Ping For Mac Address



  1. Ping Ip For Mac Address
  2. Ping Mac Address Cmd
  3. Ping Mac Address Windows
  4. Ping Mac Address Command

ARP Ping first pings an IP address on your LAN with a broadcast MAC address in the ARP packet. If an ARP response packet is received from the device, it continues to ping using the unicast ARP packet (by unicast we mean the target MAC address came from the first response to our broadcast). It helps to Ping the subnet's broadcast address (e.g. '10.1.1.255') to load the ARP table. (Small tip: When you see a large number of MAC addresses showing up on a single port, there's a switch on that port into which those MAC addresses are connected.

Ping Ip For Mac Address

Learning has never been so easy!

As a Network Administrator/Engineer you may be asked to find MAC addresses and/or IP Addresses, hopefully this can make your job a little bit easier. These commands work on most Cisco Switches and Routers but sometimes the commands can vary from device to device.

5 Steps total

Step 1: Connect to your Cisco Devices

Ping Mac Address Cmd

Find ip from mac addressPing

Connect to the Switch/Router by using a console cable or a terminal emulator like Putty or Secure CRT. If you are successful it should look something like this.

Ping Mac Address Windows

Step 2: Find The MAC Addresses

On the layer 2 device (switch) enter the username and password if needed. Next enter 'enable' mode on the switch by typing enable. Next type the command 'show mac address-table'. If successful it should look like the picture. It's worth noting that on some Cisco devices the command 'show mac-address-table' also works.

Step 3: Find the IP Address

On the layer 3 device ( L3 switch or router) in my case I am using a router, enter the username and password if needed. Next enter 'enable' mode on the router by typing enable. Next type 'show ip arp' if done correctly you should get an output similar to the picture.

Step 4: Filtering the results on a Router

Ping For Mac Address

In the example I have provided there were only 9 IP addresses. However in the real world there could be dozens or even hundreds of IP addresses. To help filter the results on a router type 'show ip arp ?' You will see gigabitethernet' as an option this will let you filter results by interface or sub-interfaces. In my exmaple it typed 'sho ip arp gigabitEthernet 0/0.10' and that listed all IP's on my sub-interface.

Ping for mac address

Step 5: Filtering the results on a Layer 3 Switch

As stated in Step 4, you will likely have more than 9 IP Addresses. This can be made worse in a messy closet with a 48 port switch running the closet and maybe even some layer 2 switches under that. Luckily in addition to being able to filter by interface you can also filter by VLAN. So type in 'show ip arp ?' and you will see 'vlan' as a listed filter. As you can see I typed in 'sho ip arp vlan 20' and it listed only those IP's in vlan 20. In this case it was the vlan interface and a PC.

I hope this guide was helpful for you. If you aren't sure about something or feel like I missed a step, please let me know.

9 Comments

Ping Mac Address Command

  • Anaheim
    GDBJNC Apr 27, 2018 at 01:15pm

    Great post.

    Another way to find that information is to first PING the address of the system you are looking for. Then issue:
    show arp | i .

    This will then show you the MAC address associated with the IP address.

    Then issue:
    show mac address-table | i

    This will give you the port that the device is currently connected.

  • Cayenne
    Jim6795 Apr 27, 2018 at 01:15pm

    Thanks for posting this *after* I finished a 'What's Connected Where' jihad on our network. :^D After beating Google to death over it, hoping for some useful tool, I ended up using exactly the same process (plus the online MAC address lookup to ID the device manufacturer), so I can affirm this works perfectly, if you work it.

    As you can see, the 'sh arp' or 'sh ip arp' commands also give you the MAC addresses, so essentially the 'sh mac add' is only to get the port in which the device is connected. It helps to Ping the subnet's broadcast address (e.g. '10.1.1.255') to load the ARP table. (Small tip: When you see a large number of MAC addresses showing up on a single port, there's a switch on that port into which those MAC addresses are connected. If you're all Cisco, 'show cdp neighbor' (or 'sh cdp nei') will get you to the next switch. Also, 'sh ip arp | i 0/24' will show just the MAC address(es) on that port.)

