Great question! Using DHCP absolutely works for this, but there are even more efficient approaches that better fit your broader goal of mapping specific MAC addresses to their corresponding IPs on the LAN. Let’s walk through your options step by step:

Since your DHCP server assigns consistent IPs to the same MAC addresses, checking its lease database is a straightforward and reliable method. Most DHCP servers track active (and even expired) leases that directly tie MACs to IPs.

• Linux DHCP Servers (dhcpd)
  Lease files are typically stored at /var/lib/dhcp/dhcpd.leases. Use grep to pull the lease entry for your target MAC:

  grep -A 6 -B 2 "XX:XX:XX:XX:XX:XX" /var/lib/dhcp/dhcpd.leases
  

  This command returns the full lease block, including the assigned IP address.

• Windows DHCP Servers
  Use PowerShell to query the DHCP server directly (replace DHCP-SERVER-NAME and adjust the MAC format to use hyphens):

  Get-DhcpServerv4Lease -ComputerName "DHCP-SERVER-NAME" | Where-Object { $_.ClientId -eq "XX-XX-XX-XX-XX-XX" }
  

As for sending a custom DHCP request with the target MAC: while technically possible (you’d need to craft a DHCPDISCOVER packet spoofing the MAC), this is overkill. It requires elevated permissions, and if the device is already on the network, its lease is already logged in the DHCP server. Querying the server directly is far simpler.

If you need real-time, efficient lookups (especially for multiple devices), these methods are better suited:

• ARP Cache Scanning
  Every device on the LAN maintains an ARP cache of recently communicated devices. First, populate the cache by pinging the entire subnet, then search for your target MAC:

  • Linux/macOS:

    # Ping the subnet to trigger ARP requests (use fping for faster results, requires root)
    fping -g 192.168.1.0/24 -c 1
    # Search the ARP table
    arp -a | grep "XX:XX:XX:XX:XX:XX"
    

  • Windows:

    # Broadcast ping to populate ARP cache
    ping -n 1 192.168.1.255
    # Search the ARP table
    arp -a | findstr "XX-XX-XX-XX-XX-XX"
    

• Network Scanning with nmap
  nmap is perfect for bulk scanning. The -sn flag skips port scanning and focuses on host discovery, listing every online device’s IP and MAC:

  nmap -sn 192.168.1.0/24 | grep -B 2 "XX:XX:XX:XX:XX:XX"
  

  This returns the IP address associated with your target MAC in seconds.

• SNMP Query (Managed Networks)
  If you have managed switches, query their MAC address table via SNMP for the most accurate network-wide view. This works because switches track every connected device’s MAC and port:

  snmpwalk -v2c -c public SWITCH-IP 1.3.6.1.2.1.17.4.3.1.2 | grep "XX:XX:XX:XX:XX:XX"
  

  The OID used here targets the switch’s MAC address table, and results will include the corresponding IP if the device is active.

• Use DHCP lease queries if you control the DHCP server and need to confirm IPs for devices that might be offline (as long as they have a valid lease).
• Go for ARP + nmap if you need fast, real-time results for online devices—no server permissions required.
• Use SNMP for enterprise networks where you need a complete, accurate map of all connected devices via managed switches.

内容的提问来源于stack exchange，提问作者Duke Dougal