To monitor your network you need to be able to regularly scan new devices.
Network scanners make it possible to discover UDP/TCP services running on the devices, identify the OS systems, and recognize filtering systems between your device and targeted hosts, and more.
As part of our comparison, we’ve looked out for tools with automated scanning including tools that can take network inventories and vulnerability scanners that can discover vulnerabilities and misconfigurations. We’ve also prioritized tools with features like notifications and reporting that enhance the overall monitoring process.
Here’s our list of the ten best network scanners, network analysis & management tools:
- SolarWinds Network Performance Monitor EDITOR’S CHOICE Our top pick for network scanning and monitoring. Network Performance Monitor is easy to configure with an autodiscovery feature that can map your network, customizable dashboards, alerts, and more.
- Site24x7 Network Monitoring (FREE TRIAL) A collection of network monitoring tools including regular system scans to identified connected devices and records their attributes and statuses. This is a cloud-based service.
- ManageEngine Vulnerability Manager Plus (FREE TRIAL) A package of security tools that is centered on a vulnerability scanner and includes system protection measures, such as a patch manager. Installs on Windows and Windows Server.
- Syxsense Secure (FREE TRIAL) A package of security measures that includes a vulnerability scanner, a patch manager, and endpoint protection. This is a cloud-based system.
- Paessler PRTG Network Monitor (FREE TRIAL) Network monitoring software with automated network discovery, custom dashboards, notifications, reports, maps, and more.
- Intruder Cloud-based vulnerability scanner with automatic scanning, automated exposure analysis, Slack and Jira integrations, an API, and more.
- Acunetix A network security scanner that can detect over 50,000 vulnerabilities and misconfigurations with a dashboard, reports, and more.
- Spiceworks IP Scanner Cloud-based IP scanner software that can scan IP ranges, display performance and availability data, and more.
- OpenVAS Open-source vulnerability scanner for Linux that comes with over 50,000 tests, a web interface, scanning wizards, and more.
- Angry IP Scanner Easy to deploy open-source network scanner with robust community-led support and documentation.
Best Network Scanners & Monitoring Software
What criteria should you have in mind when looking for a network scanner?
We reviewed the market for network analysis and management tools and assessed the options based on the following criteria:
- A tool that can locate every device connected to the network
- A system that can check that all devices are running properly
- A tool that includes security checks on device settings
- An integrated, or associated patch manager
- Thorough action logging for data protection security standards compliance
- A free trial for a no-risk assessment period or a money-back guarantee
- A good deal on the price, judging by the quality of services offered
SolarWinds Network Performance Monitor is a network monitoring platform that automatically discovers and scans network devices. SolarWinds Network Performance Monitor’s Network Sonar Wizard takes you through the autodiscovery feature, and you can provide a list of IP addresses, IP range, or subnets to drive the discovery process forward.
- Network topology map
- Customizable dashboards
Network discovery can be run on a one-off basis or you can schedule future discoveries to add devices to your monitoring environment as you go. Discovered devices are also added to a network topology map where you can monitor applications and services (whether they’re based on-premises or in the cloud).
Once the devices have been added you can use SolarWinds Network Performance Monitor to track availability and performance through the dashboard. The dashboard is customizable and there is an alerts system with email and SMS alerts to keep you updated on network changes. You can also create reports for periodic updates.
- Uses multiple protocols to automatically identify, inventory, and monitor assets
- Supports auto-discovery that builds network topology maps and inventory lists in real-time based on devices that enter the network
- Offers flexible alerting options for both small teams and large helpdesks
- Uses drag and drop widgets to customize the look and feel of the dashboard
- Robust reporting system with pre-configured compliance templates
- This is a feature-rich enterprise tool, networks may find some features overwhelming
Prices start at $2,995 (£2,414). You can download the 30-day free trial.
SolarWinds Network Performance Monitor is an excellent tool for users in the market for a network monitoring tool for Windows. It provides you with real-time visibility so that you don’t miss any important information on your environment.
Get 30 Day Free Trial: solarwinds.com/network-performance-monitor
OS: Windows Server 2016 or later
Site24x7 Network Monitor is a cloud-based service that is part of a platform of system monitoring tools. The plans offered by Site24x7 are:
- Website Monitoring
- Site24x7 Infrastructure
- Application Performance Monitor
All of these plans include the Network Monitor. There is no standalone subscription offer for the Network Monitor.
- Customizable dashboards
- Performance alerts
- Network map
- Traffic monitoring
The Site24x7 system is all based in the Cloud except for an agent, which needs to be installed on a server connected to the enrolled network. The agent is a data collector and uploads statistics to the Site24x7 server for processing. It also acts as an SNMP manager. The Simple Network Management Protocol (SNMP) is widely implemented and all network devices are shipped with an SNMP agent pre-installed on them. The agent constantly scans the device and compiles a report, called a Management Information Base (MIB). The MIB only gets sent out unless it is requested and it is the role of the SNMP Manager to issue that request.
