Doing a Network Reconnaissance helps network managers improve security by identifying weak devices that can be potentially breached. It can also allow managers to maintain a detailed and updated diagram of the network.
The network reconnaissance is basically identifying live hosts and scanning ports and services. When testing security, or even hacking, port scanning becomes one of the most essential steps of a successful network exploration.
It basically helps identify open and vulnerable ports and protocols that are being used in the network. Port Scanning softwares helps managers, testers, and hackers create a profile and gain intelligence about a target organization all while ensuring Access to critical systems and services are managed correctly.
Here is our list of the ten best free IP and port scanners for open ports, IP addresses and service scanning:
- SolarWinds Port Scanner – FREE TOOL A free utility that scans a range of IP addresses, identifying which addresses are in use and also gives the option of limiting scans to a port number range. The tool uses multi-threading to speed up the scan. Installs on Windows Server.
- ManageEngine OpUtils – FREE TRIAL A package of free network monitoring tools that includes a Ping-based network scanner, and a MAC address resolver. Available for Windows Server and Linux.
- Nmap A command-line utility that includes a range of network management tools, including IP address management features and a port scanner. Available for Windows, macOS, and Linux.
- Advanced IP Scanner A suite of network exploration tools, including a port scanner as well as an IP scanner, that has more than 53 million users. Installs on Windows.
- Angry IP Scanner A free network address monitoring utility that includes IP management functions and a port scanning service. Available for Windows, macOS, and Linux.
- Free IP Scanner by Eusing this tool searches a network, working through each IP address in a given range, reporting on whether or not that address is in use. It can also be used as a port scanner. Runs on Windows.
- NetCat A network data management utility that has IP address usage detection and a port scanning option. This is an old utility but there are many clones available for Windows, macOS, and Linux.
- LanSweeper IP Scanner This is a network device discovery tool that reports on attributes of discovered equipment, including the IP addresses assigned to them. Installs on Windows.
- MyLanViewer Network/IP Scanner A network scanner that reconciles discovered IP addresses to DHCP records. Runs on Windows.
- Slitheris Network Discovery This tool delivers detailed information on every device connected to the network. This includes IP address information. Installs on Windows.
Live open ports can lead into the services running on hosts which can become a door into the organization. Running a port/services scan can make you aware of these weaknesses. With this information in hand, a network manager can secure a firewall by closing unnecessary ports and services.
The following is a list of the Best FREE IP Scanners for Port and Services, including a brief description, their features and official download site.
Related post: Find any Device or IP Address using the MAC Address
The Best Free IP & Port Scanners of 2021:
There are a variety of scanners on the market which are usually online tools. But the best scanners are the ones that you run on your own devices since they allow more flexibility in the process.
SolarWinds is one of the leading companies that create network and IT infrastructure monitoring software. The SolarWinds Port Scanner is one of the “Free Download” tools that allows you to scan an IP address range or hostname and generate lists of the open, closed and filtered ports on the target network.
The software is easy to use. To begin scanning you will only configure the scan profile. To do this you must enter the target information, such as IP range, hostnames. You can also configure it to look for layer 4 ports or services such as TCP or UDP ports.
Aside from the common IP and Port scanning, SolarWinds Port Scanner can also be configured to resolve hostname with specific DNS information and it can also find the MAC address to identify the OS version.
- Uses multi-threading for less overhead and faster scanning.
- Schedule scans to ensure updated data.
- All scan profiles are configured in a single window with a command line.
- Save all scan profiles for future faster scanning.
- View all the IANA port name definitions right on the application.
Official site and where to get a 100% FREE download:
ManageEngine OpUtils is a package of network monitoring and management tools. The facilities in the bundle include an IP address manager, a switch port mapper, and a port scanner. ManageEngine produces a free version of OpUtils. This version doesn’t include the IP address manager or the switch port mapper but it does include a number of useful network diagnostic tools, including a range of Ping utilities and TraceRoute.
The Free OpUtils service has an attractive interface that gives easy access to all of the different utilities in the package. Clearly, the full package of the paid OpUtils is a lot better than the free version. ManageEngine offers a 30-day free trial of the paid OpUtils edition, so you can assess it for free, and if you don’t think you don’t want to pay for it, switch over to the free version once the free trial expires.
Both the free and paid versions of OpUtils are available for Windows Server and Linux.
OpUtils Free features:
- ICMP Ping, SNMP Ping, and Proxy Ping
- TraceRoute for network path investigation
- A network scanner for device discovery
- A DNS resolver to translate between allocated IP addresses and hostnames
- A MAC address resolver to find the MAC address of an allocated IP address
Official site and where to download the 30-day FREE Trial:
Nmap is considered the Swiss Army Knife of hackers (ethical and not) and pen-testers.
