Subscribe to Windows IT Pro
December 14, 1999 12:00 AM

How can I get a list of MAC to IP addresses on the network?

John Savill
Windows IT Pro
InstantDoc ID #14462
Rating: (100)

A. A. An easy way to get a list of MAC to IP addresses on the local subnet is to ping every host on the subnet and then check you ARP cache, however pinging every individual node would take ages and the entries only stay in the ARP cache for 2 minutes. An alternative is to ping the broadcast mask of your subnet which will ping every host on the local subnet (you can't ping the entire network as you only communicate directly with nodes on the same subnet, all other requests are via the gateway so you would just get a ARP entry for the gateway).

What is the broadcast mask? The broadcast mask is easy to calculate if the subnet mask is in the format 255.255.255.0 or 255.255.0.0 etc. (multiples of 8 bits). For example if the IP address was 134.189.23.42 and the subnet mask was 255.255.0.0 the broadcast mask would be 134.189.255.255, where 255 is in the subnet mask the number from the IP address is copied over, where 0 it is replaced with 255, basically the network id part is kept. If the subnet mask is not the basic 255.255 format, you should use the following, all you need is the IP address and the subnet mask

  1. For each bit set to 1 in the subnet mask, copy the corresponding but from the IP address to the broadcast mask
  2. For each bit set to 0 in the subnet mask, copy a 1 into the corresponding bit of the broadcast mask

for example, IP address 158.234.24.98 and subnet mask 255.255.248.0

Network

Host
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0
1 0 0 1 1 1 1 0 1 1 1 0 1 0 1 0 0 0 0 1 1 0 0 0 0 1 1 0 0 0 1 0
1 0 0 1 1 1 1 0 1 1 1 0 1 0 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1

Byte 1

Byte 2

Byte 3

Byte 4

The first row is the subnet mask 255.255.248.0, the second row the IP address 158.234.24.98 and the third row is the broadcast mask, 158.234.31.255.

To get the MAC to IP addresses, you would therefore perform the following

ping <broadcast mask>
arp -a

Voila, a list of IP addresses and their MAC address (you can add > filename to get the list to a file, e.g. arp -a > iptomac.lst). You could repeat this exercise on the various subnets of your organization.

Unfortunatly due to limitations in NT's implementation of PING the above will not work correctly so put the following into a file

REM arpping.bat
ping -n 1 -l 1 %1.%2
arp -a %1.%2

You can then call the batch file as follows:

C:\> for /l %i in (1,1,254) do arpping 160.82.220 %i

In this case it would generate a list of all MAC to IP addresses for 160.82.220.1 to 160.82.220.254. Again you could put this all in a file, redirect to a file and then search, e.g.

REM test.bat
for /l %%i in (1,1,254) do arpping.bat 160.82.220 %%i

Notice you have to use two %%. You could run as

C:\> test.bat > file.txt

Then search listing.txt for (example) dynamic

C:\> findstr dynamic file.txt
160.82.220.1 00-00-0c-60-8b-41 dynamic
160.82.220.9 00-60-97-4b-bf-4c dynamic
160.82.220.13 00-10-4b-49-94-e1 dynamic
160.82.220.17 00-80-5f-d8-a4-8b dynamic
160.82.220.22 00-a0-d1-02-a4-cf dynamic
160.82.220.25 00-60-08-75-0d-7a dynamic
160.82.220.26 00-10-4b-44-e4-73 dynamic
160.82.220.33 00-10-4b-44-d6-33 dynamic
160.82.220.34 00-10-4b-4e-67-6a dynamic
160.82.220.35 00-60-97-4b-c4-53 dynamic
160.82.220.39 00-10-4b-44-eb-ae dynamic
160.82.220.41 00-10-4b-49-7b-f7 dynamic
160.82.220.42 00-00-f8-21-7a-7f dynamic
160.82.220.43 08-00-20-88-82-57 dynamic
160.82.220.221 00-80-5f-88-d0-55 dynamic

You can consolidate the last couple of steps so you just create arpping.bat as before then just issue command:

C:\&gt;<b>for /l %i in (1,1,254) do arpping.bat 10.129.210 %i |findstr dynamic</b><br><br>
C:\&gt;arpping.bat 10.129.210 1   | findstr dynamic<br>
  10.129.210.1          00-08-c7-d3-24-f5     dynamic<br><br>
C:\&gt;arpping.bat 10.129.210 2   | findstr dynamic<br>
  10.129.210.2          00-08-c7-df-81-60     dynamic<br><br>
C:\&gt;arpping.bat 10.129.210 3   | findstr dynamic<br>
  10.129.210.3          00-80-5f-9b-ea-93     dynamic<br><br>
C:\&gt;arpping.bat 10.129.210 4   | findstr dynamic<br>
  10.129.210.4          00-80-5f-9b-36-ea     dynamic<br><br>
C:\&gt;arpping.bat 10.129.210 5   | findstr dynamic<br>
  10.129.210.5          00-04-ac-37-78-92     dynamic<br><br>
C:\&gt;arpping.bat 10.129.210 6   | findstr dynamic

Notice we only use one % as we are not in a batch file and it automatically only lists found entires or you can use a combination of the different methods to match your exact needs.

Related Content:

ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • Watts
    1 year ago
    Jan 20, 2011

    From what I can tell,this only works on the subnet to which you are attached. Trying to resolve through a router doesn't produce results since mac addresses don't route, correct?

    To the poster who stated: "Great! Would be better if I could scan a larger range though, like 192.168.24.1-192.168.26.254"

    It seems to me you can make it scan a larger network by telling the command
    for /l %%i in (1,1,252) do arpping.bat 192.268.24 %%i Someone correct me if I'm wrong on this nearly 11 year old thread! Ha!

  • Robert Stanley
    2 years ago
    May 20, 2010

    This is simple easy and really a great help for me. Thank you ! Thank you!

  • Anonymous User
    7 years ago
    Aug 31, 2005

    GR8

  • Anonymous User
    7 years ago
    Jun 13, 2005

    THX a lot!! Ive been looking for at way to get the mac address of my network!

  • Anonymous User
    7 years ago
    May 27, 2005

    Great, simple and usefull, thanks.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.