0

Thanks to some lax record keeping by our (ex! :-) network manager I'm tasked with finding what QNAP and Synology NAS devices exist in our company. We have several hundred offices scattered across the UK and they are all separate networks and separate domains. They are all Windows based (a mixture of Server 2k3, 2008 and 2012). We run our own home brewed monitoring software that allows me to run any software I want remotely.

QNAPs and Synologies have distinctive MAC addresses, so if I can scan the network for MAC addresses and pipe the output to a file I can easily get the info I need. The question is how to get a list of all MAC addresses on the LAN.

The obvious first step is just to run arp -a, and I'll probably go ahead and do this anyway. However this will only show devices the server has seen within the arp cache timeout. Does anyone know an easy way to get all devices? By easy I mean something built into Windows - I'd prefer not to have to install any software as we're talking about hundreds of different offices. nmap tends to be mentioned on these occasions, but the Windows ports seem to need extra libraries installing. If I have to use an external scanner it would be nice to have an executable that can just be copied onto the server and run.

PS: a quick clarification:

The scanner needs to be a command line app so I can fire it off remotely and have the output go to a file for subsequent parsing. It can't rely on Java since there's no guarantee all servers have Java. I'm fairly certain all servers will have at least .Net 2.0 - I suppose at a pinch I could knock up a quick .Net 2.0 app to ping every possible address on the network and get the MAC address associated with any replies ...

John Rennie
  • 7,756
  • 1
  • 22
  • 34
  • MAC addresses are globally unique but locally significant. You're not going to be able to scan all of your remote networks from one central network. MAC addresses don't transit/traverse routers. You'll need to run a scan from each network for that network. That being said, this is what I usually use - http://www.colasoft.com/mac_scanner – joeqwerty Apr 07 '14 at 14:44

3 Answers3

2

The quickest/easiest way is generally to grab the arp tables from your switches (assuming you have managed switches, otherwise, brace yourself for a lot of pain) and filter them based on the MAC addresses assigned to the manufacturer of the network card(s) you're looking for. I tend to use this site to link MACs to vendors and vice versa, but there are certainly others out there.

If your switches aren't managed, so you can't easily pull up the arp tables from a central location, the next best approach is to find a machine on every network segment you can broadcast from and then lookup the local arp table on. Which... is far from ideal, but really the best solution out of a lot of bad options. Rather than doing an interactive logon to all these machines, like you seem to suggest in your question, I'd use some method of getting a remote command line from a central location, like your workstation. WinRM, PowerShell remoting and even PSexec are all relatively easy options to achieve this goal that may or may not be right for you, depending on how your environment's set up.

Oh, and let me add, rather than pinging every address, or writing an app to do so, it would be faster to just hit the broadcast address for each of your subnets or the global braodcast address, if this is the route you end up going. (The broadcast address is the address with .255 in the last octet, and the global broadcast address is 255.255.255.255.)

Community
  • 1
HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
1

Have you tried Angry IP Scanner ?
I seem to remember that being a single executable.

I've used Fing on Linux before, that can be run on a command line and output to a command line.

Lawrence
  • 380
  • 2
  • 10
  • Thanks Lawrence. Sadly it looks as if that requires Java and there's no guarantee all servers have Java. Also it's not clear from the web site whether I can run Angry IP scanner from a command line to get output piped to a file. It appears to be a GUI app. – John Rennie Apr 07 '14 at 07:48
  • There's an older version that doesn't require Java. Also, why do you need to run it on all servers ? Can you not access all the networks from your workstation ? – Lawrence Apr 07 '14 at 07:48
  • *Can you not access all the networks from your workstation* - yes, if I want to manually scan several hundred branch offices :-) I'm after something I can run overnight as part of our monitoring process and then survy the results in the morning. – John Rennie Apr 07 '14 at 08:00
  • Ah I see. In that case, I'd go down the route of knocking up your own little script to do that. – Lawrence Apr 07 '14 at 08:20
0

If you can predictably locate a mounted volume, you can identify the IP address and then track down whether it is one of your errant devices. You will need to execute a net use command locally, or look at any persistent mapped drived in the registry.

Then, either by probing the name itself for information, or trying a ping from the server will return the MAC address.

Pekka
  • 530
  • 5
  • 15
  • @John Rennie: I understand. I was suggesting that you dredge through the persistent mapped drives on machines at each site to see if the targets are in the MAC group you are looking for. Multiple steps, but better than a raw nmap. – Pekka Apr 07 '14 at 18:24