Inverse ARP lookup

The easiest way to do this is to ping the broadcast address (ping -b [broadcast address) on your subnet (often .255), and then dump your arp table (arp -a on Linux), and you should find the MAC of the machine, along with its IP.

arping2 has an example arping-scan-net.sh which finds the IP address of a given mac address in a given network subnet. It works by scanning each ip address, so It works when broadcast pings are discarded (a very common situation)

Also you can use nmap this is utility for network discovery, in Ubuntu you can simply install it from command line: apt-get install nmap For ping scan network use: nmap -sP xx.xx.xx.xx/yy as a result you find all hosts in network. You can use other scan technics (if host not respond to ICMP ping) for scanning the network.