- SoftPerfect Network Scanner is one the best network scanner software for checking LAN network IP addresses. It can scan all the devices with their Host Name and MAC Address which are connected to your LAN network. It can also save scanning result in XML, Text, HTML and CSV file formats.
- Colasoft MAC Scanner is used for scanning IP address and MAC address. It can automatically detect all subnets according to the IP addresses configured on multiple NICs of a machine and scan the MAC addresses and IP addresses of defined subnets.
- The IP/MAC Address Management tool is a database tool designed to maintain IPv4/MAC address associations found using the NetScanner tool, SNMP tool, ARP Scan tool, and the Network Shares - SMB tool. IP/MAC address associations are gathered from the Ping Scanner following a ping sweep.
- Scan For Ip Addresses Macbook Pro
- Scan Network For Mac Address
- Scan Mac Addresses On Network
- Scan For Ip Addresses Mac Pour
Scanning for IP address lets you have better control over your network. With 1-2 commands, you can quickly map out the devices in your network and the IP addresses that they are using. But to understand how to scan a network, first, you need to understand how are IP addresses assigned.
Do you want to find MAC address of any device in your network? If so MAC IP Scanner Pro can help you to quickly find MAC & IP address of all devices in your network. Free download now to check it out. MAC Scan: find MAC & IP address of all systems Scan Network: one click scan of whole network (.0.0/16) Faster Scan: scan local network in few minutes File Scan: scan host list from file. One of the needs was to scan all the LAN pool for MAC addresses. The code will look at your active network adapters, calculate start and end IP according to your address and netmask, and query all the IPs within that range for their MAC address. The code is written in C#, and it's basically going over the whole range in a nested loop.
DHCP (Assigning IPs Dynamically)
An automated process in networking, called DHCP (Dynamic Host Configuration Protocol), assigns IP dynamic addresses to hosts as soon as they enter the network. In a home or small network, the DHCP server is usually a part of the router. When you come into the network, the router will look for an available IP address in its pool and assign it to you, so that your device can communicate with others without any conflict.
Dynamic allocation of IP addresses is a great advantage for both end-users and network admins. But sometimes you would need to have some control in order to manage and troubleshoot your network more efficiently.
What will you learn in this Tutorial
In this tutorial, you will learn the basic networking skills on how to scan a network for IP addresses. We will scan a network with native OS commands, find which addresses were assigned dynamically, which statically, and test their connectivity.
In the end, we will compare some IP address scanning tools that can give you additional information. To improve your IP addressing insights, even more, we will show you some tools that allow you to track IP addresses and even manage them.
Simple IP Scanning
Operating Systems, like Windows and Linux, come with their own native simple networking set of tools. Commands such as “ipconfig”, “arp -a”, or “ping” allow simple scanning and troubleshooting.
The simplest way to get a quick list of IP addresses and their devices connected to your network is with those OS native commands found in the command line. With a list of the assigned IP address and their devices, you can easily find the devices that are causing the most problems.
- ipconfig
This command displays all network settings assigned to one or all adapters in the computer. You can find information such as your own IP, subnet, and Gateway. For Linux and MacOS is “Ifconfig”. - arp -a
When you issue the “arp -a”, you’ll get IP-address-to-mac conversion and the allocation type (whether dynamic or static) of all devices in your network. - Ping
It helps determine connectivity between two hosts and find the IP address of a hostname.
- ipconfig
Reading The Output
Finding your own network adapter configuration
In the following screenshot, you’ll see the output from the ipconfig command. On a Windows, the ipconfig command can be entered through the Command line.
Go to Run > type cmd > type ipconfig
- This Windows computer has 5 network adapters, but the last one (Wireless LAN adapter Wi-Fi) is the only one connected to a network. The rest are disconnected.
- In this network, the router (or Default Gateway) is playing the role of the DHCP server. It is assigning the IP address dynamically and giving access to the Internet.
- You are reading two of the most important IP addresses for your device; Your own device’s IP (IPv4 and IPv6) and your Gateway. The Subnet Mask is also very important, it shows that you are on the same subnet as the gateway.