The request that the Site24x7 data collector issues is sent as a broadcast, which is received by all devices on the network. Thus, the data collector doesn’t need to know the addresses of the devices in order to collect information – it learns the IP address and MAC address of each device from the MIBs that come back.
The Site24x7 Network Monitor interprets the attribute information in the MIBs into an inventory. The status information gets displayed on the dashboard as live performance data. The Site24x7 Network Monitor also generates a network topology map based on the network inventory.
The Site24x7 data collector reissues an SNMP request periodically and each batch of responses provides updates to both the network inventory and the network topology map. Agents are allowed to sends out a MIB without receiving a request. This is called a Trap and it signifies a serious problem with a monitored device. The Site24x7 Network Monitor interprets this into an alert, which appears on the dashboard and is also sent as a notification to technicians via SMS, email, instant messaging post, or voice call.
- One of the most holistic monitoring tools available, supporting networks, infrastructure, and real user monitoring in a single platform
- Uses real-time data to discover devices and build charts, network maps, and inventory reports
- Is one of the most user-friendly network monitoring tools available
- User monitoring can help bridge the gap between technical issues, user behavior, and business metrics
- Supports a freeware version for testing
- Is a very detailed platform that will require time to fully learn all of its features and options
The Network Monitor is part of the Site24x7 Infrastructure package, which is available for a 30-day free trial.
ManageEngine Vulnerability Manager Plus is a package of security services that is built around a vulnerability scanner. The server for this system installs on Windows and Windows Server. There are also agents for each device on the network that need to be installed and these are available for Windows, macOS, and Linux. The service coordinates all elements to create a central summary of malicious activity and that is accessed through the management console.
- 90-minutes scan cycle
- Patch manager
- Web application protection
The package of services in Vulnerability Manager plus includes a live threat intelligence feed. Any new exploit that ManageEngine discovers is immediately shared among all Vulnerability Manager Plus users, triggering a system sweep to look for that problem. In the absence of any new information, the service automatically performs a vulnerability scan every 90 minutes. It checks on network appliances, such as firewalls as well as all endpoints.
The “Plus” features of this package include system hardening guides on device settings and a patch manager that makes a software inventory and automatically detects whenever patches and updates for those resources become available. The patch manager can be set to automatically apply new patches within allowed time windows.
As well as checking on services for endpoint, the protection system also scans through web services to protect any websites that your business runs.
- Great for proactive scanning and documentation
- Robust reporting can help show improvements after remediation
- Built to scale, can support large networks
- Flexible – can run on Windows, Linux, and Mac
- Backend threat intelligence is constantly updated with the latest threats and vulnerabilities
- Supports a free version, great for small networks
- The ManageEngine ecosystem is very detailed, requiring time to learn all of its features
Vulnerability Manager Plus is available in three editions: Free, Professional, and Enterprise. The free version is limited to monitoring 25 computers. The Professional edition covers one site and Enterprise edition covers WANs. Both paid systems are offered on a 30-day free trial.
Syxsense Secure is a security monitor for desktops, servers, and IoT devices. This package of services protects networks through a vulnerability manager and an endpoint detection and response module (EDR). This system is able to monitor hosts running Windows, macOS, and Linux. By covering all devices connected to a network, this service also protects the network from intrusion.
- Network mapping
- Vulnerability scanning
- Port scanning
- Alerts and notifications
- Endpoint detection and response
- Patch management
The vulnerability scanning service is adjustable. You decide how frequently the scan launches. The system also includes a port scanner.
The Syxsense Secure service maps networks as well as scanning them and logging all connected devices. One of the remediation actions that Syxsense Secure implements is patch management. By keeping all OS and software packages up to date, this system is able to reduce its exposure to exploits.
While repeatedly scanning the network, the Syxsense Secure service keeps its device inventory, network maps and software logs up to date. All asset inventory data plus logs of all actions taken by the security system contribute towards compliance reporting. The report and audit functions of Syxsense Secure help with compliance with SOX, PCI DSS, and HIPAA.
- Supports automated remediation via automated scripting
- Can be installed on Windows, Linux, or Mac
- Offers autodiscovery of new network devices for easy inventory management
- The dashboard is intuitive and easy to manage devices in
- Would like to see a longer trial period
The Syxsense Secure service is a subscription system. The rate for the service starts at $960 per year for 10 devices. You can sample the service on a 14-day free trial.
