Doing a Network Reconnaissance helps network managers improve security by identifying weak devices that can be potentially breached. It can also allow managers to maintain a detailed and updated diagram of the network.
The network reconnaissance is basically identifying live hosts and scanning ports and services. When testing security, or even hacking, port scanning becomes one of the most essential steps of a successful network exploration.
It basically helps identify open and vulnerable ports and protocols that are being used in the network. Port Scanning software helps managers, testers, and hackers create a profile and gain intelligence about a target organization all while ensuring Access to critical systems and services are managed correctly.
Here is our list of the eleven best free IP and Port Scanners for open ports, IP addresses and service scanning:
- SolarWinds Open Port Scanner with Engineer's Toolset – EDITOR'S CHOICE This port scanner is part of a suite of more than 60 network management tools and is very easy to use. Runs on Windows and Windows Server. Start 14-day free trial.
- Paessler PRTG – FREE TRIAL This package of monitoring for networks, servers, and applications includes an IP scanner and is free to use. Runs on Windows Server. Start a 30-day free trial and get unlimited free use for up to 100 sensors.
- ManageEngine OpUtils – FREE TRIAL A package of free network monitoring tools that includes a Ping-based network scanner, and a MAC address resolver. Available for Windows Server and Linux. Start a 30-day free trial.
- Nmap A command-line utility that includes a range of network management tools, including IP address management features and a port scanner. Available for Windows, macOS, and Linux.
- Advanced IP Scanner A suite of network exploration tools, including a port scanner as well as an IP scanner, that has more than 53 million users. Installs on Windows.
- Angry IP Scanner A free network address monitoring utility that includes IP management functions and a port scanning service. Available for Windows, macOS, and Linux.
- Free IP Scanner by Eusing this tool searches a network, working through each IP address in a given range, reporting on whether or not that address is in use. It can also be used as a port scanner. Runs on Windows.
- NetCat A network data management utility that has IP address usage detection and a port scanning option. This is an old utility but there are many clones available for Windows, macOS, and Linux.
- LanSweeper IP Scanner This is a network device discovery tool that reports on attributes of discovered equipment, including the IP addresses assigned to them. Installs on Windows.
- MyLanViewer Network/IP Scanner A network scanner that reconciles discovered IP addresses to DHCP records. Runs on Windows.
- Slitheris Network Discovery This tool delivers detailed information on every device connected to the network. This includes IP address information. Installs on Windows.
Live open ports can lead into the services running on hosts which can become a door into the organization. Running a port/services scan can make you aware of these weaknesses. With this information in hand, a network manager can secure a firewall by closing unnecessary ports and services.
The following is a list of the Best FREE IP Scanners for Port and Services, including a brief description, their features and official download site.
Related post: Find any Device or IP Address using the MAC Address
The Best Free IP & Port Scanners
There are a variety of scanners on the market which are usually online tools. But the best scanners are the ones that you run on your own devices since they allow more flexibility in the process.
What should you look for in IP and port scanning tools?
We reviewed the market for network and port scanners and analyzed the tools based on the following criteria:
- Systems that can perform network sweeps to document all IP addresses in use
- Tools to scan each endpoint to identify open ports
- Systems that combine both network and port scanning capabilities
- The option to scan for all active IP addresses within a given range
- A system that offers the option to specify a particular device to scan for open ports or many devices
- Options to try paid tools for free as well as a list of forever free systems
- A system that is worth installing because it provides useful functions even though it’s free
With these selection criteria in mind, we have identified some strong IP scanners and port scanning tools, making sure to include systems that will run on each of the major operating systems.
The Engineer’s Toolset from SolarWinds is a package of more than 60 network management facilities and one of those services is the Open Port Scanner. The Engineer’s Toolset provides a menu of all of its services. This is where you get access to the Open Port Scanner.
- Sweeps a network to discover devices
- Scans the ports on each discovered device
- For brevity, only lists open ports
- Categorizes ports as ‘Available’ or ‘Used’
- Straightforward, easy-to-read layout
The Open Port Scanner will scan all devices between a given IP address range. In order to get a complete system sweep, you could just enter a very wide range. While it scans the network, this tool also acts as a network discovery tool because it will register each IP address that is in use and then scan the discovered device’s ports.
