Can I use nmap to discover IPs and mac addresses?

Using nmap a lot of info can be found..

nmap -A -v -v 192.168.1.0/24 gives a lot of information, even SO in some cases

nmap -sn 192.168.1.0/24 gives the MAC and IP addresses. Very Useful too

sudo nmap -PU 192.168.1.0/24 explains every IP address

The following command with nmap with root privilegies (or using sudo):

sudo nmap -sP 172.31.201.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

results in:

172.31.201.80 => 00:50:56:AF:56:FB
172.31.201.97 => 00:26:73:78:51:42
server1.company.internal.local => 3C:D9:2B:70:BC:99
...

This commands scans all IP addresses in a range and shows the MAC address of each IP address. It does this in a greppable format, or in other words; displays IP and MAC address on a single line. Thats handy if you want to export to Excel or run a grep on it.

nmap -n -sP 10.0.3.0/24 | awk '/Nmap scan report/{printf $5;printf " ";getline;getline;print $3;}'

It seems to also work for IP's/MAC's which are not already in the hosts ARP table. That's a good thing.

The command results in:

10.0.3.100 B8:27:EB:8E:C5:51
10.0.3.101 00:26:B6:E1:4B:EB
10.0.3.112 00:01:29:02:55:25
etc..

You can use the Ping scans, which start with the P-flag. However, I personally use -sL for this job.

http://nmap.org/book/man-host-discovery.html

Adding to antonio-saco's response. I wanted to also list the vendor as well to the output. To do that you want to print the 3rd index (MAC address) to the end of the line.

sudo nmap -sn 10.10.10.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "substr($0, index($0,$3)) }' | sort

Results in:

10.10.10.24 => B0:5A:DA:EB:2A:C4 (Hewlett Packard)