As much as we hate to admit it, networks are often poorly documented. There are several reasons for that. First, networks are in constant evolution, making it hard to keep up-to-date documentation. Also, documenting networks is tedious and time-consuming. And since we often have more important things to do, documentation is often put in the back burner. We try to convince ourselves that we’ll eventually get around to it but, in reality, we rarely do. This is why network discovery tools can come in handy. And today, we’re having a look at some of the best network discovery tools.
We’ll start out by trying to define what network discovery is. As you shall soon see, it’s not as clear as we’d want. There are different types of discoveries, each addressing a different need and serving a different purpose. They all have one thing in common, they assist with network documentation. We’ll then have a look at the three main types of discovery, explaining how they can put to use. We’ll start with IP address discovery, follow with open IP port discovery and finish with interconnection discovery or network mapping. With all that behind us, we’ll reveal the best tools for each of these types of discoveries.
About Network Discovery
Network discovery is the process of finding what you need to know about a network. Typically, network discovery is done remotely. There is no need to go to each device to find any of the information we need. Through the use of a handful if management protocols, most—if not all—of the information we need can be obtained remotely.
Network Discovery can be a manual process. However, manually discovering a network is not only tedious, it is also error-prone. For that reason, several automated tools exist that at least will assist network administrators in their discovery efforts. Some will even do the whole job automatically.
There are actually many different types of network discoveries. It depends on what information you want to find about your network. Of the many types of discovery, three are more common than the others. They are IP address discovery, open IP port discovery, and network interconnection discovery which is also referred to as network mapping. Let’s have a quick look at what they are in greater details.
IP Addresses Discovery
IP address discovery, our first type of network discovery, is the process of finding which IP addresses are in use and who or what is using them. There are several reasons why you need this information. One of them is to validate that all used IP addresses are accounted for and that no rogue or unauthorized device has been connected to your network. Another use for IP address discovery is as part of a larger process called IP address management.
At its core, IP address discovery entails scanning every available IP address within a subnet or a specified range and discover—hence the name—which ones are responding. Most automated IP address discovery tools won’t just stop there, though. Some will do a reverse DNS lookup to find the hostname associated with responding IP addresses. Some even go further than that and can use various techniques to identify what operating system is running on the discovered devices as well as a wealth of other useful information.
IP address discovery tools can be of two types. One of them is sort of an ad-hoc tool that you manually run once in a while when you want to discover new IP addresses. The other type of IP address discovery tool runs constantly and will scan IP addresses on a regular basis. Those tools often combine other IP address management functionalities such as controlling your DHCP and/or DNS servers.
Open IP Ports Discovery
The second major type of network discovery is what we commonly refer to as open IP ports discovery. It is similar to the previous type of discovery but it goes deeper. Open IP ports discovery tools won’t only find which IP addresses are in use, they will also identify which IP ports are open on each device. IP ports are used in IP networking to identify which type of information is contained in each data packet. This allows a device receiving a packet to send it for processing to the proper process. For instance, HTTP uses port 80 so a computer receiving a packet on IP port 80 will send it to the web server process.
But knowing which ports are open on any given device is not just a nice to have. It is one of the most elementary elements of securing networked devices. Each and every device should only have open ports for the services that are actually used on that device. Many operating systems have several services running on different ports. Each one of them is a potential security risk. For instance, if you don’t have a need to establish a remote desktop connection to a server, the corresponding port (3389) should not be open.
Ports can have three statuses. They can be open or closed but they can also be stealth. A stealth port is one which won’t even respond to connection requests. Closed ports, on the other hand, respond to connection requests by refusing them. Obviously, a stealth port is more secure in most situations.
With over 65 000 port numbers available, scanning for open ports could take a while. For that reason, most open IP port scanners don’t scan them all. At least not by default. There is a number of so-called well-known ports. Some of them are officially assigned to specific services by governing bodies while others are not “official” but have been used for long enough to be considered as such. Typical port scanning tools will only scan those well-known ports. Some limit their scan even more and will only scan those ports that have been known to be exploited by malicious users and some will let you specify a list of ports to scan.
Device Interconnections Discovery
The last major type of network discovery we want to discuss is device interconnection discovery. This is the process of documenting how networking equipment is interconnected. It is a complex process that relies on several different technologies to do its magic. It can work very well with some equipment and not at all with other. For instance, Cisco devices run the Cisco Discovery Protocol (CDP). This protocol lets any Cisco device discover what other Cisco device is connected to it and which interface the connection uses. For non-Cisco devices, other methods can be used with a varying degree of success. Examining a device’s ARP cache, for example, can provide some information about neighboring devices.
