[CentOS] NMAP - reveal MAC address

Wed May 7 18:19:02 UTC 2008
John R Pierce <pierce at hogranch.com>

Tom Brown wrote:
> In CentOS 4 does anyone know the switches to get NMAP to reveal the 
> MAC of the host being scanned ?
>
> I cant seem to find it and i am using nmap-4.20 - i am sure this was 
> available somehow on older releases.

MAC address is only available on the same network segment... And, I've 
noticed hte newer versions of nmap only seem to show it if you run it as 
root....

$ sudo nmap -sP -n 192.168.0.0/24
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-06 23:30 PDT
Host 192.168.0.1 appears to be up.
MAC Address: 00:04:75:74:0B:3C (3 Com)
Host 192.168.0.2 appears to be up.
MAC Address: 00:14:85:89:3F:1B (Giga-Byte)
Host 192.168.0.3 appears to be up.
MAC Address: 00:07:E9:DE:CC:B7 (Intel)
Host 192.168.0.10 appears to be up.
Host 192.168.0.140 appears to be up.
MAC Address: 00:0E:35:C6:F1:95 (Intel)
Host 192.168.0.144 appears to be up.
MAC Address: 00:13:CE:67:DC:12 (Intel Corporate)
Host 192.168.0.251 appears to be up.
MAC Address: 00:0F:66:A0:58:ED (Cisco-Linksys)
Nmap finished: 256 IP addresses (7 hosts up) scanned in 6.576 seconds

vs...

$ nmap -sP -n 192.168.0.0/24
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-05-07 11:17 PDT
Host 192.168.0.1 appears to be up.
Host 192.168.0.2 appears to be up.
Host 192.168.0.3 appears to be up.
Host 192.168.0.10 appears to be up.
Host 192.168.0.251 appears to be up.
Nmap finished: 256 IP addresses (5 hosts up) scanned in 2.402 seconds
You have new mail in /var/spool/mail/pierce

$ nmap -V
Nmap version 4.11 ( http://www.insecure.org/nmap/ )