Now you know your subnet, which in this case is 192.168.1.0/24 (using the CIDR range). Now you need to find the rest of the IP address in your network.
Scanning your Network
The job of the ARP protocol is to map IPs to MAC addresses. It provides a method for hosts on a LAN to communicate without knowing any address and create a cache of information. When a new computer enters the LAN, it receives an IP and updates its ARP cache with the Gateway information. This ARP cache can be found using the “arp-a” command.
- Use the command line to enter the “arp -a” command.
- This computer has been connected for some time into the LAN, so its ARP cache is very precise and complete. The first IP address shown in the display is the Gateway (the same we found through the ipconfig command).
- The output shows the IP, the MAC addresses, and their assignation type. The addresses displayed here were dynamically assigned by the DHCP server in the LAN. All of these IPs are devices connected to the LAN (192.168.1.0/24). The other static addresses are reserved for Multicasting.
- With the MAC information, you can know the vendor. Try searching for vendor prefixes or use an automatic online tool such as MACvendors.
Testing Connectivity
Finally, with some information, you can test connectivity. In the following test, we tried an extended ping with “ping -t” to the gateway. With this, you can learn some simple insights about delay and latency.
From the list generated by the ARP command, you could ping all the live hosts. Or you can go beyond and ping the entire subnet to find hosts not found by the ARP (but that would be too much manual work…). Later, we’ll discuss how to automatically ping entire subnets at once.
Although having a list of devices and their allocated IP address will give you good insights, the information will not be enough when your network scales. Manual IP scanning in multiple subnets and BYOD (Bring-Your-Own-Device) scenarios is nearly impossible. As the network scales, problems will scale too.
Larger networks demand more results, flexibility, and easy-to-read set of commands.
An IP Address Scanner tool helps you with larger demands. These tools are able to map the entire local network, finds live hosts, and to provide the results of the “arp-a” in a clearer format. Other IP Scanners do not depend on ARP but they operate using repeated ping tests. A Ping Sweep tool lets you ping entire subnets and find live hosts just with one button.
Some other IP Scanners go the extra mile and give more information such as Port number, DNS, DHCP, etc. All of this data is also presented in the most visual and easy-to-read format. They also allow users to save all results and present them in detailed reports.
Advanced IP Scanners
1. Angry IP Scanner
Angry IP Scanner is one of the most popular scanners on the web, with over 29 million downloads. It is open-source, free, and available for Windows, MacOS, and Linux. It can let you scan your local network or the Internet-facing IP addresses.
This tool is not only capable of scanning IP addresses but also ports. When you define an IP address range, you can also specify a number of the port, and see if a device in your network is using a specific service (defined by the port). Angry IP Scanner also lets you save all the scan results into multiple formats, such as TXT, XML, CVS, etc.
When you scan, you’ll know what hosts are alive, their response time, hostname, MAC address, etc. If you want even more information, you can extend results by developing Java plugins.
Price:
Open Source and 100% free.
Download:
Get Angry IP from its official site.
2. SolarWinds Ping Sweep
Ping Sweep from SolarWinds helps you find free IPs and identify which ones are unavailable. It is classified as a networking discovery tool from the SolarWinds Engineer’s Toolset. A comprehensive network software, that includes over 60 handy tools. Ping Sweep from SolarWinds is included in the Engineer’s Toolset and is dedicated for ping testing. For the MAC address, port scans, SNMP scans, etc, there are more dedicated tools in the Engineer’s Toolset.
Just as when you ping from the command line, this tool shows the DNS name for each IP and response time. It can also let you export results in different formats such as CSV, TXT, XLS, and to an HTML page.
Price:
SolarWinds Engineer’s Toolset starts at $1,380.00 and includes over 60 must-have tools.
Download:
Get a fully functional Engineer’s Toolset for 14 days by registering to SolarWinds official site.
IP Address Tracker Tools
Having a map of IP addresses, MAC addresses, used ports, etc, is great for networking inventorying and may help with some troubleshooting cases. But a list can not control and display real-time results.
