Short story: outside of your immediate LAN you can't get the MAC of the originator.

Longer version :-) Because of the way that the internet was designed and the way that the IP protocol works, you wouldn't be able to find a mac address of someone unless you were local to them. Using the arp table useful but only up to a certain point. The mac address is put into the IP packet at the 2nd level of the OSI model once you go out through a router the mac address of the reported packet is changed, and is changed each and every time. Think of the mac as a "Return to most recent handler" address, rather than a "Return to sender" address. You send out a packet and it goes across the country, and goes through 5 routers, the mac address on the packet will change each and every time it goes through a router, whereas the IP address won't.

Example: Machine A sends a packet to Machine B, and it passes through Firewall C and Router D. The packet does this:

• Machine A sends the packet to Firewall C,
• Firewall C looks for the quickest route to machine B, it determines that Router D is the closest to it, so it repackages the packet with its own mac address (since that is where D will send a response to if it cant get to machine B) and sends it on to D.....
• D does the exact same thing and sends the packet to B.
• Once Machine B receives the packet the mac address that is reported is for Router D, however the IP address still points to Machine A, and that's how B knows where to reply to.
• On the way back from B to A the process repeats.