Getting an IP's MAC address from behind a router

mac router

I want to know, if possible, how to get a MAC address of an IP address if I am behind a router.

I tried doing a ping to the IP and checking the arp table, but the only entry is the router's MAC.

Any ideas?

Thanks for reading.


MAC addresses do not get passed on by routers. You need to look at the router's ARP table.

Edit:

Unless you have some other form of access to the machine, yes, it is impossible. If you can get onto the network it's on (VNC, RDP, SSH), then you can do it, but otherwise no.

If you're router doesn't give you the ARP table on its web interface, you could see if you can telnet in : many home routers have more advanced functions they hide from the web interface.


It cannot be guaranteed that you can see MAC address of machines behind a router. But there are some protocols that may help you in finding MAC address from anywhere in network. For example to find MAC address of a Windows PC on other network when you know its IP address you can use command 

nbtstat -A <IP Address>

To do the same thing from Linux machine (with samba installed) use command

nmblookup -R -S -A <IP Address>

If the machine in question is not a windows machine and there is no way to become part of other subnet. Then the only options are seeing MAC address table in router, or if there is common network wide DHCP server then you can see MAC address in DHCP logs. But I guess you have to be administrator for accessing router or DHCP server.

Hence if there are lot of windows machines on your network you can find MAC address for them even when are not in their subnet. But if network has lot of Linux machines then there is no good very common way to find MAC from other networks.

The above technique wont work on Linux samba servers. They will always return MAC address as 00-00-00-00-00-00.


If the IP in question is not on a directly connected subnet of the router, then the MAC won't be in your router's ARP table.

ARP is only visible / relevant for the last hop of a IP connection (layer 2). Everything between the first routing entity and the last routing entity is layer 3, which doesn't use the ARP of the source or destination entities, but rather the ARP of the next directly-connected routing entity.


I think what you want to know is --

How can you find the MAC for a particular IP(machine) which is not the part of your subnet?

For the all the machines/IPs on your subnet the IP-MAC table is stored in ARP Cache, locally on your machine. This is the same cache which give "IP resolution conflicts". do a simple

$ arp -a | grep particularIP

Now for the machine outside your subnet -- there is no standard of the shelf application which does that, i tried to think if any ICMP message can do it, but as of now i think there is none. Well the way networking, rather layering is designed, this is a deliberately unwanted behavior. To escape or remove the information which is relevant to layers below the present, and as we across the networks IP is used, so no MAC.

See if you have cooperation at the other machine, you can write a small app, which encapsulates the the mac header and sends to you... ofcourse if u have cooperation from the other machine, why this much of effort a simple ifconfig -a does the job, that to for all the interfaces on that machine.


You can only "see" mac addresses of hosts that are on in the same subnet. Then, you can list all mac addresses using the arp command:

arp -a

or for a single IP address:

arp -a 192.168.0.1

Related

Linux fileserver storage pool
24TB RAID 6 configuration
Why do big Exchange installations require downtime for maintenance?
cat * | grep something... what file is the result in?
How can I add myself to my local sql server's windows authentication?
Counting Print totals
How visible is my /var/www to the outside world?
Why is Clonezilla faster than dd?
Why should iscsi traffic be isolated?
CA Certificate not trusted by Firefox
Windows SSH client
What are some informative and useful shell prompts? (Bash, csh, ksh, etc.)