How to Scan a Network for IP Addresses—Guide and Tools

on May 4, 2020

Today, digital networks need to offer 24/7 business continuity for employees, partners, and customers to interact seamlessly across different business touchpoints. Several applications are required to run simultaneously to serve critical functions (such as finance, sales, and supply chain). This means every device or node in a network needs to function properly. Network administrators need to monitor their devices consistently for faults, overloads, and failures, and routinely upgrade the devices. However, business networks are constantly expanding and contain a complex mix of legacy and next-gen networking equipment, physical and virtual servers, workstations, personal devices, and more. IT teams need advanced network monitoring tools to keep track of all devices in a network. However, most of these advanced tools and techniques for network monitoring still rely heavily on IP address scanning. In this article, we’ll discuss to find IP addresses of all devices in a network, why network-scanning is important, and list some common tools for the job.

Getting Started—The Basics of IP Addresses

What Is an IP Address?

An IP address is a unique identifier attached to every node (workstation, server, printer, etc.) on a network to ensure data transfer and communications. Most networks use TCP/IP protocol for networking, which ensures different devices in a network interact with each other. IT addresses are of two types:

  • IP Version 4 (IPv4): Uses 32-bit addresses, e.g., 216.27.60.136
  • IP Version 6 (IPv6): Uses 128-bit addresses, e.g., 2001:cdba:0000:0000:0000:0000:3257:9652

The IPv6 format was introduced as IT practitioners felt the total number of unique addresses served by the IPv4 format (i.e., 4.3 billion) would fall short of the demand with the rising number of mobile and IoT devices. IPv6 can provide 2128 unique addresses, which is sufficient to meet all our IP addressing requirements for the foreseeable future.

How Are IP Addresses Assigned?

IP addresses are assigned dynamically, using an automated networking process called Dynamic Host Configuration Protocol (DHCP). A DHCP server assigns an IP address to a host as soon as it enters a network. While there are dedicated DHCP servers, in small networks, a router could also offer DHCP services. In addition to the IP address, DHCP also assigns other critical address parameters like the default gateway address, subnet mask, and domain name server (DNS) address. DHCP plays a crucial role in IP addressing, as there are chances of misconfiguration with manual processes (such as two or more devices getting the same IP address).

How to Find IP Addresses

All operating systems offer simple utilities to monitor basic networking parameters, including IP address scanning. These utilities are accessible via the command line and offer the simplest way to find a list of all device IPs connected to a network. Network administrators often use these utilities for basic troubleshooting. Here are some of the commands you can use to find IP addresses and get details about a connection.

  • ipconfig (for Windows) and ifconfig (for MacOS and Linux)

The command provides details of network settings (IP address, subnet, and gateway) for all adapters connected to your computer.

  • ping <followed by the IP address of a host>

The command sends a packet to the host and calculates the roundtrip time and packet loss to check connectivity between the devices.

The commands above are useful for basic troubleshooting; however, they offer limited help as networks grow. Large networks are divided into multiple subnets with multiple routers. With the above methods, an administrator would have to switch subnets and perform scans one-by-one. The manual process can take significant time and effort and is error prone. Further, within multiple subnets, devices are always connecting and disconnecting, which can make monitoring a rigorous task. That’s why network administrators need advanced tools for monitoring and troubleshooting in larger networks. We cover some of these tools later in this article.

What Is a Network Scanner?

A network scanner is a tool or application used to detect and categorize all devices in a network by their IPs, MAC addresses, vendor, port, etc. to aid network diagnostics, penetration testing, troubleshooting, and forensic investigations. While performing a scan, a network administrator provides a range of IP addresses as an input to the scanner. The scanner pings or checks all these addresses to determine the status, performance, and availability of all devices present within the range of IP addresses. The scanning can be initiated manually or scheduled automatically as per the monitoring needs of an organization.

Why Is Network Scanning Important?

