GigaOM Radar Report

How To Scan Network for IP Addresses Using Command Line Tools & 3rd Party Software

Scan Network for IP Addresses

Marc Wilson

Scanning for IP address lets you have better control over your network. With 1-2 commands, you can quickly map out the devices in your network and the IP addresses that they are using. But to understand how to scan a network, first, you need to understand how are IP addresses assigned.

Follow these four simple steps to scan your network for IP addresses in use:

  1. Open a Command Prompt window.
  2. On Windows or macOS type ipconfig or on Linux type ifconfig. Press return. Note down the subnet mask, the default gateway, and your own computer’s IPv4 address.
  3. Enter the command arp -a to get a list of all other IP addresses active on your network.
  4. Enter the command ping <IP_address> giving any of the addresses returned by ARP in order to test the response times to that node – don’t include the angle brackets that are shown in that example.

DHCP (Assigning IPs Dynamically)

An automated process in networking, called DHCP (Dynamic Host Configuration Protocol), assigns IP dynamic addresses to hosts as soon as they enter the network. In a home or small network, the DHCP server is usually a part of the router. When you come into the network, the router will look for an available IP address in its pool and assign it to you, so that your device can communicate with others without any conflict.

Dynamic allocation of IP addresses is a great advantage for both end-users and network admins. But sometimes you would need to have some control in order to manage and troubleshoot your network more efficiently.

Related post: Find device or IP with MAC

Related Post: PowerShell Kill Process Command

If you are here for free tools and trials, here is our list of the six best tools for discovering IP addresses on a network:

  1. SolarWinds Ping Sweep – FREE TRIAL Part of the Engineer’s Toolset, this tool searches the network for all active IP addresses, reporting on the response time and showing hostnames from the local DNS server. Installs on Windows Server.
  2. Paessler PRTG Network Monitor – FREE TRIAL A package of network, server, and application monitoring tools that includes an IP scanner. Runs on Windows Server.
  3. ManageEngine OpUtils – FREE TRIAL A suite of network address monitoring tools that covers IP addresses, MAC addresses, and port numbers with a cut-down free version also available. Installs on Windows Server and Linux.
  4. Angry IP Scanner A free network scanner that identifies all connected devices and lists their IP addresses plus connection response speeds. Available for Windows, macOS, Linux.
  5. MyLAN Viewer A network scanner that identifies all connected devices and lists their IP addresses and MAC addresses. Runs on Windows.
  6. SolarWinds IP Address Scanner – FREE TRIAL This is part of the SolarWinds IP Address Manager. Use this as a standalone utility to identify all addresses in use or as part of the IPAM for wider IP address management functions. Runs on Windows Server.

What will you learn in this Tutorial

In this tutorial, you will learn the basic networking skills on how to scan a network for IP addresses. We will scan a network with native OS commands, find which addresses were assigned dynamically, which statically, and test their connectivity.

In the end, we will compare some free IPAM tools aka IP address scanning tools that can give you additional information. To improve your IP addressing insights, even more, we will show you some tools that allow you to track IP addresses and even manage them.

Simple IP Scanning

Operating Systems, like Windows and Linux, come with their own native simple networking set of tools. Commands such as “ipconfig”, “arp -a”, or “ping” allow simple scanning and troubleshooting.

The simplest way to get a quick list of IP addresses and their devices connected to your network is with those OS native commands found in the command line. With a list of the assigned IP address and their devices, you can easily find the devices that are causing the most problems.

  • ipconfig This command displays all network settings assigned to one or all adapters in the computer. You can find information such as your own IP, subnet, and Gateway. For Linux and MacOS is “ifconfig”.
  • arp -a When you issue the “arp -a”, you’ll get IP-address-to-mac conversion and the allocation type (whether dynamic or static) of all devices in your network.
  • PingIt helps determine connectivity between two hosts and find the IP address of a hostname.

Related Post: Best IP & Port Scanners

Reading The Output

Finding your own network adapter configuration

In the following screenshot, you’ll see the output from the ipconfig command. On a Windows, the ipconfig command can be entered through the Command line.

