7 Best Tools for IP Addressses Scanning and How to Do It

If you are curious about which IP addresses are currently in use on a network, the most effective method—perhaps the only one—is to scan all of them. This is generally accomplished using the ping command. The ping command has been a reliable tool for a long time and is one of the most effective ways to test connectivity to a specific IP address. However, when it comes to scanning an entire network, except for the smallest ones with only a few IP addresses, this could become a laborious process. This is when you begin to search for a tool that can automate the scanning of IP addresses.

There are several tools available for this purpose, such as SolarWinds Ping Sweep, Angry IP Scanner, Advanced IP Scanner, Network Pinger, and MiTeC Network Scanner. These tools have been designed to simplify the process of scanning IP addresses on a network. We have taken the initiative to review some of these tools for you. SolarWinds Ping Sweep, for instance, is a comprehensive tool that allows you to scan a range of IP addresses to find those in use. Similarly, Angry IP Scanner and Advanced IP Scanner offer fast and friendly network scanning, while Network Pinger and MiTeC Network Scanner provide more advanced features for professional use. We are pleased to present our findings on these tools to assist you in your network management tasks.

Today, we’ll start off by discussing IP address scanning. In particular, we’ll describe the different reasons for scanning IP addresses because, as much as it’s nice to know which IP addresses are in use, there has to be a point to doing it. We will then have a deeper look at the ping utility. Although ping is not a scanning tool, it is at the base of many IP address scanning tools. Knowing what it can do and how it works could then prove to be valuable as we look at the different tools. Finally, we’ll hit the core of the matter and not only list but also briefly review some of the best tools to scan IP addresses. We’ll explore the major feature of each tool, insisting on what makes each one unique.

Scanning IP Addresses – What For

Other than the pure fun of knowing what IP addresses are in use, there are several reasons one might want to scan IP addresses. The first reason is security. Scanning IP addresses on a network will quickly discover unauthorized devices. These could be devices connected by malicious users to spy on your organization.

But even well-intentioned users can sometimes wreak havoc by connecting their personal devices. I recall that user who prevented many of his colleagues from accessing the corporate network when he connected his home Internet router to it. He just needed a couple extra ports to connect an additional test computer and thought he could use the switch built into his router. The problem is that the router started issuing IP addresses from its built-in DHCP server.

Other than for security reasons, scanning IP addresses is also the first step of many IP address management processes. Although most IP address management (IPAM) tools will include some form of IP address scanning, Many people do their IP address management manually. This is where IP address scanning tools can come in handy.

For those who don’t have an IP address management process in place, scanning IP addresses is possibly even more important. It will often be the only way to ensure that there are no IP address conflicts and it can be seen as a rather crude way of pseudo-managing IP addresses.

Enter Ping

No matter why you want to scan IP addresses, most tools are based on Ping so let’s have a look at this antique utility. Ping was created out of necessity back in 1983. Its developer needed a tool to help in debugging an abnormal network behaviour he was observing. The origin of the name is simple, it refers to the sound of sonar echoes as heard in submarines. Although it is present on almost every operating system, its implementation varies somewhat between platforms. Some versions are offering multiple command-line options which can include parameters such as the size of each request’s payload, the total test count, the network hops limit, or the interval between requests. Some systems have a companion Ping6 utility that serves the exact same purpose for IPv6 addresses.

Here’s a typical use of the ping command:

$ ping -c 5 www.example.com
PING www.example.com (93.184.216.34): 56 data bytes
64 bytes from 93.184.216.34: icmp_seq=0 ttl=56 time=11.632 ms
64 bytes from 93.184.216.34: icmp_seq=1 ttl=56 time=11.726 ms
64 bytes from 93.184.216.34: icmp_seq=2 ttl=56 time=10.683 ms
64 bytes from 93.184.216.34: icmp_seq=3 ttl=56 time=9.674 ms
64 bytes from 93.184.216.34: icmp_seq=4 ttl=56 time=11.127 ms

--- www.example.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms

The “-c 5” option in the above example tells Ping to repeat five times.

How Ping Works

Ping is a pretty simple utility. It simply sends an ICMP echo request packet to the target and waits for it to send back an ICMP echo reply packet. It repeats the process a certain number of times—five by default under windows and until it is manually stopped by default under most Unix/Linux implementations—and it then compiles responses statistics. It calculates the average delay between the requests and their respective replies and displays it in its results. On most *nix variants, it will also display the value of the replies’ TTL field, giving an indication of the number of hops between source and destination.

