- Method 1
If you have NT’s Resource Kit, it includes getmac.exe which will query NT boxes for this information.
I don’t know if getmac works when querying Win9x. If you enter getmac
without parameters, it looks at the local nics. For example:
The obvious limitation is that its a Microsoft-centric utility.
C:\>getmacTransport Address Transport Name
—————– ————–
00-50-DA-BD-0F-BC \Device\NwlnkNb
00-50-DA-BD-0F-BC \Device\Nbf_El90x1
00-50-DA-BD-0F-BC \Device\NetBT_El90x1
Will it successfully query nics used by linux or other OSs? No. To see available
commandline options, type getmac /? which will display:Displays Network Transports and Address Information
GETMAC [\\computername] or [computername.domain.com]
You can use the following batch files as starting points for grabbing mac
addresses from NT boxes.
getmaclist.bat :
A little explanation:date /t > allmacs.txt
time /t >> allmacs.txt
net view | find “\\” > maclist.txt
for /f %%a in (‘type maclist.txt’) do call getmacadr %%a
date /t > allmacs.txt create file
allmacs.txt and write current date to file
time /t
>> allmacs.txt add line with current
time to file allmacs.txt
net view | find “\\” >
maclist.txt get lists of domain members the
PC is a member of and write results to file maclist.txt
for
/f %%a in (‘type maclist.txt’) do call getmacadr %%a reads maclist.txt and sends each line(hostname) to be processed
by batch file getmacadr sending it hostname as parm %%a
getmacadr.bat is a oneline batch file:
getmac %1 >> allmacs.txt
which calls the reskit utility getmac with parm of hostfrom_maclist.txt and
writes the results out to allmacs.txt.
This is fairly primitive DOS style scripting resulting is an unprocessed raw
listing. Its a starting point. If you need to move the information into access
or sql, consider using a powerful scripting language like perl. Additional
comments:
net view takes the /domain: parm, so getmaclist.bat
can be extended to get list of active hosts in a domain as in:net view /domain:workgroup | find “\\” > maclist.txt
net view /domain:your_acct_domain | find “\\” >> maclist.txt
net view /domain:resourcedom1 | find “\\” >> maclist.txt et cetera
- Method 2
ping broadcast mask
arp -a
The Windows
NT FAQ site documents a way to use this approach which gets around the
limited functionality of NT’s ping. Search their site using keyword arp to find the specific article. Arp has the advantage that
it works if the nic has ip loaded.
- Method 3
nbtstat -a machinename
-or-
nbtstat -A
ipadress
nbtstat is a Microsoft targeted utility working against NT, W2K, and
Win9x hosts. If your site uses, DHCP:
- Method 4
dhcpcmd <DHCP server> enumclients
<sub-net address> -h
dhcpcmd is a Windows NT Resource Kit utility. -h specifies detailed
hardware info (i.e. MAC address)
- Method 5
Probably the best method is to pull the mac data from your
routers using an snmp utility or from a network sniffer (assuming the sniffer is
on a backbone segment where it can sniff packets from most devices).
If your issue is to control the MAC address of your own NT workstation:
For most NICs, navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<NICDriver<X>>\NetworkAddress
where <NICDriver<X>> is the name of the driver
for your NIC plus a number (usually 1). From there you would set the value of
NetworkAddress to whatever you want your MAC address to be. Deleting the key or
setting the value to an empty string will cause the MAC address to default to
the Hardware address.
For Compaq network adapters:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\000<x>\
NetworkAddress
where <x> is the number of the network adapter.
For Windows 2000, Microsoft used a variant of Compaq’s approach:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\<One
Big number>\<One Little Number>\NetworkAddress
where <One Big number> is some kind of driver ID and
<One Little Number> is the NIC’s sequential number within the system.
