The tcpdump utility may be used to get a listing of all MAC addresses on a network. Firstly we need to capture enough data.
(base) jason@jason-Lenovo-H50-55:~$ sudo tcpdump -i enp0s25 -en > log.txt |
Then press Control-c once enough data has been captured.
Then it is a simple matter to read the log file and get the listing of all MAC addresses on your network.
(base) jason@jason-Lenovo-H50-55:~$ cat log.txt | awk '{print $2}' | sort -u c8:14:51:5f:a9:47 d0:50:99:0d:ab:0f fc:34:97:a5:bc:7e |
This is a very simple networking trick, very useful. Below is another way of getting this information, I used tshark to read a Wireshark WiFI capture and I was able to get all MAC addresses on the network in a very large listing.
(base) jason@jason-Lenovo-H50-55:~/Documents$ tshark -nqr telstrawpa-01.cap -z endpoints,wlan ================================================================================ IEEE 802.11 Endpoints Filter:<No Filter> | Packets | | Bytes | | Tx Packets | | Tx Bytes | | Rx Packets | | Rx Bytes | e0:b9:e5:6e:d3:69 3146 80853 1441 51163 1705 29690 28:f0:76:73:7a:8e 1866 43922 1650 39885 216 4037 78:45:61:93:4b:56 785 34284 380 27677 405 6607 e0:b9:e5:6e:d3:68 675 164137 675 164137 0 0 f8:ab:05:cf:97:e1 628 12290 620 12210 8 80 01:00:5e:7f:ff:fa 427 179727 0 0 427 179727 cc:20:e8:71:1f:7f 287 5016 0 0 287 5016 04:00:00:96:d3:69 178 3560 0 0 178 3560 04:00:00:96:01:00 132 2636 0 0 132 2636 ff:ff:ff:ff:ff:ff 119 9626 0 0 119 9626 04:4b:ed:91:6a:83 114 1276 7 116 107 1160 68:64:4b:2a:10:18 110 7535 46 5979 64 1556 d0:4f:7e:56:74:7e 106 2112 0 0 106 2112 e8:61:7e:27:19:85 92 3319 22 1442 70 1877 00:9a:cd:67:01:68 62 620 0 0 62 620 f0:25:b7:fa:01:4a 62 8615 30 1293 32 7322 04:00:40:b1:d3:69 58 1142 0 0 58 1142 04:00:e0:ca:00:00 50 980 50 980 0 0 04:00:80:7a:00:00 48 930 0 0 48 930 04:00:a0:e4:00:00 46 900 46 900 0 0 04:00:e0:c8:00:00 37 740 0 0 37 740 05:00:c0:2f:03:00 32 518 0 0 32 518 05:00:c0:30:01:00 28 460 0 0 28 460 05:00:50:33:01:00 27 444 0 0 27 444 05:00:30:36:03:00 27 438 0 0 27 438 05:00:a0:32:03:00 25 406 0 0 25 406 05:00:a0:39:03:00 24 396 0 0 24 396 05:00:f0:38:03:00 23 380 0 0 23 380 05:00:10:36:01:00 22 364 0 0 22 364 05:00:d0:ad:01:00 18 270 0 0 18 270 04:00:c0:c7:00:00 18 288 0 0 18 288 8c:79:67:9a:44:4a 14 4998 0 0 14 4998 04:00:60:cc:00:00 14 280 14 280 0 0 04:00:70:cc:00:00 14 270 14 270 0 0 04:00:70:3c:00:00 14 230 14 230 0 0 01:00:5e:00:00:fb 13 2269 0 0 13 2269 05:10:c0:da:01:00 13 202 13 202 0 0 05:00:c0:37:01:00 13 214 0 0 13 214 d0:fc:cc:2b:30:84 12 130 0 0 12 130 04:00:70:5c:00:00 12 240 12 240 0 0 33:33:00:00:00:fb 12 2549 0 0 12 2549 05:00:90:ab:01:00 12 180 12 180 0 0 05:10:10:dd:01:00 12 138 0 0 12 138 30:59:b7:49:b8:98 11 3927 0 0 11 3927 0c:54:a5:30:25:e0 10 100 0 0 10 100 04:00:90:85:10:18 10 110 10 110 0 0 05:00:70:82:01:00 10 130 0 0 10 130 05:00:10:a6:01:00 10 118 0 0 10 118 fe:77:75:43:f6:98 10 3570 0 0 10 3570 05:00:10:7f:01:00 9 108 0 0 9 108 05:00:60:a2:01:00 9 138 9 138 0 0 05:00:80:aa:01:00 9 108 0 0 9 108 52:40:f7:c1:26:44 9 3213 0 0 9 3213 |
This is a very large listing indeed. A neat trick for parsing Wireshark captures.
Use it as shown below to capture Ethernet MAC addresses.
(base) jason@jason-Lenovo-H50-55:~/Documents$ tshark -nqr telstrawpa-01.cap -z endpoints,eth |