The tool will list all of the open ports that it has encountered and identify whether they are operating as TCP or UDP. The output display is uncomplicated and easy to read.
- Identifies whether ports are operating as UDP or TCP
- Integrated into a suite of network management tools
- Quick and official network sweeps
- Operates on demand
- Includes a response time report
- Not permanently free – only free for a 14-day trial
The Open Port Scanner is our top pick for a network services scanner because it is easy to use and offers you the ability to check on the ports on one, many,, or all of your devices in one scan. This system is part of the SolarWinds Engineer’s Toolset, which includes more than 60 essential system administration utilities. The Open Port Scanner helps you quickly discover all of the IP addresses in use on your system as well as checking all of the ports on each encountered device.
OS: Windows Server
Paessler PRTG is a bundle of many monitors, called “sensors.” These are available for networks, servers, and applications. You customize the tool by deciding which sensors to turn on. If you only turn on 100 sensors, you never have to pay for the package. The central sensor in PRTG is an essential network discovery service. This actually uses SNMP and identifies all of the devices connected to the network.
Here are the key abilities of PRTG Free:
- Genuinely free forever for up to 100 sensors
- Automated network discovery and a continuously updated inventory
- A range of network topology map formats
- A large library of sensors for networks, servers, and applications
- Options for IP scanning and port scanning
The SNMP network sweep recurs continuously. It creates a network inventory and will generate a network topology map based on that list of devices and their attributes, which includes IP addresses. Another option for IP scanning is to deploy the Ping sensor. This also runs continuously and will list all IP addresses in use on the network. You can get a list of ports and their statuses on each discovered device with the Port Range sensor.
- Runs on your own servers so you don’t need to worry about external connection security
- Very flexible package with a lot of other monitoring tools available
- A cloud version is available
- You can choose to get more than 100 sensors by paying
- Doesn’t include any management functions, like an IP address manager
PRTG runs on Windows Server and you can get the full package with all sensors active with a 30-day free trial. At the end of the trial, if you don’t buy, you just keep on using the Free version.
ManageEngine OpUtils is a package of network monitoring and management tools. The facilities in the bundle include an IP address manager, a switch port mapper, and a port scanner. ManageEngine produces a free version of OpUtils. This version doesn’t include the IP address manager or the switch port mapper but it does include a number of useful network diagnostic tools, including a range of Ping utilities and TraceRoute.
- ICMP Ping, SNMP Ping, and Proxy Ping
- TraceRoute for network path investigation
- A network scanner for device discovery
- A DNS resolver to translate between allocated IP addresses and hostnames
- A MAC address resolver to find the MAC address of an allocated IP address
The Free OpUtils service has an attractive interface that gives easy access to all of the different utilities in the package. Clearly, the full package of the paid OpUtils is a lot better than the free version. ManageEngine offers a 30-day free trial of the paid OpUtils edition, so you can assess it for free, and if you don’t think you don’t want to pay for it, switch over to the free version once the free trial expires.
Both the free and paid versions of OpUtils are available for Windows Server and Linux.
- Offers a suite of tools that provide WoL, IP address management, and physical switch port mapping
- Gathers hostname, device status, and MAC address alongside IP address scans
- Identifies new machines via autodiscovery, great for larger deployments
- Available for both Windows server as well as Linux
- ManageEngine is a large monitoring platform that offers a host of tools and features that may take time to fully explore
Official site and where to download the 30-day FREE Trial:
Nmap is considered the Swiss Army Knife of hackers (ethical and not) and pen-testers.
Nmap stands for Network Mapper and is one of the most popular port scanners. It is an open source tool that offers a great deal of flexibility and power when it comes to performing any kind of active network reconnaissance against a target. With Nmap you can craft packets and send them to a specific target and let the software analyze the response.
A very short list of what you can do with Nmap:
- Scan a target selection, such a single IP, a host-name, a range, etc.
- Scan a port selection, such as a single port or a range.
- Detect specific services and OSs.
- Perform NSE scripts.
- A really strong feature in Nmap is different “Port Scan Types”, such as TCP Connect, TCP SYN Scan. Below is a table with the most common TCP Scans Types that you can do in Nmap.