Paessler PRTG Network Monitor is a free network monitoring tool that comes with an autodiscovery feature. Paessler PRTG Network Monitor can scan for devices by IP address range and automatically add them to be monitored with sensors or network maps. Users can configure scanning intervals to ensure that the network inventory is periodically updated with new devices.
- Customizable dashboards
- Network map
- Mobile app (iOS and Android)
When it comes to monitoring, users can create custom dashboards to monitor devices. You can also choose between a range of out-of-the-box sensors to monitor device performance. For example, you can use the SNMP Traffic Sensor to monitor the traffic in and out of a device. There is even a mobile app for iOS and Android, which allows you to monitor performance from a smartphone or tablet.
A highly configurable alerts system provides you with notifications on performance changes as they occur. Alerts can be generated including SMS messages, emails, push notifications, Slack messages, and more. These ensure that you never miss out on important information.
Paessler PRTG Network Monitor is a top network monitoring tool for a reason. It has all the built-in customization and a clean user interface to suit most users. There is even a freeware version that supports up to 100 sensors.
- Uses a combination of packet sniffing, WMI, and SNMP to report network performance data
- Fully customizable dashboard is great for both lone administrators as well as NOC teams
- Drag and drop editor makes it easy to build custom views and reports
- Supports a wide range of alert mediums such as SMS, email, and third-party integrations into platforms like Slack
- Supports a generous freeware version (up to 100 sensors)
- Is a very comprehensive platform with many features and moving parts that require time to learn
Paid versions start at a price of $1,750 (£1,411) for 500 sensors and one server installation. On-premises version requires Windows, Microsoft Windows Server 2019, 2012 R2 or Microsoft Windows 10. You can download the 30-day free trial.
Intruder is a cloud-based vulnerability scanner that can automatically search your network for vulnerabilities. Intruder not only scans your network for weaknesses but provides automated exposure analysis to interpret the results for you as well. For example, rather than providing you with technical jargon, the tool will tell you in plain terms what the problem is, such as your database is exposed to the internet.
- Automatic scanning
- Automated exposure analysis
- Penetration testing
- Notifications with Slack and Jira integrations
The platform scans your network whenever new vulnerabilities are released. Monitoring the latest threats ensures that you have some level of protection in place. There are also integrations with Slack and Jira so that you can receive updates on problems immediately.
To support the rest of your operations, Intruder comes with an API for a more efficient workflow and the option to export scan results to an external platform. The API makes it easier to integrate Intruder with the rest of your operations so that you can address vulnerabilities efficiently.
- Can perform schedule vulnerability scans automatically
- Can scan all new devices for vulnerabilities and recommended patches for outdated machines
- Can assess vulnerabilities in web applications, databases, and operating systems
- Is focused more on vulnerability discovery – not ideal for those looking for asset management
Intruder is one of the top vulnerability scanning solutions for enterprises and DevOps teams. It not only can be used for vulnerability scanning but also comes with automated penetration testing as well. Pricing starts at $105 (£84.66) per month. You can start the 30-day free trial from this link here.
Acunetix is a network security scanner that lets you detect vulnerabilities in your network. Acunetix tests for over 50,000 known vulnerabilities and misconfigurations. When running scans, users can also see information on running services and discover open ports that leave the network at risk.
- Detects over 50,000 vulnerabilities and misconfigurations
- Network scanning
Scan results are displayed through the dashboard. The dashboard is simple to navigate and there is a Vulnerabilities tab that allows you to view a list of discovered vulnerabilities marked with icons that display the level of severity. You can also use the dashboard to generate reports.
Detecting misconfigurations with Acunetix is easy. You can use the tool to test for misconfigurations such as anonymous FTP access, weak SNMP community strings, poor proxy server configuration, weak TLS/SSL ciphers, and more. The range of issues you can detect gives you a wide layer of protection against attackers.
- Designed specifically for application security
- Integrates with a large number of other tools such as OpenVAS
- Can detect and alert when misconfigurations are discovered
- Would like to see a trial version rather than a demo
Acunetix is a reliable network security scanning solution for enterprises. The software comes with free network scans for a year. Prices start at $4,495 (£3,624) for 1-5 websites. You can get a demo from this link here.
Spiceworks IP Scanner is a cloud-based IP scanning tool that can scan IP ranges for devices. Spiceworks IP Scanner scans for devices and then adds them to a network inventory. Through a dashboard, the user can monitor an overview of discovered devices.
- Network scanning by IP range
- Performance and availability monitoring
- Discover open ports and outdated OS’s
Information that can be viewed includes Name, IP addresses, Vendor, OS, MAC addresses, Open ports, Up/Down, and more. You can view performance data on CPU, memory, and storage. There is also a search function where you can search for information on a specific device.
