We briefly review some of the best tools to scan IP addresses from Mac computers. We’ll explore the major feature of each tool, insisting on what makes each one unique.
There’s only one way one can know for sure what IP addresses are actually in use on a network. You need to try to connect to each one and see if it responds. It is a long, boring, and tedious task that is often done using the ping command. Ping has been around for ages and it is one of the best ways to test for connectivity to a given IP address. But if you have to scan an entire network with potentially hundreds of IP addresses, you’ll quickly realize that you’d be better off using a tool that does it for you. If you’re a Mac user who’s looking for a tool which automates the scanning of IP addresses, you’re at the right place. We’ve done much of the searching for you and we’re about to review some of the best IP scanners for the Mac OS X operating system.
We’ll begin by discussing IP address scanning in general. In particular, we’ll describe the different reasons for scanning IP addresses because, as much as it’s nice to know which IP addresses are in use, there has to be a point to doing it, an underlying reason. We will then have a deeper look at the ping utility. Although ping is not a scanning tool, it is at the base of many IP address scanning tools. Knowing what it can do and how it works could then prove to be valuable as we start reviewing the different tools.
The Need For IP Address Scanners
Apart from the pure fun of knowing what IP addresses are in use—in as much as there can be fun to it, there are several reasons one might want to scan IP addresses. The first one is security. Scanning IP addresses on a network will quickly discover unauthorized or rogue devices. They could be devices connected by malicious users to spy on your organization.
But even well-intentioned users can sometimes wreak havoc by connecting their personal devices. I vividly recall this user who prevented many of his colleagues from accessing the corporate network when he connected his home Internet router to it. He just needed a couple of extra ports to connect an additional test computer and thought he could use the switch built into his router. The problem is that the router started issuing IP addresses on its home subnet from its built-in DHCP server.
Other than security reasons, scanning IP addresses is also the first step of many IP address management processes. Although most IP address management (IPAM) tools will include some form of IP address scanning, several people do their IP address management manually. This is where IP address scanning tools can come in handy. And for those who don’t have an IP address management process in place, scanning IP addresses is even more important. It will often be the only way to ensure that there are no IP address conflicts and it can be seen as a rather crude way of pseudo-managing IP addresses.
No matter why you want to scan IP addresses, most tools are based on ping so let’s have a look at this antique utility. Ping was created out of necessity back in 1983. Its developer needed a tool to help in debugging an abnormal network behaviour he was observing. The origin of the name is simple, it refers to the sound of sonar echoes as heard in submarines. Although it is present on almost every operating system, its implementation varies somewhat between platforms. Some versions are offering multiple command-line options which can include parameters such as the size of each request’s payload, the total test count, the network hops limit, or the interval between requests. Some systems have a companion Ping6 utility that serves the exact same purpose for IPv6 addresses.
Here’s a typical use of the ping command (the -c 5 option tells the command to run five times and then report on the results):
$ ping -c 5 www.example.com PING www.example.com (126.96.36.199): 56 data bytes 64 bytes from 188.8.131.52: icmp_seq=0 ttl=56 time=11.632 ms 64 bytes from 184.108.40.206: icmp_seq=1 ttl=56 time=11.726 ms 64 bytes from 220.127.116.11: icmp_seq=2 ttl=56 time=10.683 ms 64 bytes from 18.104.22.168: icmp_seq=3 ttl=56 time=9.674 ms 64 bytes from 22.214.171.124: icmp_seq=4 ttl=56 time=11.127 ms --- www.example.com ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms
How Ping Works
Ping is a pretty simple utility. It simply sends ICMP echo request packets to the target and waits for it to send back an ICMP echo reply packet for each received packet. This is repeated a certain number of times—five by default under windows and until it is manually stopped by default under most other implementations—and it then compiles response statistics. It calculates the average delay between the requests and their respective replies and displays it in its results. On most *nix variants as well as on the Mac, it will also display the value of the replies’ TTL field, giving an indication of the number of hops between source and destination.