For beginners, Nmap can be a little bit intimidating because there are so many different scanning combinations that get you different results.
|TCP Connect (-sT)||Full Three-way-handshake (SYN, SYN/ACK, ACK)|
|TCP SYN (sS)||Send SYN. RST/ACK response=not listening SYN/ACK=listening|
|TCP FIN (sF)||Send FIN, RST response=port close|
|TCP Xmas Tree (sX)||Send FIN, URG, PSH, RST response=port closed|
|TCP Null (sN)||No Flags. RST response=port closed|
|TCP ACK (PT)||Send ACK. Firewall test to verify packet filtering.|
- Doubles as a security tool, allowing administrators to discover open ports, and applications communicating over ports that are suspicious
- Massive open-source community is one of the most popular free security tools available
- Offers a GUI version, Zenmap, which lowers the barrier to entry for new users
- Syntax is straightforward and not difficult to learn for most users
- Nmap can have a steep learning curve for new users
- Might be overkill for simpler troubleshooting tasks
Official site and where to download:
5. Advanced IP Scanner
It is a portable, easy-to-use and free network scanner for Windows. Advanced IP Scanner is free of installation. Just press play and you’ll have one of the most robust scanners at your disposal. With Advanced IP Scanner you can see a list of network devices with information such as IP, Port, Manufacturer, MAC Address, OS, etc.
- Easy access to network shares.
- Control devices via Radmin and RDP.
- Switch on/off computers remotely.
- Find the MAC addresses.
- Export all scan results to a CSV file.
This scanner finds all the devices in a targeted scan in a matter of seconds and provides easy access to their shared resources, either through HTTP, HTTPS, FTP or even shared folders.
- Free to use
- Very easy to use, great for smaller networks
- Provides hostnames, MAC address, and manufacturer statistics
- Simple interface, feels intuitive
- Lacks multiple export formats
- Does not support graphing to visualize traffic or devices
- Not the best option for enterprise networks
Another cool feature of this tool is that it detects the RDPs or Radmin ports, and it will let you manage the device remotely right from the platform.
Official site and where to download:
6. Angry IP Scanner
Angry IP Scanner (also called ipscan) is a free and open-source network scanner. The tool works on popular OSs, such as Windows, Mac OSX, and Linux. It was designed with simplicity in mind, the software is ultra-light, no installation is required (highly portable) and it is fairly easy to use.
- Can scan private or a public range of IP addresses. Additionally, it can get the NetBIOS information of a device, detect web servers and customize openers.
- It is able to export the results in different formats such as TXT, CSV, XML, or IP-Port list files.
- For faster scanning, the tool uses the multi-threading approach.
- By default, the tool comes with common fetchers like Ping, Host-name, and Ports but you can add more fetchers with the help of plug-ins to see more information.
- The tool runs on the GUI, but you can use the CLI to call up different options on the software.
At its most basic level, Angry IP Scanner will ping the target device/network to confirm that it is alive. It can also resolve hostnames, find the MAC address, and scan ports. You can extend the amount of information received about each target with the help of plugins.
- One of the easiest tools to use on the market
- Great for small networks and home use
- Can output in multiple formats, giving more flexibility than CLI tools
- Offers DNS and hostname metrics
- The interface doesn’t scale well on enterprise size networks
- Lacks graphing capabilities
Official site and where to download?
7. Free IP Scanner by Eusing
Eusing Software creates miscellaneous free applications for windows users. Among the most popular tools is the Free IP Scanner. This tool is a lightweight standalone scanner that can check a hundred devices per second. It is only supported by Windows OSs.
- Fast scanning using multi-threaded technology.
- Free IP Scanner can scan multiple targets per second without consuming many resources.
Free IP Scanner pings the IP (or range of IPs) to see who is alive. It can also translate the host-name to IP (or vice versa), find closed and open ports and get NetBIOS information. The last one can show details such as host-name, workgroup, active logged users, and the MAC address of the device. All the results obtained can be exported into a TXT file.
People like Free IP Scanner because it is simple, portable and easy to use. However, it cannot be extended with more functionality. Although the tool scans and finds ports, the entire layer 4 TCP/UDP information cannot be customized for deeper analysis.
- Runs as a standalone executable, making it great for USB toolkits
- Scans are fully configurable, allowing users to exclude ranges or subnets
- Stores information in a simple text log file output
- Available only for Windows operating systems
- The interface can feel cluttered, especially on larger enterprise networks
Official site and where to download?
