Get IP From Mac Address With Nmap Command on Linux?

Question

Given the following Nmap output, how can I extract the IP address which matches a particular MAC address?

Nmap scan report for 10.0.0.2
Host is up (0.0011s latency).
MAC Address: 00:02:CF:E2:52:4E (ZyGate Communications)
Nmap scan report for 10.0.0.9
Host is up (0.015s latency).
MAC Address: 1C:18:4A:08:88:48 (Unknown)
Nmap scan report for 10.0.0.35
Host is up (0.019s latency).
MAC Address: B8:B4:2E:F9:2B:B1 (Unknown)
Nmap scan report for 10.0.0.40
Host is up (0.00036s latency).
MAC Address: 00:25:11:2C:F6:9C (Elitegroup Computer System )

I would like a pipeline something like this, but it doesn't work:

nmap -sP 10.0.0.0-255 | grep 00:25:11 | awk '{print IP ADDRESS}'

Answer 1

this may help;

nmap -sP....|awk -v mac="00:25:11" '/report for/{ip=$5}$0~mac{print ip}'

You just change the mac="00:25:11" part to do different MAC filtering.

If you test this line on your example, it output:

10.0.0.40

Answer 2

Well, for one thing - what's the question/problem really?!

In general, you can't get or resolve IP from MAC or vice versa. You can try to build up a database of recently found IP+MAC matches, but this pair is independent. MAC spoofing and moving laptops/smartphones can be helpful to imagine. Device has MAC, but ISP provides IP. There's no way to resolve one from the other. You get this info usualy inside TCP/IP packets.