For ping to work, the pinged host must follow RFC 1122 which specifies that any host must process ICMP echo requests and issue echo replies in return. Most hosts do reply but some disable that functionality for security reasons. Firewalls often block ICMP traffic too. Pinging a host which does not respond to ICMP echo requests will provide no feedback, exactly like pinging a non-existent IP address. To circumvent this, many IP address scanning tools use a different type of packet to check if an IP address is responding.

The Best Tools To Scan IP Addresses

Our selection of IP address scanning tools includes a bit of everything. We have commercial software but we also have free and open-source tools. We have GUI-based tools but also some command-line utilities. Some are rather complex tools while others are mere extensions of the ping command to include some way of scanning a range of IP addresses without having to issue multiple commands. They all have one thing in common, they at least return a list of all the IP addresses that are responding.

1. SolarWinds Ping Sweep (FREE TRIAL)

First on our list is a tool from SolarWinds, maker some of the best network administration tools. The company is also known for its free tools. The SolarWinds Ping Sweep tool is simply one of the best IP address scanning tools. It is part of the SolarWinds Engineer’s Toolset, a bundle of more than 60 useful, Windows-based network management utilities, including Ping Sweep.

Using the SolarWinds Ping Sweep is super-easy. The tool has a graphical user interface where you enter the IP address range you want to scan. The range can be as big or as small as you want. You can even scan a discontinuous list of IP addresses from a text file. For instance, you could extract a list of assigned IP addresses from your DHCP server and use it as the tool’s input to see which ones are actually used.

The Ping Sweep tool will ping all the specified IP addresses and list those that responded. This could hardly be simpler. The results can be exported to several file types such as CSV, XML, or even a web page. That way, you can analyze the results using your own favourite tool. As for the results, they don’t only include the IP addresses of the responding hosts. The tool also shows you each address’ response time and it does a reverse DNS lookup to find and display their hostnames.

Prices for the SolarWinds Engineer’s Toolset–including Ping Sweep–start at $1 495. This is a per named user price and you’ll need one license for each named user. Considering all the other tools that are part for bundle this is well worth the investment – and don’t forget there’s a 30-day trial which you could take advantage of.

Other Tools In The SolarWinds Engineer’s Toolset

The SolarWinds Engineer’s Toolset includes many more dedicated troubleshooting tools. Tools like DNS Analyzer and TraceRoute can be used to perform network diagnostics and help resolve complex network issues quickly. For security-oriented administrators, some of the tools can be used to simulate attacks and help identify vulnerabilities.

The SolarWinds Engineer’s Toolset also features some excellent monitoring and alerting capabilities. It includes several tools to monitor your devices and raise alerts for availability or health issues. And finally, you can use some of the included tools for configuration management and log consolidation.

Here’s a list of some of the other tools you’ll find in the SolarWinds Engineer’s Toolset:

• Port Scanner
• Switch Port Mapper
• SNMP sweep
• IP Network Browser
• MAC Address Discovery
• Response Time Monitor
• CPU Monitor
• Memory Monitor
• Interface Monitor
• TraceRoute
• WAN Killer Network Traffic Generator
• Router Password Decryption
• SNMP Brute Force Attack
• SNMP Dictionary Attack
• Config Compare, Downloader, Uploader, and Editor
• SNMP trap editor and SNMP trap receiver
• Subnet Calculator
• DHCP Scope Monitor
• DNS Structure Analyzer
• DNS Audit
• IP Address Management

2. Angry IP Scanner

Despite being deceptively simple Angry IP Scanner makes extensive use of multithreading, making it one of the fastest tools of its kind. It is a free multi-platform tool which is available for Windows, OS X, or Linux. Since the tool is written in Java, you’ll need to have the Java runtime module installed to use it. This is pretty much the tool’s only drawback. This tool will not only ping IP addresses, but it will also optionally run a port scan on discovered hosts. It can also resolve IP addresses to hostnames and MAC addresses to vendor names. Furthermore, this tool will provide NetBIOS information about each responding host.

The Angry IP Scanner can not only scan complete networks and subnets but also an IP addresses range or a list of IP addresses from a text file. Although this is a GUI-based tool, it also comes with a command-line version that you can use if, for instance, you want to include the tool’s functionality in your scripts. As for the scan results, they are by default displayed on the screen in table format but they can easily be exported to several file formats such as CSV or XML.

