Can I use nmap to discover IPs and mac addresses?

Solution 1:

Using nmap a lot of info can be found..

nmap -A -v -v gives a lot of information, even SO in some cases

nmap -sn gives the MAC and IP addresses. Very Useful too

sudo nmap -PU explains every IP address

Solution 2:

The following command with nmap with root privilegies (or using sudo):

sudo nmap -sP | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

results in: => 00:50:56:AF:56:FB => 00:26:73:78:51:42 => 3C:D9:2B:70:BC:99

Solution 3:

This commands scans all IP addresses in a range and shows the MAC address of each IP address. It does this in a greppable format, or in other words; displays IP and MAC address on a single line. Thats handy if you want to export to Excel or run a grep on it.

nmap -n -sP | awk '/Nmap scan report/{printf $5;printf " ";getline;getline;print $3;}'

It seems to also work for IP's/MAC's which are not already in the hosts ARP table. That's a good thing.

The command results in: B8:27:EB:8E:C5:51 00:26:B6:E1:4B:EB 00:01:29:02:55:25

Solution 4:

You can use the Ping scans, which start with the P-flag. However, I personally use -sL for this job.