Hi everyone,
I’m currently working on a network setup on a Debian system with a direct 1:1 Ethernet connection (no switch in between). My goal is to use tcpdump to identify the MAC addresses of connected devices — without having to specify any IP addresses or IP ranges beforehand.
I understand that ARP packets contain MAC addresses, and I want to capture these live with tcpdump. However, I’m having trouble figuring out the correct filters and command line options to do this.
My questions:
- How can I use tcpdump to display only MAC addresses from ARP packets, without specifying IP addresses?
- Is there a way to filter the output so that only the MAC addresses are shown?
- If there are better tools or scripts that accomplish this task, I’d appreciate any recommendations.
I’ve tried running: sudo tcpdump -i eth0 arp -n -e, but the output is still quite verbose, and I’m not sure how to extract the MAC addresses easily.
Looking forward to your advice and help!
If you have a direct 1:1 Ethernet connection to another network end-point then presumably there can only be ONE other ethernet MAC address present on the network in addition to your own?
If the other end-point is running a configured IP network then won't a simple arp command on your 'workstation' machine identify the MAC address of the other system?
Statistics: Posted by B.Goode — Wed Jun 25, 2025 10:25 am