3. Advanced IP Scanner

Advanced IP Scanner may seem like just another free IP address scanning tool but it has an interesting twist. The tool, which runs on Windows, is totally geared towards that operating system and it features several Windows-related advanced functionalities. More about that in a moment. The tool’s publisher claims this free software is used by over 30 million users worldwide. It is a portable tool that requires no installation.

As for the tool’s functionality, it takes an IP address range as input but you can also supply a text file with a list of IP addresses. The results you get from this tool are impressive. You get, of course, the list of IP addresses that responded but you also get their corresponding hostname, MAC address and network interface vendor. For each responding Windows host, you also get a live list of its network shares. By live, I mean that you can click any share to open it on your computer—provided that you have the proper access rights. You can also start a remote control session with any discovered Windows host using either RDP or Radmin or even remotely turn a computer off.

4. Network Pinger

Network Pinger is another free Windows tool. Its interface is one of the most intuitive you can find. The tool’s performance is one of the best you can find. It was clearly optimized for the best possible performance. This tool can send 1000 pings in just 35 ms. This is fast; very fast. Network Pinger features several built-in tools. There’s automated mass ping, traceroute, port scanning, WMI, DNS and Whois queries, an IP calculator and converter, and many more.

Network Pinger makes great use of its graphical user interface and is loaded with visual features. For example, it can build live charts as it performs a ping sweep displaying a visual rendition of the important statistics such as a pie chart depicting the responding vs non-responding hosts or a graph showing average response times.

5. Fping

Fping was created as an improvement over ping, then the only network troubleshooting tool. It is a similar command-line tool yet it is quite different. Like ping, Fping uses ICMP echo requests to determine if the target hosts are responding but this is where the similarity ends. While ping only accepts a single IP address as a parameter, Fping can be called with many target IP addresses. The targets can be specified as a space-delimited list of IP addresses. The utility can also be provided with the name of a text file containing a list of addresses. Finally, an IP address range can be specified or a subnet can be entered in CIDR notation such as 192.168.0.0/24.

Fping does not wait for a response before sending the next echo request, thereby not losing time waiting for unresponsive IP addresses. Fping also has lots of command-line options that you can use. Since this is a command-line tool, you can pipe its output to another command for further processing.

6. Hping

Hping is another free command-line tool derived from ping. It is available on most Unix-like operating systems as well as OS X and Windows. Although it is no longer in active development, it is still in widespread use. The tool closely resembles ping but it is quite different. For instance, Hping won’t only send ICMP echo requests. It can also send TCP, UDP or RAW-IP packets. It’s also got a traceroute mode and has the ability to send files.

Hping can be used as an IP address scanning tool but it can do more than that. The tool has some advanced ports scanning features. Thanks to its use of multiple protocols, it can be used for some basic network testing. Hping also has some advanced traceroute capabilities using any of the available protocols. This can be useful as some devices treat ICMP traffic differently from other traffic. By mimicking other protocols, this tool can give you a better evaluation of your network’s true, real-life performance.

7. NetScan Tools

There are two different versions of NetScan Tools, a paid one called NetScan Tools Pro Edition and a free, ad-supported one called NetScan Tools Basic Edition with a reduced feature set. Both are toolsets which include multiple utilities and both include an IP address scanning tool called Ping Scan.

NetScan Tools’ Ping Scan takes an IP address range as input, like most other IP address scanning tools. It scans the provided IP addresses and returns a list of all the scanned IP addresses with their hostname (when resolvable), average response time and a status in text form. Other useful tools in NetScan Tools include DNS tools, Ping, Graphical Ping, Traceroute, and Whois. If all you need is the IP address scanning functionality, go with the free Basic Edition.

8. MiTeC Network Scanner

Last on our list is a free tool called the MiTeC Network Scanner. This is another multi-use tool. It boasts a powerful IP address scanning function which can find any responding host in the specified range. The software will list each found device’s MAC address, hostname, and response time. In addition to just pinging each host, this tool can also poll SNMP-enabled devices and list their interfaces. It can also identify Windows computers and let you see their shares, remotely shut them down, perform remote execution, and more.

But back to IP address scanning, the results show up as a table on the software’s dashboard. They can then be exported to a CSV file to be used with another tool. The tool will run on most modern versions of Windows—either workstation or server—since Windows 7. As for the tool’s other advanced features, there are simply too many to mention them all. It includes, for instance, a Whois function and a DNS resolution function.