A fully versatile tool preferred by most hackers like NMAP above.
It is tiny but powerful. NetCat is considered as a feature-rich networking tool used especially for debugging and investigation.
- Connect to a remote system through any port or service.
- Banner Grabbing to identify the software that the target is using.
- Scan, listen and forward open ports.
- Create tunnels with specific network parameters, like source port/interface, listening port/interface and the remote host.
- Create back-doors for easy access to the target.
- Transfer files from the target
With NetCat you can create any kind of connection. It basically writes to and reads data from network connections using TCP or UDP. In other words, it can open TCP or UDP connections between two devices over any port.
The most common use for this tool is to set up reverse and bind shells, redirecting network traffic, port scanning and forwarding, debugging scripts, and service banner grabbing.
- Available cross-platform for Windows, Linux, and Unix operating systems
- Simple syntax, easy to learn for beginners
- Doubles as a security tool, allowing users to probe endpoints and create backdoors
- Supports file transfer between host and client
- Slitheris Network Discovery
- NetCat might be overly complicated for users looking for a simple IP scanner
Official site and where to download:
9. LanSweeper IP Scanner
It is a free and powerful IT management tool that can scan networks and find your assets. The IP Scanner is a feature that comes integrated with LanSweeper. With the scanner, you can target a specific IP or range of IPs and get a full inventory of all computers, servers, virtual servers, switches, routers, printers, VoIP phones, etc. The results can be easily exported and created into a report.
- Scan IP addresses automatically or on demand
- Import the results via a CSV file.
- Run custom actions such as remote shutdown.
- Wake-On-LAN Manager
- Find MAC address, logged-on users, user accounts, device up-times, etc.
- The free version lets you find detailed info of up to 100 devices.
People love LanSweeper because of its ability to automatically deploy scripts and commands to many devices at the same time. It uses an integrated deployment feature to automatically deploy software and execute commands on the devices shown on the inventory.
The software goes beyond scanning. It will let you get deep details through scanning, find issues and proactively fix them. The scanner grabs network information through WMI, SNMP, HTTP, FTP, SSH and other protocols.
- Automatically discovers devices through customizable search filters, ideal for BYOD networks
- Recovers additional details such as hostname, manufacturer, hardware stats, and NetBIOS info
- A great option for agentless asset discovery for smaller networks
- Only free up to 100 managed assets
Official Site and where to download?
Related Post: Best Wake-On-Lan Tools
10. MyLanViewer Network/IP Scanner
A comprehensive network IP Scanner for Windows OSs. On the basic level, this tool will scan the target network and will show the IP, MAC addresses, NIC vendor, OS Version, logged users, and shared folders of the wired and wireless devices found an easy-to-read list.
- NetBIOS scanner
- Whois and Traceroute tool
- Remote shutdown and Wake-On-LAN manager.
- Wireless network scanner and monitor
- Show and access shared folders
- Terminate user sessions
- Show netstat information
- Find rogue DHCP servers.
MyLANViewer Network/IP Scanner can monitor all the scanned devices (even if they are hidden), and notify you when a new device was found.
- Provides whois, traceroute, WOL, and remote shutdown options, great for small networks and home labs
- Offers file management features, allowing users to quickly share or unshare folders in a workgroup
- Great for detecting rouge DHCP servers and addressing IP conflicts
- The interface can feel cluttered in large networks, less nested menus could improve usability
Official Site and where to download:
11. Slitheris Network Discovery
Slitheris Network Discovery from Komodo Laboratories is a Windows-based premium IP scanner. The free version of this advanced network scanner allows you to find up to 50 network devices but can be extended with the premium license.
What can Slitheris do?
- Real-time visual ping sweep. It shows what the ping sweep is doing with a visual matrix.
- OS Detection and Fingerprinting. Identify different Windows OS versions without the need for authentication and credentials.
- Identify different type of devices. Find whether the device is a Printer, Virtual Machine, Mobile, Server, Workstation, etc.
- Age determination. Uses MAC address to determine the age of the device.
- SMB Security. Alarms when SMB (Server Message Block) is enabled or disabled on a device, to improve security.
- Detects stealth devices. The tool uses the ARP cache to find un-pingable devices.
- Find Web GUI access devices. The tool uses port scanning on HTTP and HTTPS to see whether a device can be accessed through Web GUI.