When it comes to managing vulnerabilities, the main value of Spiceworks IP Scanner is its ability to detect issues like open ports or computers running outdated OS’s. You’ll also be able to check the disk space and memory of devices that aren’t performing as they should be.
- The agent can be installed on Windows, Linux, or Mac
- Completely free
- Great interface makes it easy to view all ports, services, and their current state
- Includes banner ads
- Won’t work offline (Only offered as a cloud-based service)
Spiceworks IP Scanner is a great basic tool for creating a network inventory and monitoring basic information on performance and availability. The tool is easy to configure with an agent available for Windows and Mac. You can download the program for free from this link here.
OpenVAS is an open-source vulnerability scanner for Linux that includes over 50,000 vulnerability tests with unauthenticated and authenticated testing. The platform comes with a web interface, which enables you to run vulnerability scans without being limited to a desktop app.
- Vulnerability scanning
- Schedule future scans
- Installed as a virtual machine or source code
When scanning your network, you can use OpenVAS’s Task Wizard to guide you through the scanning process. A simple scan allows you to enter an IP address of the machine and you will be able to view the results alongside a summary and visualizations.
More advanced scan options can be configured through the Advanced Task Wizard. The advanced wizard lets you set a task name, enter a configuration for the scan, schedule future scans, and more. These options give you the ability to scan for more issues that less regular/comprehensive scanning might miss.
- Open source transparent tool
- Has a large dedicated community
- Completely free
- No paid support option
- Enterprises will likely need experienced staff to fully extract value from the platform
OpenVAS is a superb choice for enterprises in search of an affordable vulnerability scanning and penetration tool. As the program is open-source it’s available for free (although there is a source version available called the Greenbone Source Edition). You can download the program for free here.
Angry IP Scanner is an open-source network scanner that can scan local networks and the internet by IP range. The software is easy to deploy and doesn’t require installation. Scan results can be viewed in a table format that breaks down information such as IP, Ping, Hostname, Ports, and more.
- Network scanner
- Ping network devices
- Export scan results
You can enhance the basic features included with Angry IP Scanner with plugins. Plugins are available as jar files and include Pinger, Fetcher, Exporter, or Feeder. Each plugin adds a new feature. For example, Pinger allows you to ping the availability of an IP address.
On the other hand, Exporter allows you to export scan results. Exporting scan results is useful for analyzing scans in other external tools you use as part of your everyday operations. Angry IP Scanner supports exports in a range of formats including CSV, TXT, XML, or IP-port list files.
- One of the easiest tools to use on the market
- Great for small networks and home use
- Can output in multiple formats, giving more flexibility than CLI tools
- The interface doesn’t scale well on enterprise size networks – better for small networks
- Lacks graphing capabilities
Angry IP Scanner is worth a look for enterprises that need a free network scanning solution. The platform is available on Windows, Mac, and Linux. You can download the software for free from this link here.
Choosing a Network Scanner & Monitoring Tool
Whether you’re looking for a scanner to locate vulnerabilities or for a tool to discover connected devices, the closer you monitor your devices and potential vulnerabilities the better you’re able to protect your network and stay safe from cyber attackers.
Our top picks for this list are SolarWinds Network Performance Monitor and Paessler PRTG Network Monitor for network monitoring and Acunetix for vulnerability scanning. Between them, these tools have everything you need to start maintaining an inventory of devices or scanning for weaknesses.
Network Scanners FAQs
What are 3 types of network scanning?
The three network scanning types are port scanning, network scanning, and vulnerability scanning. Port scanning identifies open ports, network scanning lists all IP addresses in use together with related device identifiers, such as hostnames, and vulnerability scanning works through a list of known system weaknesses to see if they exist in the present network.
What is a null scan?
A null scan is a probe to identify open ports. The scanning strategy gets its name because it is implemented with a TCP packet with a sequence number of 0 and no set flags. This packet is meaningless to the contacted device and so provokes an RST response. The response discloses the operating status of each responding port. This discovery technique is often used by hackers.
What are the network scanners for Bulk Extractor?
Bulk Extractor includes 24 scanners, including bulk, which activates all the 23 other scanners. Only one scanner directly relates to network data. This is the net scanner, which is a packet sniffer. Bulk scanner only searches through the device on which it is resident. It gets network packets data from virtual memory, which is those live packet traffic traveling in and out of the device. Packets are dumped to a file in libpcap format.
How do I block network scanners?
Prevent hackers from probing your network with a network scanner by installing a network firewall. The firewall should be a standalone device so that its activities don’t hijack the resources of a hosting server. Non-hardware firewall substitutes are available from cloud providers. These are called “edge services;” and they block network scanning strategies before they reach your network gateway.