Can I use nmap to discover IPs and mac addresses?

Question

When I need to locate the IPs of devices by their mac address on a Windows system, I normally use Advanced IP Scanner (from radmin.com) to scan the network, then I use arp -a to list the mac addresses.

Is it possible to use nmap to perform the same function in Linux and possibly in Windows? Can nmap to the scanning and produce both IPs and MAC addresses?

I have tried arp -a in Linux but it doesn't seem to work as quickly as in Windows or appears to require some use input.

/vfclists

score 13 · Answer 1 · edited Sep 09 '19 at 13:26

13

Using nmap a lot of info can be found..

nmap -A -v -v 192.168.1.0/24 gives a lot of information, even SO in some cases

nmap -sn 192.168.1.0/24 gives the MAC and IP addresses. Very Useful too

sudo nmap -PU 192.168.1.0/24 explains every IP address

edited Sep 09 '19 at 13:26

Lars Francke

125

answered Jan 25 '13 at 21:44

AAlvz

365

Antonio Saco · Answer 2 · 2015-03-10T16:53:31.937

8

The following command with nmap with root privilegies (or using sudo):

sudo nmap -sP 172.31.201.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

results in:

172.31.201.80 => 00:50:56:AF:56:FB
172.31.201.97 => 00:26:73:78:51:42
server1.company.internal.local => 3C:D9:2B:70:BC:99
...

edited Mar 10 '15 at 16:53

answered Mar 10 '15 at 16:15

Antonio Saco

189

Jasper · Answer 3 · 2015-02-20T14:06:01.503

This commands scans all IP addresses in a range and shows the MAC address of each IP address. It does this in a greppable format, or in other words; displays IP and MAC address on a single line. Thats handy if you want to export to Excel or run a grep on it.

nmap -n -sP 10.0.3.0/24 | awk '/Nmap scan report/{printf $5;printf " ";getline;getline;print $3;}'

It seems to also work for IP's/MAC's which are not already in the hosts ARP table. That's a good thing.

The command results in:

10.0.3.100 B8:27:EB:8E:C5:51
10.0.3.101 00:26:B6:E1:4B:EB
10.0.3.112 00:01:29:02:55:25
etc..

score 6 · Accepted Answer · answered Jun 04 '10 at 07:48

6

You can use the Ping scans, which start with the P-flag. However, I personally use -sL for this job.

http://nmap.org/book/man-host-discovery.html

answered Jun 04 '10 at 07:48

Shyam

264
1
6

score 0 · Answer 5 · answered Nov 09 '18 at 17:31

Adding to antonio-saco's response. I wanted to also list the vendor as well to the output. To do that you want to print the 3rd index (MAC address) to the end of the line.

sudo nmap -sn 10.10.10.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "substr($0, index($0,$3)) }' | sort

Results in:

10.10.10.24 => B0:5A:DA:EB:2A:C4 (Hewlett Packard)

Can I use nmap to discover IPs and mac addresses?

5 Answers5

Linked