    The amazing thing to me is, this far into the 21st Century, this is still the only way I could find to get this information -- i.e. to find out what's connected where. Did I mention it's a *lot* of work?

    (ETA: What if you can't get to the Console port? How do you get the IP address of the switch in order to SSH or (if you must) Telnet in?)

  • Datil
    CrimsonKidA Apr 27, 2018 at 02:04pm

    Good stuff, thanks for posting this! My go-to Cisco command is: show ip interface brief (show ip int bri). Another thing I've learned that is very helpful (I'm still a noob with Cisco stuff) is tab-completion and using a '?' after the start of a command, such as 'show ?'

  • Cayenne
    Ed Rubin Apr 27, 2018 at 03:09pm

    Unfortunately dumping the mac table and working through it is the only way to reliably find stuff and identify its switch port. I've done a similar process with HP switches. One thing that helps a lot is an ip scanner application that does MAC vendor ID lookups for you. This can help with jim6795's problem of identifying an undocumented switch IP since you can look for the the switch maker's vendor ID and then try ssh or telnet, or http/https depending on the product.

  • Jalapeno
    TS79 Apr 27, 2018 at 06:53pm

    Spiceworks has the ability to harvest this information using SNMP and will create a map showing which device is on which switchport. It must have the correct MIB installed for your switch and you must configure SNMP. The feature could use some more work but basic components are there.

  • Jalapeno
    SadTech0 Apr 27, 2018 at 08:06pm

    Thanks for posting this *after* I finished a 'What's Connected Where' jihad on our network. :^D After beating Google to death over it, hoping for some useful tool, I ended up using exactly the same process (plus the online MAC address lookup to ID the device manufacturer), so I can affirm this works perfectly, if you work it.

    As you can see, the 'sh arp' or 'sh ip arp' commands also give you the MAC addresses, so essentially the 'sh mac add' is only to get the port in which the device is connected. It helps to Ping the subnet's broadcast address (e.g. '10.1.1.255') to load the ARP table. (Small tip: When you see a large number of MAC addresses showing up on a single port, there's a switch on that port into which those MAC addresses are connected. If you're all Cisco, 'show cdp neighbor' (or 'sh cdp nei') will get you to the next switch. Also, 'sh ip arp | i 0/24' will show just the MAC address(es) on that port.)

    The amazing thing to me is, this far into the 21st Century, this is still the only way I could find to get this information -- i.e. to find out what's connected where. Did I mention it's a *lot* of work?

    (ETA: What if you can't get to the Console port? How do you get the IP address of the switch in order to SSH or (if you must) Telnet in?)

    Couldn't you just use CDP? #show cdp nei detail will show you the ip of the connected devices.

  • Thai Pepper
    TaylorC Apr 27, 2018 at 08:45pm

    Hey everyone thanks for the great feed back, it's really cool having this featured. @SadTech0 if you cant to the console port and you don't know the IP Address you could use a tool like angry IP scanner and find the switch that way. CDP may or may not work depending on your network configuration and/or topology. Barring some major obstruction you should try to console in get the ip and start an inventory. Hope that helps.

  • Thai Pepper
    Todd_in_Nashville Apr 30, 2018 at 12:34pm

    Keep in mind, in some security minded environments, CDP may be disable if it's not needed. It's one of those things that give out unnecessary reconnaissance info to the bad guys. If one of your edge routers gets compromised, it can be used to start footprinting your internal network.

  • Thai Pepper
    John3367 Apr 30, 2018 at 08:51pm

    Great info..

    Another helpful thing you should add!

    SHOW INVENTORY ---> To show the SERIAL number of the Cisco device you are on.

    **I always use those commands you show to troublshoot. They are very helpful. I usually PING an IP address. then I type a 'show arp' and get its MAC address.. then I will type 'show mac-address table' which will show me which PORT the device is connected to!