An IP address Tracker is a good upgrade to our set of tools and commands described so far. It does allow scanning multiple subnets and displaying results, but it also allows you to keep track of one or more IP addresses.
An IP Address Tracker will notice when an IP address is released. This can be either because the device lost connectivity or it changed IP address. It will help you minimize IP addressing conflicts (when two devices are trying to take the same IP) and reduce DNS errors.
3. MyLAN Viewer
MyLAN Viewer is a NetBIOS and IP address scanner for Windows systems. Just like the IP Scanners shown above, this tool will scan a network and show devices in an easy-to-read format.
But MyLANViewer goes beyond, and not only shows computer name, IP, and MAC, but also NIC, OS version, logged users, shared folders, and much more.
This tool is able to track specific IP addresses and show notifications when their state change. With it, you can also keep track of network security by showing port information and detecting rogue DHCP servers. MyLAN Viewer tracks all devices in the subnet including hidden, and displays alerts when new devices enter the network, and others go.
This tool can also display the following metrics as well:
- Display Whois data.
- Perform traceroute.
- Manage “Remote Shutdown and Wake On LAN (WOL)”.
- Monitor wireless networks.
Price:
Free, but only available for Windows systems.
Download:
Get MyLAN Viewer from its official site.
4. SolarWinds IP Tracker
SolarWinds IP Tracker is a standalone software and completely free. In addition to creating inventories of all devices, this tool allows you to scan, track, and manage IP address, including their event logs, all in a single place. SolarWinds IP Tracker is the free version and feature-limited of the much coveted IP Address Manager.
But the IP Tracker does an amazing job to provide a centralized view of the entire IP addressing scheme. It lets you monitor 256 (one subnet) IP addresses for free. Additionally, this tool allows basic management functionalities with tools such as, Ping, Telnet, Traceroute. The best of all is that, with SolarWinds IP Tracker you can detect IP address conflicts created by misconfigured DHCP servers.
SolarWinds IP Tracker is only supported by Windows systems.
Price:
100% Free.
Download:
Register in SolarWinds to download the software for free.
IP Address Management (IPAM)
Basic IP Address Scanning should be enough to manage small networks. But when networks scale they depend on multiple subnets and detailed management requirements. Although SolarWinds IP Tracker is able to find IP address conflicts, it is not able to control them.
Sometimes large-scale networks have standalone DHCP and DNS Servers in order to assign addresses to multiple subnets. But IP conflicts occur and it is really challenging to manage them manually. An IP Address Management or “IPAM” is a piece of software able to actively control DHCP and DNS. It also gives you the ability to manage multiple subnets.
5. SolarWinds IP Address Scanner
Among SolarWinds powerful tools, the IP Address Manager does everything a large-scale enterprise needs to manage its addresses properly. It automates many processes to make IP Address management easier. From automated IP address tracking, quick static IP reservations, to multi-vendor DHCP and DNS support.
SolarWinds IPAM comes with an integrated IP address management, DHCP, and DNS tools to administer your entire network.
One of the most commonly used tools from this bundle is the IP Address Scanner. This tool allows you to create automated IP address scans to maintain an updated inventory of all IP address blocks in the network. This is achieved by sending regular ICMP and SNMP polls. The automatic scans use ICMP polls to gather status of the IP address and hostname information. It also uses SNMP to find information on MAC addresses and other vendor information. SolarWinds IP Address Scanner supports both IPv4 and IPv6 address management.
SolarWinds IPAM also provides detailed reports of your IP address in real-time.
Price:
Download the Free Trial for 30 Days!
Download:
Get a fully functional SolarWinds IPAM for 30 days by registering to SolarWinds official site.
That’s why having a clear map of your IP address space enables you to identify your network parts quickly, and at the same time helps you manage the whole network in a more efficient way.
For security researchers, it’s the starting point of identifying potential vulnerable sub-networks and IP addresses, for performing deep reconnaissance tasks such as OS and service scanning, vulnerability scanning, and more.
That’s why today we’ll show you the top 10 IP scanner tools for better network management and IP address discovery-mapping.
