Can I determine the current IP from a known MAC Address?

Question

I have a shell script which uses etherwake to wake up a machine on my local network. After the machine is awake, I'm not sure of the IP address.

While trying to answer my own question I came up with:

ip=$(ping -c 1 hostname | head -1 | awk '{print $3}' | sed 's/[()]//g')

This solution stipulates that I know the hostname of the remote machine, which isn't so onerous.

Is there a way to get the IP if all I know is the MAC address?

Answer 1

I don't think there is a single command to do this. One hack would be to do a ping scan or a broadcast ping on the subnet and then query the arp table for the IP address of the MAC address. Obviously not an ideal solution. Example:

nmap -sP 192.168.1.0/24 >/dev/null && arp -an | grep <mac address here> | awk '{print $2}' | sed 's/[()]//g'

Here nmap will do a ping scan and populate your arp cache. Once the scan is done, the arp command can be used to print the arp table and then you pull out the IP address with grep/awk. You could try replacing nmap with a broadcast ping, but that probably isn't as reliable.

Answer 2

我会简单地使用

ip neighbor | grep "00:1E:C9:56:3C:8E" | cut -d" " -f1

Answer 3

The other methods presented here were unreliable, eg the output of ip neighbor did not always contain the most recent state, so I ended up re-scanning the network using arp-scan , and hence I simply used the output of the scanning to obtain the IP address for a given MAC address.

For scanning a single network interface, simply use this:

arp-scan -q -l --interface en4 2>/dev/null | grep "00:1E:C9:56:3C:8E" | cut -d$'\t' -f1

The following command scans multiple network interfaces at once:

{ arp-scan -q -l --interface en0 2>/dev/null & arp-scan -q -l --interface en4 2>/dev/null } | grep "00:1E:C9:56:3C:8E" | cut -d$'\t' -f1

Answer 4

You could try the arp command and grep by mac address

arp -a | grep "00:00:00:00:00:00"

(replace with your own mac addr)

Answer 5

I wrote a python module that can do this:

>>> from ethip import ethip
>>> print ethip.getip('00:1E:C9:56:3C:8E', '10.5.42.255')
10.5.42.3

I just makes rapid arp requests to find the ip, then caches what it finds. The code is on github.

Answer 6

I know is old, but the simplest way in linux is:

arp -a | grep "00:1E:C9:56:3C:8E"

The point of this is to ignore if is connected in one or another network meanwhile each device can see each other.

Answer 7

Neal's answer takes indeed too long. I had to get it work with a 60k+ IPs range. The trick to make this work is to check arp table after each ping. This also fixes the root problem : no need. I did it in Java (see threadedScan() here ) because I was on windows and needed a solution which wouldn't spawn thousands of cmd prompts while trying to ping with start command. And it works faster (~10 sec for my 60k range) with a fixedThreadPool.