Can I use nmap to discover IPs and mac addresses?

Solution 1:

Using nmap a lot of info can be found..

nmap -A -v -v 192.168.1.0/24 gives a lot of information, even SO in some cases

nmap -sn 192.168.1.0/24 gives the MAC and IP addresses. Very Useful too

sudo nmap -PU 192.168.1.0/24 explains every IP address

Solution 2:

The following command with nmap with root privilegies (or using sudo):

sudo nmap -sP 172.31.201.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

results in:

172.31.201.80 => 00:50:56:AF:56:FB
172.31.201.97 => 00:26:73:78:51:42
server1.company.internal.local => 3C:D9:2B:70:BC:99
...

---

Solution 3:

This commands scans all IP addresses in a range and shows the MAC address of each IP address. It does this in a greppable format, or in other words; displays IP and MAC address on a single line. Thats handy if you want to export to Excel or run a grep on it.

nmap -n -sP 10.0.3.0/24 | awk '/Nmap scan report/{printf $5;printf " ";getline;getline;print $3;}'

It seems to also work for IP's/MAC's which are not already in the hosts ARP table. That's a good thing.

The command results in:

10.0.3.100 B8:27:EB:8E:C5:51
10.0.3.101 00:26:B6:E1:4B:EB
10.0.3.112 00:01:29:02:55:25
etc..

---

Solution 4:

You can use the Ping scans, which start with the P-flag. However, I personally use -sL for this job.

http://nmap.org/book/man-host-discovery.html