How do I discover the MAC address of machines in a network?
I need to discover the machines that are available just with only BIOS installed (no Operating System present). And I need to find the mac address of such machines that are up.
I won't have physical access to the machines. this is for baremetal discovery!
Since the machines probably don't have IP addresses, I don't think you have a chance to actively query them. They would need to answer packets sent to the broadcast MAC and for e.g. ICMP echo requests, they'd need to send packets with something like 0.0.0.0 as a source IP. This is common and allowed for BOOTP/DHCP, but I haven't seen anything like this implemented by BIOSes yet.
Maybe just logging all MACs that go over the wire with a tool like arpwatch would help? If the machines have PXE booting enabled, you should at least see some DHCP DISCOVERs, before they leave into eternal silence.
You can use WinPcap to monitor the ethernet traffic on your network in the same collision domain. So you could learn all the mac addresses just as a switch does. You could also fake some dhcp messages in order to create some traffic. But this only works with PXE (which is actually made for this scenario) and in your own collision domain.
A just not as "nice" solution as the ones suggested above (working over a network is just comfortable):
If you have physical access to the machines: Plug in a monitor and look the MAC up in the BIOS. If by some reason the MAC isn't listed in the BIOS, you could enable PXE. After reboot, when PXE is initializing, you're going to see the MAC.