This is really bugging me. I'm rtying to find the MAC address of a PC on my home network using NMAP. I rarely use NMAP but I know I was able to do it before I've just forgotten how!
I know by the time someone reads I will have gone to the other PC and got the address but its driving me mad!!

Use wireshark and be done with it :p

why not just use "ipconfig /all" on the machine? It will be listed under physical address.

Because he wants to find it remotely. Stubborn.... LMAO

Oh and to answer the original question, I got my wife's MAC from the intense scan, but that's all I tried.

nmap -T Aggressive -A -v 192.x.x.x

NetBIOS MAC - same as machine MAC, they just call it that because it was found through NetBIOS. I'm sure there is a shortcut to attempt less probing and still get the MAC, but this is the first time I've used that (thanks BTW!) so I don't know it yet.

I needed the MAC address for a FreeNAS server so ipconfig/all won't work, (I don't know the Linux equivilent command). I'm not really stubborn - it was just doing my head in! lol
I did come accross the NMAP command which is below:

nmap -O -oX test.xml <Target IP address>

It gives OS, IP and MAC address, Port info, number of network hops to the target and some other bits of info. Interesting tough; the first time I ran it it said the target machine was running FreeBSD, which it is in the form of FreeNAS, the second time it wasn't too sure what the OS was and listed FreeBSD, MAC OS X and Open BSD as the possable OS's

Can you ping the remote device?

If so, run "arp -a" on the command prompt

A simple ifconfig on the shell should give you all you need to know.......


Snippet from my time server on our system....


ticktock:/home/amdphreak# ifconfig
eth0 Link encap:Ethernet HWaddr 00:00:E8:12:EE:65 <------------- LOOK!!!! MAC ADDY!!!

The arp -a command seems to only give the MAC address of the device which next in line, i.e. the Linksys WRT45G router. I did notice though that if I go into the Status page on the router I get a MAC address ending ****BC:9B:82 but when I use the arp -a command I get ****BC:9B:81, how can it have 2 different addresses?

I tried the arp command from several PC's going to the same router and they all give the ...:81 MAC address.

The arp -a command seems to only give the MAC address of the device which next in line, i.e. the Linksys WRT45G router. I did notice though that if I go into the Status page on the router I get a MAC address ending ******** but when I use the arp -a command I get *********, how can it have 2 different addresses?

I tried the arp command from several PC's going to the same router and they all give the ...... MAC address.


arp -a displays the arp cache. Those 2 addys; were they refering to the same IP addy?

As an aside, the first 3 sets of hex are vendor-specific. The last 3 sets, when taken together, are node specific... Replacing the first 3 with stars isn't gonna help you keep them from anyone who reads your post. :beer:

heh....

lol. It was more I couldn't be bother writing the whole address than security!
Thats a point, the router status my have been listing the internet side of the router whereas and arp -a command was looking at the switch side. It would make sence that they would be close numbers as they came from the same production line.

ifconfig is the equivalent linux command, if you need it in the future