Go to Run > type cmd > type ipconfig

  • This Windows computer has 5 network adapters, but the last one (Wireless LAN adapter Wi-Fi) is the only one connected to a network. The rest are disconnected.
    ipconfig to view Network adapters
  • In this network, the router (or Default Gateway) is playing the role of the DHCP server. It is assigning the IP address dynamically and giving access to the Internet.
  • You are reading two of the most important IP addresses for your device; Your own device’s IP (IPv4 and IPv6) and your Gateway. The Subnet Mask is also very important, it shows that you are on the same subnet as the gateway.

Now you know your subnet, which in this case is 192.168.1.0/24 (using the CIDR range). Now you need to find the rest of the IP address in your network.

Scanning your Network

The job of the ARP protocol is to map IPs to MAC addresses. It provides a method for hosts on a LAN to communicate without knowing any address and create a cache of information. When a new computer enters the LAN, it receives an IP and updates its ARP cache with the Gateway information. This ARP cache can be found using the “arp-a” command.

  • Use the command line to enter the “arp -a” command.arp -a command
  • This computer has been connected for some time into the LAN, so its ARP cache is very precise and complete. The first IP address shown in the display is the Gateway (the same we found through the ipconfig command).
  • The output shows the IP, the MAC addresses, and their assignation type. The addresses displayed here were dynamically assigned by the DHCP server in the LAN. All of these IPs are devices connected to the LAN (192.168.1.0/24). The other static addresses are reserved for Multicasting.
  • With the MAC information, you can know the vendor. Try searching for vendor prefixes or use an automatic online tool such as MACvendors.

Testing Connectivity

Finally, with some information, you can test connectivity. In the following test, we tried an extended ping with “ping -t” to the gateway. With this, you can learn some simple insights about delay and latency.

ping -t command

From the list generated by the ARP command, you could ping all the live hosts. Or you can go beyond and ping the entire subnet to find hosts not found by the ARP (but that would be too much manual work…). Later, we’ll discuss how to automatically ping entire subnets at once.

Enhancing IP Scanning

Although having a list of devices and their allocated IP address will give you good insights, the information will not be enough when your network scales. Manual IP scanning in multiple subnets and BYOD (Bring-Your-Own-Device) scenarios is nearly impossible.  As the network scales, problems will scale too.

Larger networks demand more results, flexibility, and easy-to-read set of commands.

An IP Address Scanner tool helps you with larger demands. These tools are able to map the entire local network, finds live hosts, and to provide the results of the “arp-a” in a clearer format. Other IP Scanners do not depend on ARP but they operate using repeated ping tests. A Ping Sweep tool lets you ping entire subnets and find live hosts just with one button.

Some other IP Scanners go the extra mile and give more information such as Port number, DNS, DHCP, etc. All of this data is also presented in the most visual and easy-to-read format. They also allow users to save all results and present them in detailed reports.

The best IP Address discovery tools

1. SolarWinds Ping Sweep – FREE TRIAL

ping sweep

Ping Sweep from SolarWinds helps you find free IPs and identify which ones are unavailable. It is classified as a networking discovery tool from the SolarWinds Engineer’s Toolset. A comprehensive network software, that includes over 60 handy tools. Ping Sweep from SolarWinds is included in the Engineer’s Toolset and is dedicated for ping testing. For the MAC address, port scans, SNMP scans, etc, there are more dedicated tools in the Engineer’s Toolset.

Just as when you ping from the command line, this tool shows the DNS name for each IP and response time. It can also let you export results in different formats such as CSV, TXT, XLS, and to an HTML page.

Pros:

  • Easy to use, doesn’t include any unnecessary ‘fluff’
  • Includes a suite of other helpful tools, specifically designed for network administrators and on-site technicians
  • Aids in device discovery and testing
  • Can help verify DNS and DHCP functionality for different devices
  • Can easily export or import results from previous scans

Cons:

  • Could benefit from a longer 30-day trial time

Price: SolarWinds Engineer’s Toolset gives you a 14-day Free Trial and it includes over 60 must-have tools.

Download: Get a fully functional Engineer’s Toolset for 14 days by registering to SolarWinds official site.

Download Free!

