Although I have been a TCP/IP networking professional for decades, in the last 10 years I’m also involved in network security as well.
One of the tasks I’m responsible to do in my work environment is to either coordinate or perform network assessment projects on my own.
A major part of a network security assessment is vulnerability discovery and penetration testing to identify weaknesses and possible exposures of systems to security threats.
The first phase of a security assessment job is to discover your possible targets over the network. This means scanning the target network to see which hosts are live and which TCP/UDP ports are open on the remote hosts.
By getting as much knowledge as possible about the open ports (i.e which services are running on the remote hosts) you can proceed with finding possible vulnerabilities, misconfigured services etc.
Moreover, scanning for open ports can help you check whether a firewall is correctly configured and that it does not allow unnecessary services to be visible/exposed on the public Internet.
Therefore, a port scanner utility is essential to evaluate Windows and Linux target machines for both security and network admin professionals.
Here are 13 free (and some open source) IP port scanners that can work on either Windows or Linux and are meant specifically to help with network discovery and security evaluation.
NMAP is a free and open-source port scanner that is designed for versatility combined with ease of use. It runs on both Windows and Linux machines and is very reliable.
This is the de facto tool used by almost every security professional in a network discovery task.
NMAP is designed to be flexible and is able to handle IP filters, firewall evasion, multiple scanning techniques, reporting results in various formats, customization, discovery of operating systems and service versions running on hosts etc.
It can also handle scanning hundreds of thousands of machines if you are searching for a port scanner for business purposes.
If you are looking for an accredited, powerful and reliable port scanner, then NMAP is going to be it, having won several awards from the likes of Linux Journal, Info World, and Codetalker Digest.
As shown on the screenshot above, I have run a very basic nmap scan against IP address 192.168.0.1. As you can see, the tool discovered several open ports and also tells you what services are running on these ports.
ZENMAP is actually related to NMAP, coming from the same creators. However, its purpose is more directed towards being a Security Scanner GUI as it helps NMAP be more accessible to people who might not be the most tech-savvy around.
It is multi-platform, meaning that you can run it on just about any computer such as Windows, Linux, MAC etc. It also can be downloaded in a package alongside NMAP so that you don’t even have to do any extra searching for this program.
After starting ZENMAP, you can click and select several options which are translated to actual NMAP commands. The engine that runs the port scanning is the actual nmap tool we described above.
ManageEngine is a company that develops a wide range of software tools related to managing, monitoring and troubleshooting IT network infrastructures.
OpUtils is a software suit from ManageEngine that includes also network scanning functionality. It can be downloaded with 30-day free trial, however, even after the 30-days trial, the network scanning functionality is free for ever (see table below):
The tool enables you to perform full-fledged port scanning in your network to detect open ports and services and find live hosts using ping, snmp ping, DNS etc.
If you want to have also visibility into the physical network ports of the network switches in your environment, you can opt for the paid version of OpUtils which scans also the switch ports and maps the connectivity details in Layer 2 level.
Everyone loves having a program that is easy to work with and easy to understand. The Solarwinds Port Scanner provides exactly that.
Designed to scan any available IP addresses alongside their TCP and UDP ports, you will be able to identify any network vulnerabilities that you may have, among other things.
If you value your security and you want to easily understand the information your port scanner is providing you, then this is the way to go.
Solarwinds is a reputable and popular vendor of software products related to networking, monitoring, infrastructure management etc.
This tool is also free (although you have to register to download) and is very close to nmap in terms of features and capabilities.
Another thing that many people can appreciate is having a program that is versatile and that has been around for a while.
After all, if a program has been around since the mid-2000s, then there’s a good chance that it is being run by people who understand quite a bit about the intricacies of network scanning.
MyLANViewer is one such scanner and it allows you to find IP addresses, MAC addresses, and even shared folders on both wireless and wired networks.
This software looks outdated but it actually works on almost all versions of Windows such as Windows 10 (32-bit, 64-bit), 7, 8, XP, Vista etc.
The tool utilizes Netbios to discover also possible shared folders of Windows machines on the network.
The main difference with other tools on this list is that it does not scan for open/closed ports but rather it can trace and identify live computers connected to your wired or WiFi network.
Another powerful and open source little software that is so flexible that they named it “the swiss army knife of TCP/IP network utilities”.
Its main purpose is not used as port scanner but rather it is used to send and receive TCP packets over the network.
However, it can be used easily as a port scanner because you can send packets towards a specific TCP port to the remote host and listen for the reply. This can tell you if the remote port is open or not.
