Can I Check The Mac Address On DHCP From My Command Line

One thought on - Can I Check The Mac Address On DHCP From My Command Line

Checking the arp table on your Linux host is what you want to do.

As long as there’s steady traffic from the hosts, they’ll show up in the arp table. What I normally do when I’m locating a host via the Layer2
address (IP phone, etc) is to ping the broadcast address. From there the hosts on that Layer2 segment respond back and you have them in your arp table. If you were to use a continuous ping, you’ll find the ping utility tells you there were DUPs (duplicate packets) as there should be since you have multiple hosts replying back.

Say your subnet is 192.168.1.0/24 (255.255.255.0 netmask)
ping 192.168.1.255 -b -c1

From there you can grep the arp table:
Since you’ll know the interface that subnet is off of:
arp -i ethX | grep 00:11:22:33:44:55
Or you could grep through the entire arp table:
arp -a | grep 00:11:22:33:44:55

There is no guarantee that pinging the broadcast address will work all the time [0], so your other option is to run ping in a loop [1] or use nmap to ping sweep [2].

[0] http://reggle.wordpress.com/2011/09/14/broadcast-pings-do-they-work/
[1] http://www.commandlinefu.com/commands/view/3144/ping-sweep-without-nmap
[2] http://nmap.org/book/man-host-discovery.html

Some of your hosts may not have recent traffic, so their arp entry(ies) on your host became stale and were removed.

I’ve found it useful to run tcpdump (while I’m connected to the same Layer2
network) and watch for multicast traffic (ex: igmp) from hosts when they’re booting especially. That has helped me determine addresses on HP Jet Direct printer cards and various other devices.

SilverTip257 says:

October 8, 2014 at 7:13 pm

Checking the arp table on your Linux host is what you want to do.

As long as there’s steady traffic from the hosts, they’ll show up in the arp table. What I normally do when I’m locating a host via the Layer2
address (IP phone, etc) is to ping the broadcast address. From there the hosts on that Layer2 segment respond back and you have them in your arp table. If you were to use a continuous ping, you’ll find the ping utility tells you there were DUPs (duplicate packets) as there should be since you have multiple hosts replying back.

Say your subnet is 192.168.1.0/24 (255.255.255.0 netmask)
ping 192.168.1.255 -b -c1

From there you can grep the arp table:
Since you’ll know the interface that subnet is off of:
arp -i ethX | grep 00:11:22:33:44:55
Or you could grep through the entire arp table:
arp -a | grep 00:11:22:33:44:55

There is no guarantee that pinging the broadcast address will work all the time [0], so your other option is to run ping in a loop [1] or use nmap to ping sweep [2].

[0] http://reggle.wordpress.com/2011/09/14/broadcast-pings-do-they-work/
[1] http://www.commandlinefu.com/commands/view/3144/ping-sweep-without-nmap
[2] http://nmap.org/book/man-host-discovery.html

Some of your hosts may not have recent traffic, so their arp entry(ies) on your host became stale and were removed.

I’ve found it useful to run tcpdump (while I’m connected to the same Layer2
network) and watch for multicast traffic (ex: igmp) from hosts when they’re booting especially. That has helped me determine addresses on HP Jet Direct printer cards and various other devices.

Can I Check The Mac Address On DHCP From My Command Line

One thought on - Can I Check The Mac Address On DHCP From My Command Line

Recommended

Recent Posts

Recent Comments

Archives

Categories

Meta