7 Best IP scanner tools
Let’s take a look at the top IP scanner tools used by system administrators, network engineers and penetration testers.
1. Nmap IP Scanner
We can’t put any other tool in the number 1 spot. Nmap has been and will probably remain our favorite hacking tool for infosec research tasks, and that includes IP scanning as well.
We’ve written about Nmap before, back when we explored the best port scanners and showed how easy it is to scan any host when you’re seeking critical information such as open ports, OS version, and other pertinent details.
What many people don’t realize is that Nmap is the perfect tool for a network IP audit. So let’s use some Nmap commands and begin the process of discovering all the servers behind the network.
Here, we’re going to skip all port scans, using an option called “skip port scan”:
This is the expected output:
Scan For Ip Addresses Macbook Pro
As you can see, no port scanning has taken place—instead we used Nmap to ping hosts and get a response from each one of them. This type of IP scanner feature is also called “ping sweep” or “ping scan”.
Performing this same scan on an Internet-connected server can yield a lot of interesting results.
Nmap can be installed in CentOS/RHEL and other Red Hat-based distros by using:
If you’re using Ubuntu/Debian, then this should do the trick:
Stay in the loop with the best infosec news, tips and tools
Follow us on Twitter to receive updates!
2. ARP Scan
The ARP Scan Tool is another great resource for creating a full IP address map of any network. Arp-scan is quite useful for discovering all hosts within a specific network, even those that are protected behind firewalls.
Installing this tool in Red Hat-based systems merely requires you to run:
Same for Debian/Ubuntu-based distros:
To perform an IP scan with this IP scanner tool, you’ll need to run the following command:
This is the expected output:
If you’re working with a wireless network, you can also specify the type of network to scan by using:
This will let arp-scan scan the interface wlan0; you can replace that with your real interface name. Here’s a quick example:
3. Angry IP Scanner
Angry IP Scanner is one of the most popular IP address scanner tools available. It isn’t command line-based, but GUI-based instead, letting you scan your network from a fancy visual interface. You’ll be able to scan IP addresses to detect live hosts, and at the same time gather critical information about each one of them.
The only requirement to make it work in Linux is having Java installed, which is easy in most distributions.
Installation on Linux can be performed by downloading the pre-compiled packages from this link¹
Scan Network For Mac Address
Then install Java and the RPM or Deb package, as follows:.
CentOS/RHEL/Fedora:
Ubuntu/Debian
Once you’ve launch it from your desktop, you’ll see an easy-to-use interface that will allow you to scan IP ranges quickly, as shown here:.
4. Advanced IP Scanner
Advanced IP Scanner lets you scan your LAN and Wi-Fi network and give you real time information about all the connected devices. Apart from finding live hosts, it will also provide port scanning information, letting you build a complete IP address map of your entire network infrastructure.
Advanced IP Scanner features include:
- Easy-to-use interface
- Mac address detection
- Fast network scanning speed
- Can be run over remote desktop
- Exports results into CSV format
- Multi-platform support (Windows, Mac OSX and Linux)
Scanning an IP range is pretty easy: just launch the program, specify the range you want to scan and hit the Scan button. It will show you how many live hosts are found, as well as IP address, device description and assigned Mac address, as you see below:
You can download this app from the official website.²
5. ARP command
Arp command³ is one of the most useful networking commands every network engineer, sysadmin and pentester should know about. Surprisingly, not all professionals are aware of this simple yet powerful command.
That’s why it’s nabbed the fifth spot in our list of the top IP scanner tools. ARP stands for Address Resolution Protocol, and is used to display or modify the kernel IPv4 network neighbor cache.
How does it work? Simple, just pass -a option to display the full list of all known IP addresses found in your local network. You’ll also be able to detect the exact ethernet device associated with all the IP addresses.
This test was run in a real cloud server and it’s super easy to find the IP neighbors from your own network. Here, a little blur-effect has been applied to hide the real hosts and IPs, but this is pretty enough to show you the hidden power behind the arp command as IP scanner tool.
