Nmap not retrieving MAC address and Vendor

Question

I've found a strange behaviour in Nmap (I am using version 5.51 if that matters but I have the same issue with version 5.00), on some networks this plugin does not retrieve MAC address and, consequently, Vendor. The strange thing is that it retrieves almost everything like operating system and so on but it does not print the MAC address. How is that possible? This is the command I use usually:

nmap -A -O 192.168.1.0/24 -oX mynetwork.xml

Answer 1

Nmap can only retrieve the MAC address if you are scanning hosts on the local subnet, directly reachable via layer 2 (ethernet or wifi). When you scan hosts across a router (default gateway), your scanning host will talk to the router on layer 2 when sending/receiving layer 3 packets, and thus, Nmap would only be able to see the router's MAC address, but not the destination host MAC address.

(While it is technically possible under some circumstances to determine the MAC address of a non-local host through protocols such NetBIOS, SNMP etc., and there are NSE scripts for that purpose, Nmap does not generally do that.)

Answer 2

The MAC address is only displayed when the scan is run with root privilege, so be sure to use sudo. As a diagnostic step, try doing a simple ping sweep (sudo nmap -sn 192.168.1.0/24), then immediately check your ARP cache (arp -an). If you don't see a lot of <incomplete>s, then Nmap isn't scanning your subnet properly. If you see 256 <incomplete>, and no MAC addresses, then something is wrong with your network setup, since you aren't seeing ARP responses to the requests Nmap is generating.

Answer 3

I was also having a lack of MAC address and vendor reporting with version 5.61TEST5, but I just installed version 6.00 and all seems to be working again, so you may want to try that now.