Inverse ARP lookup

lookup mac-address

How can I do an inverse ARP lookup in Windows and/or Linux? Say that I have the MAC address of wireless access point which is up and running in the network, but I forgot it's IP address?


Solution 1:

The easiest way to do this is to ping the broadcast address (ping -b [broadcast address) on your subnet (often .255), and then dump your arp table (arp -a on Linux), and you should find the MAC of the machine, along with its IP.

Solution 2:

arping2 has an example arping-scan-net.sh which finds the IP address of a given mac address in a given network subnet. It works by scanning each ip address, so It works when broadcast pings are discarded (a very common situation)

Solution 3:

Also you can use nmap this is utility for network discovery, in Ubuntu you can simply install it from command line: apt-get install nmap For ping scan network use: nmap -sP xx.xx.xx.xx/yy as a result you find all hosts in network. You can use other scan technics (if host not respond to ICMP ping) for scanning the network.

Solution 4:

From a bad, bad place, written by scraig84:

Typically you would need to find it on one of your machine's arp tables. If there is a router in your network, this is usually the most central place to gather that type of info. On a cisco router, the command is "show arp" - it will give you a listing of the MAC addresses and their corresponding IP address. On a windows box, from a DOS prompt you can type "arp -a" to see similar output.

Solution 5:

Pinging the broadcast address only works for those things that respond to a broadcast ping, and not everything does. Another approach is to ping every address in the subnet, then review the ARP table.

In Windows, you can do this with:

for /l %i in (1,1,254) do ping -n 1 -w 50 192.168.0.%i

Basically, you are running ping in a 'for' loop. The arguments are thus:

  • /l -- causes 'for' to loop
  • %i -- incrementing variable
  • (start, increment, end) -- the start, increment, and ending values
  • -n -- number of packets to send
  • -w -- time in milliseconds to wait for a reply

After that completes, you can review the ARP table with

arp -a

Kind of a "brute force" method, but it works using existing tools. This usually will resolve hosts that don't respond to ping, as well.

Related

What can be used to 'gzip' in Windows?
Keystroke to open a new window in Windows 7 Explorer?
Unzipping files in unattended mode
How to run sed on over 10 million files in a directory?
How to watch Youtube fullscreen on one monitor of a dual-monitor display?
When would you use apt-get remove over apt-get autoremove?
Howto switch / chage user id witin a bash script to execute commands in the same script?
Ctrl+Alt+T doesn't open a Terminal in Cinnamon 1.6
Change Windows password when in multiple RDP
Gaming over LAN, VNC alternative?
What do the different vault levels reward you with in Legends of Runeterra?
Minecraft half a heart education edition [closed]