Hi.
From my linux box (Fedora core 4) I would like to get some of the connected computers mac-address.
I'm not using Wireless lan.

These computers are connected to my computer with a client talking udp. I allso know their ip-address of course.

I haven't got netstat to show me mac-address, so I guess I have to use another tool?

Thanx

You could install Ethereal and its GUI, then capture the packets of the traffic between your boxes and then look at the Ethernet II headers of the packets.

P.S. Or ssh into the machines and do a ifconfig -a.

You could install Ethereal and its GUI, then capture the packets of the traffic between your boxes and then look at the Ethernet II headers of the packets.

P.S. Or ssh into the machines and do a ifconfig -a.

Thanks, that worked. I wish there where a simpler way to do it though.
And the ssh-thingy doesn't work that well on windows-clients.... :P

arp is your firend here

as root:
arp <enter>
output will show you what IP addys are associated with what MAC addys.

for example, this machine I'm no now shows:

[root@mobile-1 ~]# arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.15 ether 00:50:DA:0B:EE:B4 C eth0
192.168.0.1 ether 00:11:95:08:25:F6 C eth0

To ensure everything on your LAN is in the arp table, ping each box on the LAN first or run a 'ping sweep' with something like nmap. Yea, entries are automagikly added to the arp table only if needed.

Hey Zotter, thanks for reminding me, I so totally forgot...LOL... on win it's 'arp -a'

arp only shows me my gateway. I have around 20-40 machines connected trough udp, but none of those shows with arp.


[root@www2 ~]# arp
Address HWtype HWaddress Flags Mask Iface
gw-xxx ether 00:00:0C:07:AA:11 C eth0

Did ya do the ping thingy?

yes, first the ordinary "ping" with no effect.
Then I tired arping, but then I found that my client got the same mac-address as the GW.
Maybe the switch my server is connected to don't forward the mac-address, and all I get is my switch??

More'n welcome Zig. Somedays I need a reference library just to know what to look up <g>.

Staal - Zig's right. Entries are only made to the arp table when that particular machine needs or has recently needed to know how to talk to some other machine. If your PC never talks to 'Joe', there'll be no entry for Joe in the arp table.

So, to see the MAC addies on all the running gear on your LAN (PCs, print servres, jet directs, routers, etc), first PING every IP on the LAN. This'll also help by letting you know if what you expect to be reachable realy is reachable.

Ping isn't the only way - just one of the more convienient. This will force your machine's IP sub-system to send an 'arp request' for every IP it wants to ping. Basicly it broadcasts out a request for the MAC addy for every IP it wants to hit. If that addy is up, an arp reply will come back and an appropriate entry entered into the arp table. That reply will tell your systems IP stack how to get it's 'ping request' to any particular IP addy over the ethernet media. OK, maybe more theory than help there.....

nmap is good for this. if you don't have it yet, 'yum -y install nmap' will fix that. For an IP network 192.168.0.0\24 - you can use this: nmap -sP -PI -T5 192.168.0.1-254 That'll ping sweep the IP range using 'insane' throttling (fastest). Nice thing is, even if 'Joe' dosen't answer an echo request, his MAC addy will still show up in the arp table, again, assuming Joe is powered up.

Soon as it's done, run arp - you'll see a MAC addy for every running IP that particular machine can reach on that LAN. As well, you'll see (incomplete) for those that either don't exist or are powered off.

yes, first the ordinary "ping" with no effect.
Then I tired arping, but then I found that my client got the same mac-address as the GW.
Maybe the switch my server is connected to don't forward the mac-address, and all I get is my switch??

Only if your switch is bad broke

arp only shows me my gateway. I have around 20-40 machines connected trough udp, but none of those shows with arp.


What exactly do you mean connected through udp? Are the machines you are pinging in the same subnet?

What exactly do you mean connected through udp? Are the machines you are pinging in the same subnet?

Nope. This is WAN not LAN.
So I just figured that is the reason.

Thanks all.

HEY!! Found a new way to do this - try it:

[root@Tux ~]# ip neigh
10.66.255.63 dev eth0 lladdr 00:14:c2:50:ca:e1 REACHABLE
10.66.255.253 dev eth0 lladdr 00:20:e0:0e:9e:41 REACHABLE
10.66.255.110 dev eth0 lladdr 00:a0:cc:da:14:7e STALE
10.66.255.74 dev eth0 lladdr 00:e0:4c:d3:ba:af STALE
10.66.255.202 dev eth0 lladdr 00:50:8b:d9:2a:d2 STALE

gives ya MAC addys wether you've pinged 'em or not.

Works with neighbors that have recently communicated with your machine on the local network, as the arp cache/table gets flushed periodically.