Nmap stands for Network Mapper and is one of the most popular port scanners. It is an open source tool that offers a great deal of flexibility and power when it comes to performing any kind of active network reconnaissance against a target. With Nmap you can craft packets and send them to a specific target and let the software analyze the response.
For beginners, Nmap can be a little bit intimidating because there are so many different scanning combinations that get you different results.
A very short list of what you can do with Nmap:
- Scan a target selection, such a single IP, a host-name, a range, etc.
- Scan a port selection, such as a single port or a range.
- Detect specific services and OSs.
- Perform NSE scripts.
- A really strong feature in Nmap is different “Port Scan Types”, such as TCP Connect, TCP SYN Scan. Below is a table with the most common TCP Scans Types that you can do in Nmap.
|TCP Connect (-sT)||Full Three-way-handshake (SYN, SYN/ACK, ACK)|
|TCP SYN (sS)||Send SYN. RST/ACK response=not listening SYN/ACK=listening|
|TCP FIN (sF)||Send FIN, RST response=port close|
|TCP Xmas Tree (sX)||Send FIN, URG, PSH, RST response=port closed|
|TCP Null (sN)||No Flags. RST response=port closed|
|TCP ACK (PT)||Send ACK. Firewall test to verify packet filtering.|
Official site and where to download:
4. Advanced IP Scanner
It is a portable, easy-to-use and free network scanner for Windows. Advanced IP Scanner is free of installation. Just press play and you’ll have one of the most robust scanners at your disposal. With Advanced IP Scanner you can see a list of network devices with information such as IP, Port, Manufacturer, MAC Address, OS, etc.
This scanner finds all the devices in a targeted scan in a matter of seconds and provides easy access to their shared resources, either through HTTP, HTTPS, FTP or even shared folders.
Another cool feature of this tool is that it detects the RDPs or Radmin ports, and it will let you manage the device remotely right from the platform.
- Easy access to network shares.
- Control devices via Radmin and RDP.
- Switch on/off computers remotely.
- Find the MAC addresses.
- Export all scan results to a CSV file.
Official site and where to download:
5. Angry IP Scanner
Angry IP Scanner (also called ipscan) is a free and open-source network scanner. The tool works on popular OSs, such as Windows, Mac OSX, and Linux. It was designed with simplicity in mind, the software is ultra-light, no installation is required (highly portable) and it is fairly easy to use.
At its most basic level, Angry IP Scanner will ping the target device/network to confirm that it is alive. It can also resolve hostnames, find the MAC address, and scan ports. You can extend the amount of information received about each target with the help of plugins.
- Can scan private or a public range of IP addresses. Additionally, it can get the NetBIOS information of a device, detect web servers and customize openers.
- It is able to export the results in different formats such as TXT, CSV, XML, or IP-Port list files.
- For faster scanning, the tool uses the multi-threading approach.
- By default, the tool comes with common fetchers like Ping, Host-name, and Ports but you can add more fetchers with the help of plug-ins to see more information.
- The tool runs on the GUI, but you can use the CLI to call up different options on the software.
Official site and where to download?
6. Free IP Scanner by Eusing
Eusing Software creates miscellaneous free applications for windows users. Among the most popular tools is the Free IP Scanner. This tool is a lightweight standalone scanner which can check a hundred devices per second. It is only supported by Windows OSs.
Free IP Scanner pings the IP (or range of IPs) to see who is alive. It can also translate the host-name to IP (or vice versa), find closed and open ports and get NetBIOS information. The last one can show details such as host-name, workgroup, active logged users, and the MAC address of the device. All the results obtained can be exported into a TXT file.
People like Free IP Scanner because it is simple, portable and easy to use. However, it cannot be extended with more functionality. Although the tool scans and finds ports, the entire layer 4 TCP/UDP information cannot be customized for deeper analysis.
- Fast scanning using multi-threaded technology.
- Free IP Scanner can scan multiple targets per second without consuming many resources.
Official site and where to download?
A fully versatile tool preferred by most hackers like NMAP above.
It is tiny but powerful. NetCat is considered as a feature-rich networking tool used especially for debugging and investigation.
With NetCat you can create any kind of connection. It basically writes to and reads data from network connections using TCP or UDP. In other words, it can open TCP or UDP connections between two devices over any port.
The most common use for this tool is to set up reverse and bind shells, redirecting network traffic, port scanning and forwarding, debugging scripts, and service banner grabbing.
- Connect to a remote system through any port or service.
- Banner Grabbing to identify the software that the target is using.
- Scan, listen and forward open ports.
- Create tunnels with specific network parameters, like source port/interface, listening port/interface and the remote host.
- Create back-doors for easy access to the target.