For ping to work, the pinged host must abide by RFC 1122 which specifies that any host must process ICMP echo requests and issue echo replies in return. Most hosts do reply but some disable that functionality for security reasons. Firewalls often block ICMP traffic too. Pinging a host which does not respond to ICMP echo requests will provide no feedback, exactly like pinging a non-existent IP address. To circumvent this, many IP address scanning tools use a different type of packet to check if an IP address is responding.
The Best IP Scanners For the Mac
Our selection of IP address scanning tools for the Mac includes both commercial software and free and open-source tools. Most of the tools are GUI-based although some are command-line utilities. Some are rather complex and complete tools while others are just simple extensions of the ping command to include some way of scanning a range of IP addresses without having to issue multiple commands or to write a scanning script. All these tools have one thing in common: they can all return a list of all the IP addresses that are responding within the scanned range.
1. Angry IP Scanner
Despite being deceptively simple Angry IP Scanner does exactly what one would expect and it makes extensive use of multithreading. This makes it one of the fastest tools of its kind. It is a free multi-platform tool which is not only available for Mac OS X but also for Windows or Linux. The tool is written in Java so you’ll need to have the Java runtime module installed to use it but this is pretty much its only drawback. This tool will not only ping IP addresses, but it will also optionally run a port scan on discovered hosts. It can also resolve IP addresses to hostnames and MAC addresses to vendor names. Furthermore, this tool can provide NetBIOS information about each responding host that supports it.
The Angry IP Scanner can not only scan complete networks and subnets but also an IP addresses range or a list of IP addresses from a text file. Although this is a GUI-based tool, it also comes with a command-line version that you can use if, for instance, you want to include the tool’s functionality in your own scripts. As for the scan results, they are by default displayed on the screen in table format but they can easily be exported to several file formats such as CSV or XML.
LanScan from Iwaxx is available from the Apple app store. It’s a simple application that does just what its name implies: scan a LAN. It is a free, simple and efficient IPv4-only network scanner. It can discover all active devices on any subnet. It could be the local one or any other subnet that you specify. In fact, it is quite flexible when it comes to specifying what to scan and it can be as small as a single IP address and as large as a whole network.
One unique characteristic of this product is how it will use ARP to scan a local subnet and use ping, SMB, and mDNS packets to scan external and public networks.
This product has several advanced features. It will, for instance, auto detect configured interfaces. It will also display the IP address, MAC address, hostname and interface card vendor associated with each discovered IP address. It will also discover SMB domains if they are in use and will do hostname resolution using either DNS, mDNS for Apple devices or SMB for Windows devices.
In-app purchase will let you upgrade the app to the pro version which has only one extra feature: it will display the full hostname of each discovered host. The free version will only display four full hostnames and the first 3 characters of the remaining ones.
3. IP Scanner For Macintosh
IP Scanner for Macintosh will scan your LAN to identify what IP addresses are in use and identify all computer and other devices on the network. The product is free for use on small home networks of up to six devices and paid Home and Pro versions are available for larger networks. The tool yields powerful results yet it is easy and intuitive to use. Local networks are scanned automatically and custom IP address ranges can be added and scanned manually
IP Scanner for Macintosh is designed to allow you to customize your scan results. Once a device has been identified, you may assign it a custom icon and name to more easily recognize it at a glance. The tool will let you sort the results list by device name, IP address, MAC address or Last Seen time stamp. It can also give you an overview of the current network or show you changes over time.
The results display is highly customizable and you can adjust columns, text size, bezel transparency, and more. Double-clicking a device gives you more information and allows you to customize its appearance. Right-clicking a device will let you initiate a ping sequence or run a port scan of it.
Almost as old as ping, Nmap has been around for ages and it’s commonly used for mapping network–hence the name–and accomplish several other tasks. For instance, Nmap can be used to scan a range of IP addresses for responding hosts and open IP ports. This is a command-line utility but, for those who prefer graphical user interfaces, its developers have published Zenmap, a GUI front-end to this powerful software. Both packages can be installed on Mac OS X, Windows, Linux, and Unix.
