In Internet Protocol (IP) networks, the MAC address of an interface corresponding to an IP address may be queried with the Address Resolution Protocol (ARP) for IPv4 and the Neighbor Discovery Protocol (NDP) for IPv6, relating OSI Layer 3 addresses to Layer 2 addresses. Let’s say you have the MAC address 60-30-d4-76-b8-c8 (which is a macOS device) and you want to know the IP. From the results shown above, you can map the MAC address to the IP address in the same line. The IP Address is 192.168.0.102 (which is in the same network segment) belongs to 60-30-d4-76-b8-c8.
How to find an IP address when you have the MAC address of the device.
4 Steps total
Before you block them I'd trace the MAC through your network and try and find the source (run through the MAC address table/port mapping on your switches). Maybe also port-scan and then capture some traffic from it, check your logs etc. Network Address Translation (NAT) forwards requests and data from the private IP addresses of individual devices to their online destination under the router’s public IP address. NAT firewalls block your local IP address from other computers on the internet, preventing unsolicited communication.
Step 1: Open the command prompt
Click the Windows 'Start' button and select 'Run.' In the textbox, type 'cmd' and click the 'Ok' button. This opens a DOS prompt.
Step 2: Familiarize yourself with arp
Type 'arp' in the command prompt. This gives you a list of options to use with the arp command.
Step 3: List all MAC addresses
Type 'arp -a' in the command prompt. This lists a number of MAC addresses with the associated IP addresses. Since you have the MAC address, scroll down the list to find the associated IP address. The MAC address is shown in the 'Physical Address' column with the IP address in the 'Internet Address' column. An example of a table record is in Step 4.
Step 4: Evaluate results
The following is an example of ARP output. The first column is the IP address. The second column is the MAC address, and the third is the type of IP assigned--static or dynamic.
Internet address Physical Address Type
192.168.0.1 01-a3-56-b5-ff-22 static
Block Mac Address Netgear
- How to Use a MAC Address to Find an IP Address
- DatilKrizz Jan 21, 2013 at 10:36pm
You've forgotten about one little thing: arp keeps mac<>ip association of recently contacted peers, so it's quite often not to find the mac<>ip association we're looking for, of machine that exists in the network. Prior to using arp -a it's wise to ping the host first.
- HabaneroTwon of An Jan 21, 2013 at 11:24pm
Used in conjunction with ping (thanks Krizz), this is a good basic walk through. I can't go wrong with these steps!
- CayenneSyldra Jan 22, 2013 at 03:17pm
I'm sorry but... if the thing is to find the IP address from the MAC, how will you ping the host first ?
- SerranoEnzeder Jan 22, 2013 at 04:37pm
I thought the aim of this exercise was to FIND an IP address. Doesn't using PING imply you already know the IP (or hostname) which makes ARP redundant? How do you PING a MAC?
Assuming no IP or hostname info, I have used a portscanner (like LanSpy or Zenmap) to get MAC > IP info. Currently my preferred method if the device isn't listed in Spiceworks :-)
There was a time when I was a baby admin and I didn't want to raise alarms by installing a scanner that I wrote a batch file (yes, that long ago) that PINGed every IP on a subnet, then immediately ran ARP redirecting output to a text file. But that depends on the device in question being set to respond to PING requests.
- Pimientochristian.mcghee Dec 23, 2013 at 03:47am
This does not work for any host on the other side of a router. Any hosts on the other side of the router will show the routers MAC address.
- Serrano@Greg Mar 11, 2014 at 03:11pm
I realize this is an old topic, but someone like myself may be looking for an answer. I became admin of a network with little over 200 devices, which none of the cabling was mapped. I was told I was responsible for the cabling, so I began looking for a way other than toning out all the cables. I was fortunate to have Cisco switches and Windows Server 2008. I was able to use the Cisco Network Assistant to grab MAC addresses and the port number, then in DHCP on the Server 2008 I could find the MAC and corresponding IP. Furthermore I could also get the computer name from DHCP and correlate that to which user was on the machine using PDQ inventory to see who was logged in to the machine. Most of this of course depends on the devices being in use. I've been able to create an accurate map of about 90% of my network without touching the cables.
- Pimientochristopherblouch Jun 4, 2014 at 05:08pm
I am interested in this thread, hopefully someone can help. There are 4 types of arp message: arp request, arp reply, rarp request, rarp reply. So, that being said, is it possible to manually send a rarp request? Sort of a arp based ping?There is arping, but we need rarping... if it exists. Of course, I understand that I can't arp outside my default gateway, but if there is a rarp request, how is it used inside the local network? Thanks to whatever guru can explain what we're missing.
