I seem to get variable and inconsistent results for the IP/MAC addresses from a particular machine, using nmap or arp-scan.
The machine has 3 interfaces, and this is what it shows:
$ uname -a
Linux showstore-81 2.6.35.13 #1 SMP PREEMPT Thu Feb 9 12:20:36 PST 2012 i686 GNU/Linux
$ LC_ALL=C /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:1b:21:ac:17:19
inet addr:192.168.81.54 Bcast:192.168.81.255 Mask:255.255.255.0
...
eth1 Link encap:Ethernet HWaddr 00:25:90:25:d0:4e
inet addr:192.168.81.129 Bcast:192.168.81.255 Mask:255.255.255.128
...
eth2 Link encap:Ethernet HWaddr 00:25:90:25:d0:4f
inet addr:169.254.1.1 Bcast:169.254.255.255 Mask:255.255.0.0
...
So whatever tool and options I use, I would expect:
- IP .54 => MAC 00:1b:21:ac:17:19
- IP .129 => MAC 00:25:90:25:d0:4e
But nmap -n -sP 192.168.81.0/24
(nmap v. 5.00) reports it reversed:
Host 192.168.81.54 is up (0.000078s latency).
MAC Address: 00:25:90:25:D0:4E (Super Micro Computer)
Host 192.168.81.129 is up (0.000058s latency).
MAC Address: 00:1B:21:AC:17:19 (Intel Corporate)
And nmap -n -sP -PR 192.168.81/24
reports only one of the MAC addresses on both IPs:
Host 192.168.81.54 is up (0.000081s latency).
MAC Address: 00:1B:21:AC:17:19 (Intel Corporate)
Host 192.168.81.129 is up (0.00011s latency).
MAC Address: 00:1B:21:AC:17:19 (Intel Corporate)
Finally, arp-scan -l
(v. 1.8.1) reports both IP addresses twice with both MAC addresses:
192.168.81.54 00:1b:21:ac:17:19 Intel Corporate
192.168.81.54 00:25:90:25:d0:4e Super Micro Computer, Inc.
192.168.81.129 00:1b:21:ac:17:19 Intel Corporate
192.168.81.129 00:25:90:25:d0:4e Super Micro Computer, Inc.
How can I do a scan which gives correct results? (I only need IP and MAC. No port scanning.)