This tool takes IP scanning to a new level, it is fast and finds information that most scanners can’t. It gathers information from target network devices without needed credentials or agents. Slitheris Network Discovery uses multi-threaded technology to quickly find all pingable devices and uses ARP pings to discover hidden devices.
- Great user interface, leverages simple visuals to make scanning larger networks more manageable
- It’s depth and device management capabilities make it a good option for smaller MSPs
- Adds a visual layer to ping sweeps to easily identity which machines are having issues
- Only free for up to 50 networks devices
Official Site and where to download:
Open ports can be gateways into networks and are considered weaknesses if not treated with security in mind.
The toolbox of network and security administrators should contain a Port and Services Scanner to help them identify open ports and control vulnerabilities efficiently, before it's too late.
There are many free and online scanners out there as well, But when combining portability, effectiveness, feature-richness, flexibility and cost-efficiency, only the previous nine stand out.
They are free, download a copy today and scan your network. We suggest you grab several of them (as they are all Free) and give them a try – they all have different feature sets and work well when there is no internet connection available to use an online variation. We hope this list of some of the top Port Scanners help you secure your network and keep intruders out!
IP and Port Scanner FAQs
What are the 3 types of network scanning?
There are three types of network scanning:
- IP scanning looks for all IP addresses that are currently in use.
- Port scanning tests each port on each device to see whether it has an active daemon looking for communications with that port number on it – this is called an open port.
- Vulnerability scanning performs a series of break-in attempts using known hacker strategies to discover whether there are weaknesses in the network’s settings.
Port scanning is a repeated test that cycles through port numbers and then tries to contact that port to see if a response comes back. This response indicates that the daemon associated with that port number is active and will receive incoming messages. Depending on the port number, hackers can use this information to launch an attack. Scanning IP addresses and ports is a two-phase process that uses two different tools. First, you need to discover which IP addresses are in use and that information gives you the addresses of all the contactable devices on a network. After that, you need to test if a port is receiving. By cycling through a sequence of numbers you can hit a lot of ports. Two tools that are regularly used for the tests are a Ping sweep to discover IP addresses and then telnet to test ports. You can use the command line utility netstat to scan your own computer for open ports. Run netstat -ano. In the output of this command, open ports are marked as “Listening.” In order to check for open ports on all of the other computers on your network, you will need to use a recursive script that combines a search for all active IP addresses with a test on each possible port number. This can be a time-consuming process. It is better to use a pre-written facility for port scanning for an entire network. There are two perspectives that you can use. One is to test the ports from an external location — there are a number of free online services that will do this. The second perspective is to reach out to other computers from within your network. That can be performed by a number of available network testing tools.
What is a port scanner used for?
How do I scan a port and IP address?
How do I scan for open ports?
Port scanning is a repeated test that cycles through port numbers and then tries to contact that port to see if a response comes back. This response indicates that the daemon associated with that port number is active and will receive incoming messages. Depending on the port number, hackers can use this information to launch an attack.
Scanning IP addresses and ports is a two-phase process that uses two different tools. First, you need to discover which IP addresses are in use and that information gives you the addresses of all the contactable devices on a network. After that, you need to test if a port is receiving. By cycling through a sequence of numbers you can hit a lot of ports. Two tools that are regularly used for the tests are a Ping sweep to discover IP addresses and then telnet to test ports.
You can use the command line utility netstat to scan your own computer for open ports. Run netstat -ano. In the output of this command, open ports are marked as “Listening.” In order to check for open ports on all of the other computers on your network, you will need to use a recursive script that combines a search for all active IP addresses with a test on each possible port number. This can be a time-consuming process. It is better to use a pre-written facility for port scanning for an entire network. There are two perspectives that you can use. One is to test the ports from an external location — there are a number of free online services that will do this. The second perspective is to reach out to other computers from within your network. That can be performed by a number of available network testing tools.
Is IP scanning illegal?
IP scanning is not illegal. In fact, it is a necessary function of any communication system. Public and private IP addresses have different scopes and so slightly different uses for IP scanning. On a private network, IP scanning is an important part of the work performed by IP address management software and enables systems to reclaim abandoned IP addresses. On the internet, IP scanning is relatively meaningless; probing the availability of a device with a specific IP address or checking the route to an individual IP address is more common.