|
Scanning a network for MAC addresses
Hello, we have an issue right now with our network. Some box (Windoze) has a worm on it that keeps forging IP addresses and spamming the rest of the network. We have determined the MAC address of the box, but that is all. Are there any Linux tools that will let me scan a subnet of IP addresses, and will then return the MACs of those hosts? Can Nmap do this? I'm pretty sure it can't, just thought I'd ask. Any ideas for a good shell script?
Thanks for any info, Linuxpyro |
You can use arping to "ping" a specific MAC address. It will return the IP address of that computer.
You could run a ping sweep on your local LAN (same subnet) and then check you arp cache to see the MAC addresses of all the PCs that replied to your ping sweep. Since you are looking for a specific MAC, there is no point in sweeping a remote subnet, because they will all be mapped to you gateway's MAC. You can use nmap to do a ping sweep. nmap -sP 192.168.0.* To check your arp cache: arp -a |
| All times are GMT -5. The time now is 06:38 PM. |