The best device interconnection discovery tools go one step further and provide a graphical view of the results, effectively building a map of the network. They will often use complementary technologies (such as SNMP) to gather as much useful information about each device as possible.
Best Tools To Discover (And Manage) IP Addresses
Our first list of tools contains a variety of tools one can use to discover IP addresses. We’re including a full IP address management (IPAM) system, a simpler IP address scanner and a scanner that has a definite Windows flavor. As you’ll see, there is a great variety of tools available.
The SolarWinds name is familiar to many network administrators. The company has been making some of the best net admin tools for about 20 years. Their flagship product, the Network Performance Monitor is one of the best SNMP network monitoring system. And to make it even better, SolarWinds also makes several free tools to address specific needs of network administrators such as a free subnet calculator of a free syslog server.
The SolarWinds IP Address Manager is a rather complete, enterprise-grade tool. A full-featured IP address management system. It can manage up to 2 million IP addresses, enough for the biggest environments. Although it doesn’t include built-in DHCP or DNS capabilities, the SolarWinds IP Address Manager will interact with your existing DNS and DHCP servers. It supports DHCP servers from Microsoft, Cisco, and ISC as well as BIND and Microsoft DNS servers.
Of course, the SolarWinds IP Address Manager features automatic IP address tracking otherwise it wouldn’t wouldn’t have made it on this list. The product will automatically monitor your subnets so that you always know how IP addresses are used. It can also alert you of IP address conflicts, depleted DHCP scopes, and mismatched DNS records.
Price wise, the SolarWinds IP Address Manager starts at $1 995 for up to 1024 managed IP addresses and goes up from there according to the number of managed addresses. A free 30-day trial is available if you want to test the product before purchasing it.
- FREE TRIAL: SOLARWINDS IP ADDRESS MANAGER
- Official download site: https://www.solarwinds.com/ip-address-manager/
2. Advanced IP Scanner
The Advanced IP Scanner is a much interesting free tool. This is a product that runs only on Windows and is made with Windows in mind. The tool will scan the IP addresses you specify and output a list of those addresses that respond. Its input can be supplied as a series of IP address or an IP address range or as a text file containing the IP addresses to be scanned. This makes it a very flexible tool. And the system doesn’t only return a list of responding addresses. It will also display each host’s name (by doing a reverse DNS lookup), MAC address and network interface vendor.
For any Windows hosts that the tool discovers, you get much more functionality. The Advanced IP Scanner will, for example, list network shares of any Windows machine. And clicking a share from the list will open it on your computer. You can also start a remote control session with Windows computers using either RDP or Radmin or remotely turn a Windows computer on–provided it has wake on LAN–or off.
3. Angry IP Scanner
The Angry IP Scanner is a free and open-source multi-platform tool that is available for Windows, OS X, and Linux. It can scan complete networks or subnets but also an IP addresses range or a list of IP addresses in a text file. As such, it closely resembles the previous entry. This tool uses Ping to find IP addresses that are responding but it will also resolve hostnames and MAC address vendors as well as provide NetBIOS information for hosts that support the protocol. This tool is also a port scanner and it could very well be part of our next list. It can scan ports and list those that are open on each discovered host.
The Angry IP scanner is primarily a GUI-based tool but there’s also a command-line version that you can use. This can be useful if you want to include the tool’s functionality in your own scripts. The results from the scans can be displayed on the screen in a table form or they can be exported to several file formats such as CSV or XML.
Best Tools To Discover Open IP Ports
Open port discovery tools are divided into two types of tools. One type installs on a local computer and will scan one or several IP addresses for open IP ports. These tools typically scan either a supplied list of ports, just the so-called well-known ports of all 65 000 available ports. The Angry IP Scanner, from the previous list in one such tool.
The other type of tool is typically web-based and will scan public IP addresses (those available on the Internet) for open ports. Those tools typically scan for ports that are known to be used for malicious activity as well as common Internet services ports.
The SolarWinds Free Port Scanner is an excellent example of those free tools from SolarWinds that we mentioned before. The free Windows software is available with a graphical user interface or as a command-line tool.
