How to get IP address associated with MAC address

Started by Chris

I'm running version 3.1.6 64bit on Windows 10 (latest patches, system up to date). When I scan the network I see MAC addresses but I never see Client IP Addresses.

In the settings and preferences section I navigated to the Discovery tab and increased the IP scan attempts to 5, then to 10. Neither improved the situation.

I do not have a router, the switches are configured in flat isolated networks which are made visible to each other via a Fortinet firewall with rules allowing traffic to pass between them. This will be changing in the future but for now I'm trying to understand what IP addresses are living on a given port on the target switch. What am I doing wrong?
SoftPerfect Support forum - Ann avatar image
Ann

Re: How to get IP address associated with MAC address   01 June 2023, 10:28

It is important to bear in mind that switches typically don't provide any IP-level data because they operate on the data link layer (Layer 2) of the OSI model, primarily dealing with MAC addresses. This is why you are seeing MAC addresses but not client IP addresses when you perform a network scan.

Our Port Mapper receives only a list of switch ports and the connected MAC addresses from a switch. To map these MAC addresses to their corresponding IP addresses, it uses the ARP protocol to scan the entire local subnet if the network scanning feature is enabled on the Discovery tab in settings. This process creates a table correlating IP addresses with each MAC address. However, this operation is limited to the local subnet as routers do not forward ARP traffic between subnets.

Based on your network setup with a Fortinet firewall and a flat isolated network configuration, it is likely that your firewall doesn't allow ARP traffic to pass between subnets. This would prevent the Port Mapper from correlating MAC addresses with IP addresses in other subnets.

You can verify this hypothesis by using a network scanner to scan your entire IP range and check which IP addresses get resolved to MAC addresses. If the ARP traffic is indeed being blocked by your firewall, you would likely only see resolutions within your local subnet where the application is running.
Thanks for the explanation, I'll do as you suggest and report back with results.

Reply to this topic

Sometimes you can find a solution faster if you try the forum search, have a look at the knowledge base, or check the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • Write in English. If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 ********   **     **  **    **  **    **  **    ** 
 **     **  ***   ***   **  **   **   **    **  **  
 **     **  **** ****    ****    **  **      ****   
 ********   ** *** **     **     *****        **    
 **     **  **     **     **     **  **       **    
 **     **  **     **     **     **   **      **    
 ********   **     **     **     **    **     **    

Message: