how to get MAC address of remote computer

Question

I have specific situation. I want to get MAC address from a remote computer, which is not in domain. I know the hostname and IP address of the remote computer. The IP Address of my computer is 192.168.2.40 and the remote computer IP is 192.168.2.41.

I've tried:

arp -a <remote IP Address>
No ARP entries found.

nbtstat -n <remote hostname>
Host not found.

getmac /s <remote IP Address>
ERROR: The RPC server is unavailable.

Is it possible to get the MAC address of the remote system from the command line, powershell or something else? Which conditions need to be set? Thank you.

Answer 1

MAC addresses are Ethernet things, not Internet things. A computer need not even have a MAC address. The only way to get the MAC address is to get some computer on the same LAN as that computer to tell it to you. And you'd have no way to know it was giving you the correct information.

If the two of you are in the same Ethernet LAN, you can just ping the computer and then look in your ARP table. Otherwise, you would have to ask a computer in the same Etherent/Wifi LAN.

Answer 2

nmap will return the MAC address as well as just about anything else you'd like to know.

If you have admin access to the machine, powershell & wmi are both very useful in getting remote diagnostics. They both have extensive documentation at technet.microsoft.com

edit: this assumes a windows machine, which from the looks of it, this might not be.

Answer 3

You can get it from WMI, and any language that can read WMI will be able to access it. VBScript, JScript, Perl, Python, and Powershell can all be used to get to it.

Since you asked specifically Powershell, here's an example from http://www.neolisk.com/techblog/powershell-getmacaddressofanyremoteip:

param ( $Computer , $Credential )
#to make it work without parameters
if($Computer -eq $null) { $Computer = $env:COMPUTERNAME }
#program logic
$hostIp = [System.Net.Dns]::GetHostByName($Computer).AddressList[0].IpAddressToString
if($Credential) {
    $Credential = Get-Credential $Credential
    $wmi = gwmi -Class Win32_NetworkAdapterConfiguration -Credential $Credential -ComputerName $Computer
} else {
    $wmi = gwmi -Class Win32_NetworkAdapterConfiguration -ComputerName $Computer 
}
return ($wmi | where { $_.IpAddress -eq $hostIp }).MACAddress

Answer 4

yep. The easiest way should be just doing a ping and then check the ARP table

If you're more into actually getting stuff inventoried and reported I would suggest havoing a look at the free software from Spiceworks ( http://www.spiceworks.com ) to set upp constant monitoring and always havce your information easily available about your entire enivorenment.

I've used it for years and it works great on LAN.

It does have some issues with sending inventories ocf sofwtare to remote sites though, haven't really figured out why yet but apart from that, I highly recommend it .

Answer 5

If you know name of computer easies way will be:

$strComputer ="ComuterName"
$colItems = Get-WmiObject -Class "Win32_NetworkAdapterConfiguration" -ComputerName $strComputer -Filter "IpEnabled = TRUE"
ForEach ($objItem in $colItems)
{
    write-host "IP Address: " $objItem.IpAddress[0]  "Mac: " $objItem.MacAddress
}

More advanced script which can take any machine by IP or hostname:

$device = "192.168.106.123"
if ( $device | ? { $_ -match "[0-9].[0-9].[0-9].[0-9]" } )
{
    echo "Searching MAC by IP"
    $ip = $device
} 
else 
{
    echo "Searching MAC by host"
    $ip = [System.Net.Dns]::GetHostByName($device).AddressList[0].IpAddressToString
}
    $ping = ( new-object System.Net.NetworkInformation.Ping ).Send($ip);


if($ping){
    $mac = arp -a $ip;

    ( $mac | ? { $_ -match $ip } ) -match "([0-9A-F]{2}([:-][0-9A-F]{2}){5})" | out-null;

    if ( $matches )
     {
        $matches[0];
    } else 
    {
      echo "MAC Not Found"
     }
}

Answer 6

MAC is OSI Layer 2 - you won't get it directly when there is any Layer 3 hop in between - and for securtity reasons all protocols to query such data should not be allowed in anything beyond one's LAN...

Answer 7

While what is above is a bit over complicated, if you have no entries found after a ping then you need to enable routing and remote access in services, it probably is disabled. Then goto a command prompt and issue a arp -a to see your cache, use arp -a <IP> for that machine mac address.

Answer 8

You could try this :

nbtstat -A 192.168.2.41

You will get the remote mac address in the (pretty verbose) generated response.

Answer 9

I know question was for none domain systems however for those that may stumble on this looking for domain computer examples below is a quick and easy way to do it.

in windows you can just do the following

    $c = "computername" 
    Invoke-Command -ComputerName $c -ScriptBlock {

    getmac 
    }

simply runs a basic command prompt command on a remote system and returns the data.

Answer 10

Suppose that you a have the inputfile with computers or ip address list, you can give a try with batch file :

@echo off
Set "Copyright=by Hackoo 2021"
Title Get IP and MAC address for remote PCs over the network using batch %Copyright%
Mode con cols=90 lines=12
cls & color 0A & echo.
echo     ********************************************************************************
echo         Get IP and MAC address for remote PCs over the network %Copyright%
echo     ********************************************************************************
echo(
if _%1_==_Main_  goto :Main
:getadmin
    echo            %~nx0 : self elevating
    set vbs=%temp%\getadmin.vbs
(
    echo Set UAC = CreateObject^("Shell.Application"^)
    echo UAC.ShellExecute "%~s0", "Main %~sdp0 %*", "", "runas", 1
)> "%vbs%"
    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
goto :eof
::-------------------------------------------------------------------------------------
:Main
set "InputFile=%~dp0Hosts.txt"
set "OutPutFile=%~dp0IP-MAC.txt"
If Exist "%OutPutFile%" Del "%OutPutFile%"

If Not Exist "%InputFile%" ( 
    color 0C & echo "%InputFile%" does not exist. Please check it first ! 
    Timeout /T 8 /NoBreak>nul & Exit
)

Netsh interface ip delete arpcache >nul 2>&1

@for /f "tokens=* delims=" %%H in ('Type "%InputFile%"') do (
    Ping -n 1 %%H>nul
    @for /f "tokens=2" %%M in ('arp -a %%H ^| find "%%H"') do (
        echo %%H : %%M
        echo %%H : %%M>>"%OutPutFile%"
    )
)
If Exist "%OutPutFile%" Start "" "%OutPutFile%" & Timeout /T 1 /NoBreak>nul & Exit
::-------------------------------------------------------------------------------------

Answer 11

"nmap -v -A [host name/IP address]" might be your best choice; UNIX OS for the client might have it natively available; but nmap is also available for Windows clients as well...