IP address scanning is a basic functionality offered by network monitoring tools. Network administrators, penetration testers, and even hackers rely on commonly available IP scanning and packet sniffing tools to scan a network. With these tools, security teams can map a network, its topology, and find unauthorized devices hidden in corporate networks. It’s important for IT teams to keep tabs on shadow IT within their organizations, and network scanning tools offer great help in this direction.

Top 10 Tools to Find IP Addresses and Scan a Network

  1. IP Address Manager
  2. Network Performance Monitor
  3. User Device Tracker
  4. Engineer’s Toolset
  5. Angry IP Scanner
  6. Network Monitor
  7. ManageEngine Advanced IP Scanner
  8. MyLanViewer
  9. Advanced IP Scanner
  10. IP Address Tracker

1. IP Address Manager

screenshot of solarwinds ip address manager's dhcp and dns management window

SolarWinds® IP Address Manager (IPAM) is an advanced tool for automated IP address scanning. In addition to IP address management, it offers DHCP and DNS management. With this tool, IT teams can run automated scanning to get accurate information about the assigned and abandoned IP addresses in a network. The IP address logs are auto-updated frequently, so IT addresses are reclaimed without issues. Teams can also monitor all IP address conflicts, DNS records mismatch, DHCP utilization, and more using unified dashboards.

SolarWinds IPAM makes it easier to manage both IPv4 and IPv6 addresses with a common interface. Teams can perform automated discovery of IPv4 addresses, whereas IPv6 discovery relies on the Neighborhood Discovery Protocol (NDP). Its IP range scanner allows scanning of a range of addresses, a key requirement in enterprise networks with large subnets. Further, it allows IT teams to perform Internet Control Message Protocol (ICMP) ping sweeps to find response times and availability of devices connected to a network.

The tool also offers a customizable template to track subnet capacity. Network administrators can use this feature for capacity planning. With IPAM, network admins also get a wizard for subnet allocation. The wizard helps categorize all available IP addresses into appropriately sized subnets for a network. Highly intuitive features like drag-and-drop support make it easier for admins to define subnets, groups, supernets, and individual IP addresses. Admins can also define custom fields for better network management. You can try SolarWinds IPAM free for 30 days here.

2. Network Performance Monitor

screenshot of solarwinds network performance monitor showing network map

SolarWinds Network Performance Monitor (NPM) is an advanced multi-vendor network monitoring product used by enterprises for running their network operations center. The tool goes beyond simple IP address scanning and offers advanced features for network diagnostics. With NPM, teams can easily keep track of the performance and availability of different network devices.

NPM offers Simple Network Management Protocol or SNMP-based network device scanning to find devices on a network automatically. Scanning enables you to monitor network devices from multiple vendors. With these scans, admins can quickly identify faults or performance issues affecting their devices and ensure maximum availability. Further, teams can create custom dynamic network maps for network visualization and device performance metrics.

Further, NPM offers advanced alerting with preset and customizable alerts. NPM raises alerts only when a network encounters critical issues such as higher CPU usage or overloaded or crashed servers, helping prevent alert fatigue. With intelligent alerting, IT teams can monitor their network proactively, avoiding server crashes, suspicious system changes, intrusion attempts, and more. NPM simplifies network monitoring and troubleshooting for IT teams, helping them reduce their Mean Time to Detect (MTTD) and Mean Time to Resolve (MTTR) and stay on top of their network. There’s a free 30-day trial of NPM.

3. User Device Tracker

screenshot of solarwinds user device tracker showing enterprise network map

SolarWinds User Device Tracker is another important IT administration tool to helps track devices by their IP or MAC addresses, ports, vendors, and more. In addition to monitoring all switches and ports for errors, performance issues, and capacity, IT teams can track Wireless Access Points (WAPs) with this tool. They can also switch their ports on or off remotely to resolve any IP conflicts. SolarWinds also offers IP Control Bundle, which integrates with User Device Tracker to help resolve IP conflicts. The bundle raises alerts as soon as it encounters an IP conflict, allowing administrators to reassign IPs.

