MAC Address Discovery

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

You can discover the MAC address of an IP clients remotely.

Windows LAN

If you are on a Windows NT network or simple Windows file sharing, you can discover the MAC address from the MSDOS prompt of a Windows machine for any other Windows machine on your LAN as long as you know the hostname of the machine. (NetBIOS, NT, Windows Host)

Use the 'net view' command from the MSDOS Prompt to find a hostname, then use nbtstat -a to discover the MAC address 

 net view
 nbtstat -a <hostname>

TCP/IP LAN/WAN MAC Discovery w/o Hostname

If you send traffic to a host, such as with ICMP broadcast 'ping' you will populate the ARP Cache of your machine thus acquiring the MAC address which is part of that level of networking. 

ping X.X.X.X

Wait for some replies (if host responds to ICMP) 

arp -a

That shows the ARP Cache table.

Even if the host does not reply to icmp echo (ping) the arp table may still contain the mac address. In one test a Windows XP host was filtering ping and therefore would not reply. However, the sending host was still able to obtain a MAC address for ARP table population. This is due to the dynamics of layered tcp/ip networking on Microsoft windows.

 

 

Retrieved from "http://wiki.robotz.com/index.php?title=MAC_Address_Discovery&oldid=6036"