The will scan your network to detect IP address. You then select to scan all or a subset of the found devices for open ports. You can also specify which ports to test. By default, it will only test well-known ports but you can override this and specify your own range or list of port numbers. More advanced settings will let you scan only TCP or UDP ports, do a ping check, a DNS resolution, or an OS identification test.
After running, the SolarWinds Free Port Scanner returns a list the port status of all tested devices. Since this could be a long list, the system lets you apply display filters and, for instance, only list devices with open ports. Clicking on a device reveals the port detail window. Again, it does list all of the ports in the scan range and again, you can apply a display filter and only show the ports that are open.
- FREE DOWNLOAD: SOLARWINDS FREE PORT SCANNER
- Official download site: https://www.solarwinds.com/free-tools/port-scanner
5. PortChecker Port Scanner
The PortChecker Port Scanner is a web-based free open port scanner. It is an excellent tool that will test 36 of the most important–and vulnerable–well-known ports for accessibility from the internet. It will also test if a service is running on each open port. There’s also an option to run a shorter scan that will only test 13 ports.
The tested ports include FTP data and control, TFTP, SFTP, SNMP, DHCP, DNS, HTTPS, HTTP, SMTP, POP3, POP3 SSL, IMAP SSL, SSH, and Telnet, to name just the main ones. Scan results are displayed as a table on a web page. If you need a quick and dirty test of the most common ports, the free PortChecker Port Scanner can prove to be just the tool you need. It is an invaluable tool to evaluate how vulnerable your Internet-facing servers are.
6. WebToolHub’s Open Port Scanner
The Open Port Scanner from WebToolHub is another free online port checker. The system requires that you enter an IP address and a list of ports to check. You can only enter 10 port numbers at a time but you’re free to run it multiple times to test more ports. And you don’t have to enter individual port numbers. The system will support a range–such as 21-29–as long as it is not longer than 10. This limitation makes it a better tool for a quick check of specific ports than a complete vulnerability assessment tool.
Once the scan completes, which, unsurprisingly, is rather quick due to its limited scope, the Open Port Scanner displays the results in a table with the status of each port as well as service associated with that port. The results table can be exported to a CSV file. While you’re on the WebToolHub site, you may want to have a look at some of the other free tools such as an IP location checker, a backlinks checker, a WHOIS lookup facility, and a Ping test.
Best Tools For Device Interconnection Mapping
Device interconnection mapping tools are different from the previous tools as they will use protocols such as the Cisco Discovery Protocol to find how your networking equipment is interconnected. As a result, they will often automatically generate network diagrams which can either be used as-is or edit for better readability.
The SolarWinds Network Topology Mapper (or NTM) will automatically discover your LAN and/or WAN and generate comprehensive, easy-to-view network topology diagrams that integrate Layer 2 and Layer 3 information. It is an evolution of LANSurveyor. NTM uses an innovative concept called topology databases. This allows many different maps to be built from a single scan of the network, saving time and resources.
The SolarWinds Network Topology Mapper will automatically keep its diagrams up to date. It will regularly re-scan the network looking for changes in topology and new devices and modify its diagrams accordingly. It can even help with network security as it will detect rogue devices that could have been introduced on your network.
The tool can also help with PCI/DSS and other regulatory compliance requirements and can be used as a networking equipment inventory management system. And if you want to edit the generated diagrams or share them with the rest of the world, they can be exported in the industry-standard Microsoft Visio format.
The SolarWinds Network technology Mapper will cost you $1,495. And if you’d like to try the product before purchasing it, a free 14-day evaluation is available.
- FREE TRIAL: SOLARWINDS NETWORK TECHNOLOGY MAPPER
- Official download site: https://www.solarwinds.com/network-topology-mapper
Intermapper from Help Systems is a tool available for Windows, Mac, and Linux that will auto-discover your physical and virtual equipment and place it on a map showing all the interconnections. It then lets you personalize the maps to your liking. You can, for example, change the layout, customize the icons or change the background images.
But Intermapper is not just a topology mapping tool, it is also a monitoring solution. It has live color-coding and animation to highlight the status of your devices. For example, the color of device icons will go from green (all good) to yellow (warning) to orange (alert) to red (down). Similarly, animated traffic indicators will alert you of any segment where traffic exceeds a predefined threshold.
Intermapper is available in a free version that is limited to 10 devices. For larger installations, you can choose between annual subscription or permanent licenses with prices varying according to the number of devices. A free 30-day trial is also available.