Using Zenmap, all the detailed search parameters can be saved in a profile that you can recall at will. The tool also comes with several built-in profiles that you can use as a starting point and modify to suit your exact needs. This can be less intimidating than creating new profiles from scratch. Profiles also control how the results of the scan are displayed. The interface’s first tab shows the raw output from the underlying nmap command while other tabs show an easier to understand interpretation of the raw data.
Masscan claims to be the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. Although we haven’t validated that this is true, it is clear that this is a fast tool, albeit a text-based one.
The results that are produced by Masscan are somewhat similar to those of nmap that we’ve just reviewed. However, it operates internally more like scanrand, unicornscan, and ZMap, and it uses asynchronous transmission. The major difference between this tool and the others is that it is simply faster than most other scanners. But it’s not only fast, it’s also more flexible, allowing arbitrary address ranges and port ranges.
Masscan is so fast in part because it uses a custom TCP/IP stack. This can create some issues, though. For instance, anything other than a simple port scan will cause a conflict with the local TCP/IP stack. You can circumvent this by either using the -S option to use a separate IP address or by configuring your operating system to firewall the ports that the tool uses. Although this is primarily a Linux tool, it is also available for Mac OS X. Its main drawback is the lack of a graphical user interface but this is largely compensated by the tool’s blazing speed.
ZMap is a fast single packet network scanner developed at the University of Michigan and designed for Internet-wide network surveys. Perhaps not as much as the previous selection, this is also a fast tool. On a typical desktop computer with a gigabit ethernet connection, it is capable of scanning the entire public IPv4 address space in under 45 minutes. With a 10 gigabit connection and PF_RING, it can scan the IPv4 address space in under 5 minutes. Zmap is available for Mac OS X but also for Linux and for BSD. On a Mac, installation is simple through Homebrew.
The tool does not solely rely on ping to scan networks. It currently has fully implemented probe modules for TCP SYN scans, ICMP, DNS queries, UPnP, and BACNET. It can also send a large number of UDP probes. If you are looking to do more involved scans such as banner grab or TLS handshake, you might want to have a look at ZGrab, another project from the University of Michigan. This Zmap sibling can perform stateful application-layer handshakes. Like the previous entry, ZMap is essentially a text-based tool.
Fping was created as an improvement over ping, then one of the only network troubleshooting tool. It is a similar command-line tool yet it is quite different. Like ping, Fping uses ICMP echo requests to determine if the target hosts are responding but this is pretty much where the similarity ends. Unlike ping, Fping can be called with many target IP addresses. The targets can be specified as a space-delimited list of IP addresses. The utility can also be provided with the name of a text file containing a list of addresses. Finally, an IP address range can be specified or a subnet can be entered in CIDR notation such as 192.168.0.0/24.
Fping is relatively fast as it does not wait for a response before sending the next echo request, that way, it doesn’t lose time waiting for unresponsive IP addresses. Fping also has lots of command-line options that you can use. Since this is a command-line tool, you can pipe its output to another command for further processing. This tool can easily be installed on Mac OS X using Homebrew.
Hping is another free command-line tool derived from ping. It is available on Mac OS X as well as most Unix-like operating systems and Windows. Although it is no longer in active development, it is still in widespread use, a testament to how good a tool it is. The tool closely resembles ping but with several differences. For starters, Hping won’t only send ICMP echo requests. It can also send TCP, UDP or RAW-IP packets. It also features a traceroute mode and it has the ability to send files.
Although Hping can be used as an IP address scanning tool, it can do quite a bit more than that. The tool has some advanced ports scanning features. Thanks to its use of multiple protocols, it can also be used to perform basic network testing. This tool also has some advanced traceroute capabilities using any of the available protocols. This can be useful as some devices treat ICMP traffic differently from other traffic. By mimicking other protocols, this tool can give you a better evaluation of your network’s true, real-time performance.