- SerranoMaxwell Brotherwood Jul 18, 2014 at 10:07am
Great for finding an IP if you have the MAC address.
My instance where I found this useful was after updating the firmware on a switch remotely via TFTP, the IP of the switch would change (making pinging redundant, obviously). Trying a network scan over Spiceworks or rescanning the single device would not update the IP and I needed an alternate way to find it.
This method worked perfectly. Thank you. Hopefully this helps those trying to understand the purpose of this practice and how it was in-fact useful.
- Pimientorobertrobinson2 Aug 4, 2014 at 04:30pm
I understand the issues in attempting to use a MAC address to locate a device from outside of its local network.
What puzzles me is how Honeywell Total Connect does this with their WiFi connected thermostats. The hardware configuration is: a Honeywell WiFi thermostat that is WiFi connected to a Netgear N600 router which uses DHCP to assign an IP adddress. The router is connected to Comcast with a Motorola SB6120 modem. Comcast assigns a system wide (dynamic) IP. There is no static IP.
On initial setup, a WiFi connection is first established between the thermostat and the router. The thermostat's MAC and CRC and a username and password are entered into the Total Connect software setup. It is then possible to read or set thermostat values using Total Connect Web pages.
I know how to do this with a static IP or a DNS service that automatically tracks changes in dynamic IP addresses.
Does anyone understand how this works with Total Connect?
- TabascoJoe979 Sep 4, 2014 at 01:05pm
This post was extremely helpful, thanks itdownsouth :) I used show interface to find MAC addresses on our switches (reason for this is poor network documentation and mis-labeled switchports and wall jacks...). I took the MAC addresses that I could not locate the hosts or ip addresses for, ran arp -a to list the address<>mac list, then one by one, nbtstat -A for each IP address I matched a MAC to from the unlabeled ports. Tedious, but found 5 or 6 now (seeing hexadecimal thoughts now though...).
- TabascoJoe979 Sep 4, 2014 at 01:12pm
By the way, the reason this is working great for me is the lack of routers -- all switches, so if you have only one subnet like we do, this will do -- otherwise, you will probably need to login to the router or switch on the other side of the router to find MAC address tables on the other networks. You may not be able to see them all on the local host, as far as arp -a on the local host, but looking up the arp or hosts tables on switches and routers could be a possible solution for those with multiple subnets.
- JalapenoJay196 Oct 21, 2014 at 03:28pm
Use SuperScan to do a bulk ping of the entire network range. SuperScan 3 (I recommend) is a free tool by McAfee.
Then use arp -a Find '5c-d9-98' to get for example all ping nodes with a manufacturer of Asus.
- DatilWealthyEmu Mar 25, 2015 at 07:55pm
There's also this:
It should be able to find most devices on the network. You can specify the range to scan and scan across subnets. I won't try to share all the features because quite frankly I don't know them all.
- Pimientoamiruli Jul 4, 2015 at 10:18am
If you want you can ping the broadcast address to ping everyone on the network then do arp -a
- Pimientochrisdahlkvist Nov 23, 2015 at 09:56am
@RobertRobinson I'm the lead designer and project manager on the Honeywell systems.
I can tell you exactly how I designed it. It's actually quite simple. Nothing is sent back to the unit. The unit is allowed access to the Internet via your setup and the router. As long as the unit has permission to make an outbound connection it will work. What happens is the unit makes a report to the server. If it needs to make a request then it gives the server a unique key. The server puts any needed data in an xml (readable) and the thermostat (or quite a few other devices) hits that URL a few seconds later (the device told the server where it would pick up that info).
All your device needs is a simple read-only connection to the outside world. No need to download anything.
It's a VERY simple process that I developed back in 1992 when the Interwebs were still pretty new to most people. There were many processes built off of this simple idea (it was pretty cutting edge when I first designed it). Store and forward, offline browsing, push technology, etc. all are based on this simple technology.
Am I rich? Not even close. I was working on my PhD at the time and was hired by Honeywell to implement my design. I literally gave it away to the general public as is right.
I hope that clears it up for you. If not, feel free to contact me for more information.
Ip Address Block For Mac Shortcut
Block Mac Address Router
I Have a network at home with a PFSense firewall. I would like to use the Firewall rules or what to block internet access for one of these devices on the network? This is a cell phone and I want to turn it off during night time hours. The one that I want to block does not have a static IP address assigned, and I also know its MAC address. I just cant seem to be able to figure out how to create a rule that will effectively block internet access for that one device. But I still want that device to be able to access the network internally, such as network printers shared drives etc. I would like to use the MAC address to limit internet access. I don't wan't the person to know I am blocking them