- Transfer files from the target
Official site and where to download:
8. LanSweeper IP Scanner
It is a free and powerful IT management tool that can scan networks and find your assets. The IP Scanner is a feature that comes integrated with LanSweeper. With the scanner, you can target a specific IP or range of IPs and get a full inventory of all computers, servers, virtual servers, switches, routers, printers, VoIP phones, etc. The results can be easily exported and created into a report.
People love LanSweeper because of its ability to automatically deploy scripts and commands to many devices at the same time. It uses an integrated deployment feature to automatically deploy software and execute commands on the devices shown on the inventory.
The software goes beyond scanning. It will let you get deep details through scanning, find issues and proactively fix them. The scanner grabs network information through WMI, SNMP, HTTP, FTP, SSH and other protocols.
- Scan IP addresses automatically or on demand
- Import the results via a CSV file.
- Run custom actions such as remote shutdown.
- Wake-On-LAN Manager
- Find MAC address, logged-on users, user accounts, device up-times, etc.
- The free version lets you find detailed info of up to 100 devices.
Official Site and where to download?
Related Post: Best Wake-On-Lan Tools
9. MyLanViewer Network/IP Scanner
A comprehensive network IP Scanner for Windows OSs. On the basic level, this tool will scan the target network and will show the IP, MAC addresses, NIC vendor, OS Version, logged users, and shared folders of the wired and wireless devices found an easy-to-read list.
MyLANViewer Network/IP Scanner can monitor all the scanned devices (even if they are hidden), and notify you when a new device was found.
- NetBIOS scanner
- Whois and Traceroute tool
- Remote shutdown and Wake-On-LAN manager.
- Wireless network scanner and monitor
- Show and access shared folders
- Terminate user sessions
- Show netstat information
- Find rogue DHCP servers.
Official Site and where to download:
10. Slitheris Network Discovery
Slitheris Network Discovery from Komodo Laboratories is a Windows-based premium IP scanner. The free version of this advanced network scanner allows you to find up to 50 network devices but can be extended with the premium license.
This tool takes IP scanning to a new level, it is fast and finds information that most scanners can’t. It gathers information from target network devices without needed credentials or agents. Slitheris Network Discovery uses multi-threaded technology to quickly find all pingable devices and uses ARP pings to discover hidden devices.
What can Slitheris do?
- Real-time visual ping sweep. It shows what the ping sweep is doing with a visual matrix.
- OS Detection and Fingerprinting. Identify different Windows OS versions without the need for authentication and credentials.
- Identify different type of devices. Find whether the device is a Printer, Virtual Machine, Mobile, Server, Workstation, etc.
- Age determination. Uses MAC address to determine the age of the device.
- SMB Security. Alarms when SMB (Server Message Block) is enabled or disabled on a device, to improve security.
- Detects stealth devices. The tool uses the ARP cache to find un-pingable devices.
- Find Web GUI access devices. The tool uses port scanning on HTTP and HTTPS to see whether a device can be accessed through Web GUI.
Official Site and where to download:
Open ports can be gateways into networks and are considered weaknesses if not treated with security in mind.
The toolbox of network and security administrators should contain a Port and Services Scanner to help them identify open ports and control vulnerabilities efficiently, before it's too late.
There are many free and online scanners out there as well, But when combining portability, effectiveness, feature-richness, flexibility and cost-efficiency, only the previous nine stand out.
They are free, download a copy today and scan your network. We suggest you grab several of them (as they are all Free) and give them a try – they all have different feature sets and work well when there is no internet connection available to use an online variation. We hope this list of some of the top Port Scanners help you secure your network and keep intruders out!
IP and Port Scanner FAQs
What are the 3 types of network scanning?
There are three types of network scanning:
- IP scanning looks for all IP addresses that are currently in use.
- Port scanning tests each port on each device to see whether it has an active daemon looking for communications with that port number on it – this is called an open port.
- Vulnerability scanning performs a series of break-in attempts using known hacker strategies to discover whether there are weaknesses in the network’s settings.
Is IP scanning illegal?
IP scanning is not illegal. In fact, it is a necessary function of any communication system. Public and private IP addresses have different scopes and so slightly different uses for IP scanning. On a private network, IP scanning is an important part of the work performed by IP address management software and enables systems to reclaim abandoned IP addresses. On the internet, IP scanning is relatively meaningless; probing the availability of a device with a specific IP address or checking the route to an individual IP address is more common.
How do I scan for open ports?
You can use the command line utility netstat to scan your own computer for open ports. Run netstat -ano. In the output of this command, open ports are marked as “Listening.” In order to check for open ports on all of the other computers on your network, you will need to use a recursive script that combines a search for all active IP addresses with a test on each possible port number. This can be a time-consuming process. It is better to use a pre-written facility for port scanning for an entire network. There are two perspectives that you can use. One is to test the ports from an external location — there are a number of free online services that will do this. The second perspective is to reach out to other computers from within your network. That can be performed by a number of available network testing tools.