2. Paessler PRTG – FREE TRIAL

Paessler PRTG IP Scan

Paessler PRTG is a collection of sensors for networks, servers, and applications. You can customize the package by choosing which sensors to turn on. However, there is one sensor that is not optional because it forms the foundation of all of the PRTG monitoring systems – this is the IP scanner.

The IP scanner in PRTG creates an autodiscovery service. It is actually based on the Simple Network Management Protocol (SNMP). Under SNMP processes, the PRTG server broadcasts a request for status reports. Device agents respond with a message that contains a database of details. The PRTG system compiles these reports into a network hardware inventory and that includes the MAC address and IP address of each device.

Once the device information of the network has been recorded, all network monitoring can begin. PRTG is available for installation on Windows Server and it is also offered as a cloud service.

Pros:

  • Drag and drop editor makes it easy to build custom views and reports
  • Supports a wide range of alert mediums such as SMS, email, and third-party integrations into platforms like Slack
  • Supports a freeware version

Cons:

  • Is a very comprehensive platform with many features and moving parts that require time to learn

Price: Free for up to 100 sensors. The paid version starts at $1,799 for 500 sensors.

Download: Offered for a 30-day free trial.

Download Free Trial!

ManageEngine OpUtils Network Monitoring Toolset

ManageEngine OpUtils combines an IP address manager, a switch port mapper for MAC address discovery, and a port scanner to identify open TCP and UDP ports on all devices. This combination delivers all address-related functions that you will need in order to fully manage your network.

The IP address manager is, in itself, a suite of utilities. This group of services includes an IP address scanner. This will discover all of the devices connected to your network and list the IP addresses allocated to them. The IPAM is able to produce IP address reconciliation reports that will enable you to update your native DHCP server in case it fails to notice expired address leases.

The IP address tracker service in the bundle can produce a hierarchical view of your network, enabling you to identify subnets and the allocation of addresses to each. DHCP management tools in the pack let you manage subnet address pools. The switch port mapper identifies each device by MAC address and switch port number. The port scanner in OpUtils lets you see which TCP and UDP ports on each device are open.

OpUtils is available for Windows Server and for Linux.

Pros:

  • Supports IP management and physical switch port monitoring
  • Offers built-in troubleshooting tools to help
  • Supports CISCO and SNMP tools to help configure, administer and diagnose issues
  • Better suited for sysadmin

Cons:

  • Offers many advanced features and options, not suited for small home networks

Price: OpUtils is available in a Free version, which includes a port scanner and Ping utilities. Contact the ManageEngine sales team for a quote on the paid version.

Download: The paid version of OpUtils can be downloaded as a 30-day free trial.

Download Free Trial!

4. Angry IP Scanner

 angry ip scanner

Angry IP Scanner is one of the most popular scanners on the web, with over 29 million downloads. It is open-source, free, and available for Windows, MacOS, and Linux. It can let you scan your local network or the Internet-facing IP addresses.

This tool is not only capable of scanning IP addresses but also ports. When you define an IP address range, you can also specify a number of the port, and see if a device in your network is using a specific service (defined by the port). Angry IP Scanner also lets you save all the scan results into multiple formats, such as TXT, XML, CVS, etc.

When you scan, you’ll know what hosts are alive, their response time, hostname, MAC address, etc. If you want even more information, you can extend results by developing Java plugins.

Pros:

  • Easy to install and use – great for a mobile toolkit
  • Better suited for one-off scans of small networks

Cons:

  • Lacks advanced features such as DHCP reconciliation and rouge DHCP identification
  • Doesn’t scale well in large environments
  • Lacks detailed reporting that’s useful in enterprise networks

Price: Open Source and 100% free.

Download: Get Angry IP from its official site.

IP Address Tracker Tools

Having a map of IP addresses, MAC addresses, used ports, etc, is great for networking inventorying and may help with some troubleshooting cases. But a list can not control and display real-time results.

An IP address Tracker is a good upgrade to our set of tools and commands described so far. It does allow scanning multiple subnets and displaying results, but it also allows you to keep track of one or more IP addresses.

An IP Address Tracker will notice when an IP address is released. This can be either because the device lost connectivity or it changed IP address. It will help you minimize IP addressing conflicts (when two devices are trying to take the same IP) and reduce DNS errors.