User Device Tracker also helps track rogue devices and prevent insider threats in a network. IT teams can create a device watchlist based on IP addresses, MAC addresses, or hostname, and receive alerts if a suspicious device attempts to connect to the network. Further, for more detailed inspection, IT teams can get user details from the Active Directory, including username, contact information, endpoint name, endpoint login summary, and more. User Device Tracker also facilitates forensic investigations. Auditors can check user login history to reveal the times they accessed a particular network, with details of the connection type, nodes, access points, and more. SolarWinds UDT also offers a free 30-day trial.

4. Engineer’s Toolset

screenshot of solarwinds engineer's toolset's diagnostics window

SolarWinds Engineer’s Toolset is a suite of over 60 tools for comprehensive network monitoring and management. These tools offer essential features for network administration, including auto-discovery of network devices, streamlined diagnostics with real-time IP address and DHCP scope monitoring, advanced alerting, and more. IT administrators can use the auto-discovery feature to trace all devices with their MAC addresses, IP addresses, port number, SNMP and Ping Sweeps, and more. Once all devices are identified, you can drill down to individual device performance and availability with metrics covering response times, memory utilization, and more. IT teams can also use tools like Traceroute, Ping Sweep, and DNS analyzer to track individual packets in a complex network and troubleshoot issues quickly.

Further, network administrators can also perform stress testing on their networks using a tool called WAN Killer, which is part of Engineer’s Toolset. This tool generates random traffic on a connection to check how well it can meet increased workloads. It can also simulate security attacks to find out if the network is vulnerable. As enterprise networks are often exposed to numerous threats due to device misconfigurations, the toolset also helps in managing different configurations. It also integrates with SolarWinds NPM. You can try out all the features for yourself during a free 14-day trial.

5. Angry IP Scanner

screenshot of angry ip scanner performing ip scan

Angry IP Scanner is an open-source software, which supports Windows, Linux, and Mac OS X. It’s one of the earliest and most popular IP scanning tools in the market. The tool is simple to use and offers high-speed scanning of IP addresses in any range with its multi-threaded approach. It can also scan different ports. Unlike advanced network monitoring solutions, Angry IP Scanner doesn’t require elaborate installation. You can simply copy and use it anywhere. The tool offers basic IP scanning and can also be used to extract additional information with numerous plugins. As it’s an open-source tool, you can use any of the community-backed Java plugins or create your own for extending the monitoring capabilities with the IP scanner. You can find more information about the open-source tool here.

6. Network Monitor

screenshot of prtg network monitor's land traffic report

PRTG Network Monitor is a comprehensive network monitoring tool offering several sensors for monitoring different components of a network. Depending on their monitoring requirements, organizations can choose the type and number of sensors and start monitoring their network. The tool offers auto-discovery and scans all IP addresses in its subnetwork during the installation. Post-installation, IT admins can also scan other subnetworks for IP addresses. They can install IP Sensor to ping all devices and receive alerts if a device doesn’t respond. They can also install sensors for scanning and filtering traffic by vendor (Dell, Cisco, HP, etc.), IP address, endpoint (server, printer, workstation, etc.), and more. The tool also offers advanced visualization and unified dashboards to stay on top of a network. These dashboards help administrators monitor anomalies by keeping a close watch on what kind of traffic is flowing on which connection. If there’s a critical incident, PRTG Network Monitor alerts the right team. Get more information about the tool here.

