Inverse ARP lookup

Question

How can I do an inverse ARP lookup in Windows and/or Linux? Say that I have the MAC address of wireless access point which is up and running in the network, but I forgot it's IP address?

score 23 · Accepted Answer · answered Aug 25 '09 at 20:14

23

The easiest way to do this is to ping the broadcast address (ping -b [broadcast address) on your subnet (often .255), and then dump your arp table (arp -a on Linux), and you should find the MAC of the machine, along with its IP.

answered Aug 25 '09 at 20:14

Dentrasi

11,325

score 4 · Answer 2 · answered Feb 28 '13 at 07:48

Also you can use nmap this is utility for network discovery, in Ubuntu you can simply install it from command line: apt-get install nmap For ping scan network use: nmap -sP xx.xx.xx.xx/yy as a result you find all hosts in network. You can use other scan technics (if host not respond to ICMP ping) for scanning the network.

score 3 · Answer 3 · answered Feb 27 '18 at 19:33

Pinging the broadcast address only works for those things that respond to a broadcast ping, and not everything does. Another approach is to ping every address in the subnet, then review the ARP table.

In Windows, you can do this with:

for /l %i in (1,1,254) do ping -n 1 -w 50 192.168.0.%i

Basically, you are running ping in a 'for' loop. The arguments are thus:

/l -- causes 'for' to loop
%i -- incrementing variable
(start, increment, end) -- the start, increment, and ending values
-n -- number of packets to send
-w -- time in milliseconds to wait for a reply

After that completes, you can review the ARP table with

arp -a

Kind of a "brute force" method, but it works using existing tools. This usually will resolve hosts that don't respond to ping, as well.

score 3 · Answer 4 · answered Aug 25 '09 at 22:00

3

arping2 has an example arping-scan-net.sh which finds the IP address of a given mac address in a given network subnet. It works by scanning each ip address, so It works when broadcast pings are discarded (a very common situation)

answered Aug 25 '09 at 22:00

hayalci

1,722

score 2 · Answer 5 · answered Aug 25 '09 at 20:13

From a bad, bad place, written by scraig84:

Typically you would need to find it on one of your machine's arp tables. If there is a router in your network, this is usually the most central place to gather that type of info. On a cisco router, the command is "show arp" - it will give you a listing of the MAC addresses and their corresponding IP address. On a windows box, from a DOS prompt you can type "arp -a" to see similar output.

Inverse ARP lookup

5 Answers5