6. Fping
Fping is a popular IP scanner tool, but for more than “scanning,” this IP mapping tool was created to improve the old-fashioned ping command (although it’s somehow different). Fping utilizes ICMP echo requests to check if a remote host is live or not. Unlike the classic ping command, fping can be run against a large number of hosts and IP ranges. And that’s why so many system administrators and network engineers have chosen it as the perfect tool to quickly check how many hosts are live within a specified network.
You can pass several IP addresses or ranges, or make fping parse a text file and launch the ICMP echo request against each one of the listed IP addresses, or IP-range, as well as subnets.
Installation of fping on CentOS/RHEL distros:
For Debian/Ubuntu-based distros simply run:
How can you use it? Easy, just type:
That’s against an entire IP range; you can also specify a single IP instead.
At the end, it will display several useful stats about the results:
7. SecurityTrails IP Scanner
Classic command line tools are great, as well as others that include visual interfaces, but they often come with disadvantages when you’re using them to scan remote networks. There’s actually a better way to do it, without the risk of getting blocked by firewalls or IDS.
Our SecurityTrails products involve IP exploration as the #1 basic feature, when you need to know the IP address of any domain name, when analyzing the open ports of an IP address, or when you need to get the associated domains or IP neighbors of any IP address.
That’s why it’s easy for us to show you all the information you need for a specific IP address. Let’s take a look:
You can also explore IP neighbors by clicking the ‘IP Neighbors to 8.8.8.8’ button. This option will display all the IP neighbors for the specified IP address, as shown in this screenshot:
Our free app and manual IP lookups will help you get IP scan results in seconds; however, when you need to automate the entire process, you’ll need the power of our SecurityTrails API.
Performing an IP scan with the SecurityTrails API
If you’re a developer or you’re working with a team of developers in your organization, you can take advantage of our IP scanning features and integrate this into your own applications.
For this goal, we offer the X endpoint, which will allow you to retrieve IP information within seconds by querying our intelligent API. This can be done with a simple request against our HTTP-based query system, using any client—such as curl, for example:
Just replace “your_api_key” with your real API key.
You can also integrate this with many popular programming languages like Python, Javascript, NodeJS, Go, PHP, etc. Here’s an example with Python:
SurfaceBrowser Total IP Blocks
If you want to take another step forward with access to the full IP blocks of any company, SurfaceBrowser™ is the perfect tool for your IP scanner tasks.
Let’s see how you can get the full IP address space of any organization within seconds.
As shown, you’ll get the total IP blocks for facebook.com in a single place. This includes a few summaries that reveal information ordered by the regional registrar.
In this case, the RR includes records from: ARIN (105), AT&T Bell Laboratories (50), RIPE NCC (35), PSINet (25), APNIC (18), AFRINIC (2).
Scan Mac Addresses On Network
You’ll also be able to get the full IP stats by IP subnet size, as well as the full information for each IP block, including IP count, unique user agents, RIR, hostnames and number of associated domains.
Once you’ve finished locating all the IP blocks you need, you can explore any of the blocks by clicking the IP and its subnet, where you’ll find details such as IP count, bitmask, base IP, broadcast IP, mask, host mask, service provider like ASN, organization and company behind this network.
Conclusion
Clearly, there are a lot of IP scanner tools from which you can choose. Managing a large IP space can be quite complex if you’re not relying on any of them.
If you’re part of the infosec community, an IP scanner toolkit could be your best asset for automating your OSINT and intel-reconnaissance tasks.
Take safety and security to the next level: automate all your IP address exploration by using our powerful API. Sign up today for a free API account or book a demo with our sales team to test SurfaceBrowser™, our enterprise-grade product that will reveal the entire attack surface area of your company, including all of its IP address space.
¹ https://angryip.org/download/#linux² https://www.advanced-ip-scanner.com³ https://www.cisco.com/c/en/us/td/docs/routers/crs/software/ip-addresses/command/reference/b-ip-addresses-cr-crs/b-ipaddr-cr-crs_chapter_010.pdf
Scan For Ip Addresses Mac Pour
Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.