MyLAN Viewer

mylan viewer

MyLAN Viewer is a NetBIOS and IP address scanner for Windows systems. Just like the IP Scanners shown above, this tool will scan a network and show devices in an easy-to-read format.

But MyLANViewer goes beyond, and not only shows computer name, IP, and  MAC, but also NIC, OS version, logged users, shared folders, and much more.

This tool is able to track specific IP addresses and show notifications when their state change. With it, you can also keep track of network security by showing port information and detecting rogue DHCP servers. MyLAN Viewer tracks all devices in the subnet including hidden, and displays alerts when new devices enter the network, and others go.

This tool can also display the following metrics as well:

  • Display Whois data.
  • Perform traceroute.
  • Manage “Remote Shutdown and Wake On LAN (WOL)”.
  • Monitor wireless networks.

Pros:

  • Provides whois, traceroute, WOL, and remote shutdown options, great for small networks and home labs
  • Offers file management features, allowing users to quickly share or unshare folders in a workgroup
  • Great for detecting rogue DHCP servers and addressing IP conflicts on smaller networks

Cons:

  • The interface can feel cluttered in large networks, less nested menus could improve usability.
  • Lack of enterprise reporting and monitoring capabilities

Price: Free, but only available for Windows systems.

Download: Get MyLAN Viewer from its official site.

Related Post: Best Wake On LAN Tools

IP Address Management (IPAM)

Basic IP Address Scanning should be enough to manage small networks. But when networks scale they depend on multiple subnets and detailed management requirements. Although SolarWinds IP Tracker is able to find IP address conflicts, it is not able to control them.

Sometimes large-scale networks have standalone DHCP and DNS Servers in order to assign addresses to multiple subnets. But IP conflicts occur and it is really challenging to manage them manually. An IP Address Management or “IPAM” is a piece of software able to actively control DHCP and DNS. It also gives you the ability to manage multiple subnets.

SolarWinds IP Address Scanner

solarwinds ipam IP Address Scanner

Among SolarWinds powerful tools, the IP Address Manager does everything a large-scale enterprise needs to manage its addresses properly. It automates many processes to make IP Address management easier. From automated IP address tracking, quick static IP reservations, to multi-vendor DHCP and DNS support.

SolarWinds IPAM comes with an integrated IP address management, DHCP, and DNS tools to administer your entire network.

One of the most commonly used tools from this bundle is the IP Address Scanner. This tool allows you to create automated IP address scans to maintain an updated inventory of all IP address blocks in the network. This is achieved by sending regular ICMP and SNMP polls. The automatic scans use ICMP polls to gather status of the IP address and hostname information. It also uses SNMP to find information on MAC addresses and other vendor information. SolarWinds IP Address Scanner supports both IPv4 and IPv6 address management.

SolarWinds IPAM also provides detailed reports of your IP address in real-time.

Pros:

  • Simple interface that scales well even on larger networks
  • Provides a continuous live look into your network – recording address status
  • Can run automated tests to alert sysadmin when devices come back online
  • Highlights issues such as rogue DHCP servers and IP conflicts
  • Consolidates IP, DHCP, and DNS information into a single view to help shorten troubleshooting time

Cons:

  • The tool is designed for sysadmin, home users will likely not use all tools and features

Price: Download the Free Trial for 30 Days!

Download: Get a fully functional SolarWinds IPAM on a 30-day free trial.

Download Free Trial!

IP address scanning FAQs

How do I find a network name from an IP address?

To get the network name of a host from an IP address you need to query the DNS server. Open a Command Prompt window and enter nslookup <IP_address> putting in the IP address you have instead of <IP_address>.

How do I identify an unknown device on my network?

To see all of the devices connected to your network, type arp -a in a Command Prompt window. This will show you the allocated IP addresses and the MAC addresses of all connected devices. To get the hostname of each IP address you see in the list, use nslookup <IP_address> putting in the IP address you have instead of <IP_address>.

How can I tell what device is at an IP address?

To get deeper information on devices connected to your network rather than just an IP address or MAC address, use a network monitor that scans for details with SNMP – the SolarWinds Network Performance Monitor is one example.

GigaOM Radar Report