7. ManageEngine Advanced IP Scanner

screenshot of manageengine advanced ip scanner's ip summary report

ManageEngine Advanced IP Scanner offers several features for enhanced IP scanning and seamless visibility into a network. In addition to IP address scanning, the tool offers switch port management, helping network administrators analyze their network in seconds. They can monitor IP availability to avoid IP conflicts, get in-depth information on all scanned IPs, schedule IP scanning, and map connected switches with their IPs. The tool categorizes scanned IP addresses in three levels of availability: available, transient, and used. Available IP addresses can be assigned readily to any devices. Transient IPs are the ones occupied by devices requiring a connection, but not continuously. Used IPs are IPs occupied by devices running in a network and cannot be assigned to any other device. The tool also helps in performing subnet discovery from routers and DHCP servers. IT teams can view and download detailed reports for their scans, which can help them detect issues and troubleshoot the network. Learn more about the tool and its capabilities here.

8. MyLanViewer

screenshot of mylanviewer monitoring known and unknown devices

MyLanViewer is a free tool for Windows that offers NetBIOS and LAN/Network IP address scanning. The tool is appropriate for individual users or small teams to help find IP addresses, MAC details, and shared folders on a wired or Wi-Fi network. It also helps find details of logged users, device NICs, and OS versions, along with the management of utilities like remote shutdown and Wake On LAN. The tool also helps improve security in a network. They can monitor all users in their subnets and get notifications for new users/devices joining their wireless network. Further, an administrator can analyze the scanned data to detect rogue DHCP servers, terminate suspicious user sessions, and disable shared folders. Learn more about the tool here.

9. Advanced IP Scanner

screenshot of advanced ip scanner performing ip scan

Advanced IP Scanner is another popular network scanner useful for monitoring LAN and Wi-Fi networks. It offers a highly intuitive interface and can identify all computers on the network typically within seconds. It enables easy access to HTTP, HTTPS, FTP, and shared folders. The tool integrates with Radmin’s remote administration software. It can assist administrators with security operations via support for remote PC shutdown and Wake-on-LAN functions. They can also use the ping, tracert, and SSH commands for remote administration. Though the tool is free, it only supports Windows operating systems. Find more information here.

10. IP Address Tracker

screenshot of solarwinds ip address tracker showing ip address conflicts

IP Address Tracker is the free version of SolarWinds IP Address Manager (IPAM), covered previously in this article. The tool is ideal for small organizations and can manage up to 254 IP addresses. While most of the features of SolarWinds IPAM are also available with IP Address Tracker, it lacks monitoring of DHCP, DNS, and IP address role-based permissions. You can download the free tool here.

How to Select a Network Scanner

The selection of a network scanner depends on the organization’s scale and monitoring requirements. While smaller organizations are equally exposed to the same security threats as their enterprise counterparts, their requirements for management or governance of a network are limited. Hence, free or open-source tools can offer help in meeting their monitoring requirements. Note the performance of basic tools may drop as network size increases.

It’s crucial for IT teams to understand the fundamentals of network scanning to make the most of their tools. For example, they need to evaluate if they’re scanning a network with speed as a priority, or if they want a more accurate assessment, as most tools offer different configurations based on these requirements. Depending on the configuration used, the IP scanner will either wait before it hears from a lagging device or skip to the next IP address after a predefined period. Other tools work on multi-threaded mode, which means multiple scans run in parallel to ensure higher accuracy.

Further, IT teams will need to figure out how much information they want to extract from their network. With open-source tools, multiple integrations and plugins are required to enable additional functionalities. However, with commercial tools like SolarWinds Network Performance Monitor or Engineer’s Toolset, they can get access to most of the advanced functionalities without worrying about integrations.

Conclusion

We’ve discussed how IP address scanning can help monitor devices in a network and detect unauthorized or suspicious devices in the network. IP scanning is a routine activity and is often automated in larger networks. As organizations grow in scale and complexity, their threat surface also becomes larger. Traditional IP and port scanning tools need advanced monitoring practices for better control and visibility into the modern network. That’s why we recommend tools like SolarWinds IPAM and Network Performance Monitor for end-to-end network monitoring. You can get a free trial of these tools to evaluate their features and choose a plan as per your organization’s network monitoring needs.

Related Posts