Here is an example below how ncat can be used to scan for open ports on remote host 192.168.0.5
nc -v -z -w1 192.168.0.5 1-1024
The command above will probe remote IP 192.168.0.5 for open ports in the range of 1-1024. Note that the port range above is the “well known” port range that most services are running on.
One special feature that Netcat offers is “tunneling mode,” which allows special tunneling to UDP and TCP while also specifying the network parameters and letting the remote host connect through the tunnel. Depending on what your needs are, this can help you out significantly especially in penetration testing for “lateral movement”.
One thing that many people also appreciate is being able to download their port scanners from a reliable resource and there is nothing that has as solid a reputation as the Microsoft Store does.
The Cenix Network Port Scanner does exactly what you need it to, allowing you to scan ports and test your general network security. It also has an easy-to-navigate interface so just about anyone can use it without any complications.
It can even scan a range of both IP addresses and ports so that you can use it on big networks as well.
Sometimes simplicity is best and this is where Advanced Port Scanner shows off what it has.
With features such as multithreaded scanning, identification of services running on remote machines, remote access via RDP (Microsoft Remote Desktop Protocol) etc, Advanced Port Scanner can do a fair bit more than just scan IPs and look for security holes.
In fact, you can do a considerable amount of work from remote access using this program, including running commands on a remote computer as well. This versatile program will be able to help your personal network or your business’s online security and is also free!!
Sometimes a network administrator or security professional just wants to see quickly what IP addresses are live on a specific network. By downloading Angry IP scanner, and without even installing the software, you can just execute a quick IP scan and get results back fast.
In addition to pinging the remote hosts to identify if they are alive or not, it can also do port scanning, MAC address scanning and even get NetBIOS information. All data is then exportable to CSV, Text, XML etc.
This program is also open-source, which is something else that you should be looking for, and it does not require any installation after the initial download. You can freely download it and run it on any Operating System you want.
This tool is free for scanning up to 100 assets (network nodes). Above that, there is a charge of $1 per asset per year.
LAN Sweeper IP Scanner has an integrated help desk, central communication hub, and ticketing system that allows users and agents to open tickets related to network issues. This puts it a step above other IP-scanning programs.
Other than that, it includes all basic and advanced features that a network admin will need in a network discovery software.
The IP scanner functionality of the software is just a small part of a whole umbrella of all the features that are offered. This is a full-fledged centralized IT inventory management solution.
The website of this software claims that it’s a “Premium IP Scanner for Windows”. It’s a paid tool however you can use it for free if you scan less than 50 network devices.
This makes it ideal for home and small office environments although the paid versions are pretty affordable.
It boasts the title of being a premium next-generation network scanner, being able to gather information from devices without credentials or agents.
The tool can identify the type of operating system of remote hosts by using TCP/IP fingerprinting without having to log in to the remote host or install an agent to the remote host.
However, keep in mind that the above capability is also available on NMAP as well although the device DB of Komodo might be bigger than NMAP.
While there are countless programs, both free and paid for, that you can get on computers and laptops, there are not many programs that are designed to scan IPs when you are on a mobile device — that is, aside from Port Authority Mobile App (and a few others of course).
As you might be able to imagine, this app is designed to be more effective and useful in scanning your WiFi network since it runs on a mobile device. However, it can find also LAN connected devices as well.
This scanner is meant for Android devices specifically. It can be found on the Google Play Store and it boasts being one of the fastest scanners on the market claiming to scan 1000 ports within 5 to 10 seconds.
Last but certainly not least is the MiTec Network Scanner which is supported on all versions of Windows (10, 7, 8, XP, Server 2012, 2016 etc).
It is a freeware tool that is based on Donations. Considering the effort given in developing this useful tool and the great features it has, being free is unbelievable. It has capabilities found only on commercial solutions.
What I like about this software is that you can setup the credentials of systems in the tool which can log in to remote systems and perform deep scans (of registry, using SNMP etc). In addition to that, regular port scanning and ICMP scanning can also be done for general host discovery.
So there you have it. These port scanning and network discovery tools will be a great addition to your software arsenal as a network or security professional.
- 15 Best Firewall Management Software Tools for Rules and Policies
- 11 Alternatives to Solarwinds NPM for I.T and Network Monitoring
- 12 Splunk Alternatives for Log Analysis, Observability and SIEM
- 10 Useful Network Documentation Tools for IT and Networking Professionals
- Top 10 PRTG Alternatives for Monitoring Networks and IT Infrastructure