be able to get mac addresses you have to be on the same lan (no routers in between). – PiL Jun 04 '10 at 07:51
  • 1
    I have tested with the -sP option and it is exactly what I am looking for, thanks to Pier and Iraklis. It is for scanning for items getting their IPs via DHCP or static in the local network. – vfclists Jun 04 '10 at 08:34
0

Adding to antonio-saco's response. I wanted to also list the vendor as well to the output. To do that you want to print the 3rd index (MAC address) to the end of the line.

sudo nmap -sn 10.10.10.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "substr($0, index($0,$3)) }' | sort

Results in:

10.10.10.24 => B0:5A:DA:EB:2A:C4 (Hewlett Packard)