To monitor your network you need to be able to regularly scan new devices.
Network scanners make it possible to discover UDP/TCP services running on the devices, identify the OS systems, and recognize filtering systems between your device and targeted hosts, and more.
As part of our comparison, we’ve looked out for tools with automated scanning including tools that can take network inventories and vulnerability scanners that can discover vulnerabilities and misconfigurations. We’ve also prioritized tools with features like notifications and reporting that enhance the overall monitoring process.
Here’s our list of the ten best network scanners, network analysis & management tools:
- SolarWinds Network Performance Monitor EDITOR’S CHOICE Our top pick for network scanning and monitoring. Network Performance Monitor is easy to configure with an autodiscovery feature that can map your network, customizable dashboards, alerts, and more.
- Site24x7 Network Monitoring (FREE TRIAL) A collection of network monitoring tools including regular system scans to identified connected devices and records their attributes and statuses. This is a cloud-based service.
- ManageEngine Vulnerability Manager Plus (FREE TRIAL) A package of security tools that is centered on a vulnerability scanner and includes system protection measures, such as a patch manager. Installs on Windows and Windows Server.
- Syxsense Secure (FREE TRIAL) A package of security measures that includes a vulnerability scanner, a patch manager, and endpoint protection. This is a cloud-based system.
- Paessler PRTG Network Monitor (FREE TRIAL) Network monitoring software with automated network discovery, custom dashboards, notifications, reports, maps, and more.
- Intruder Cloud-based vulnerability scanner with automatic scanning, automated exposure analysis, Slack and Jira integrations, an API, and more.
- Acunetix A network security scanner that can detect over 50,000 vulnerabilities and misconfigurations with a dashboard, reports, and more.
- Spiceworks IP Scanner Cloud-based IP scanner software that can scan IP ranges, display performance and availability data, and more.
- OpenVAS Open-source vulnerability scanner for Linux that comes with over 50,000 tests, a web interface, scanning wizards, and more.
- Angry IP Scanner Easy to deploy open-source network scanner with robust community-led support and documentation.
Best Network Scanners & Monitoring Software
What criteria should you have in mind when looking for a network scanner?
We reviewed the market for network analysis and management tools and assessed the options based on the following criteria:
- A tool that can locate every device connected to the network
- A system that can check that all devices are running properly
- A tool that includes security checks on device settings
- An integrated, or associated patch manager
- Thorough action logging for data protection security standards compliance
- A free trial for a no-risk assessment period or a money-back guarantee
- A good deal on the price, judging by the quality of services offered
SolarWinds Network Performance Monitor is a network monitoring platform that automatically discovers and scans network devices. SolarWinds Network Performance Monitor’s Network Sonar Wizard takes you through the autodiscovery feature, and you can provide a list of IP addresses, IP range, or subnets to drive the discovery process forward.
Network discovery can be run on a one-off basis or you can schedule future discoveries to add devices to your monitoring environment as you go. Discovered devices are also added to a network topology map where you can monitor applications and services (whether they’re based on-premises or in the cloud).
Once the devices have been added you can use SolarWinds Network Performance Monitor to track availability and performance through the dashboard. The dashboard is customizable and there is an alerts system with email and SMS alerts to keep you updated on network changes. You can also create reports for periodic updates.
Prices start at $2,995 (£2,414). You can download the 30-day free trial.
- Network topology map
- Customizable dashboards
SolarWinds Network Performance Monitor is an excellent tool for users in the market for a network monitoring tool for Windows. It provides you with real-time visibility so that you don’t miss any important information on your environment.
Get 30 Day Free Trial: solarwinds.com/network-performance-monitor
OS: Windows Server 2016 or later
Site24x7 Network Monitor is a cloud-based service that is part of a platform of system monitoring tools. The plans offered by Site24x7 are:
- Website Monitoring
- Site24x7 Infrastructure
- Application Performance Monitor
All of these plans include the Network Monitor. There is no standalone subscription offer for the Network Monitor.
The Site24x7 system is all based in the Cloud except for an agent, which needs to be installed on a server connected to the enrolled network. The agent is a data collector and uploads statistics to the Site24x7 server for processing. It also acts as an SNMP manager. The Simple Network Management Protocol (SNMP) is widely implemented and all network devices are shipped with an SNMP agent pre-installed on them. The agent constantly scans the device and compiles a report, called a Management Information Base (MIB). The MIB only gets sent out unless it is requested and it is the role of the SNMP Manager to issue that request.
The request that the Site24x7 data collector issues is sent as a broadcast, which is received by all devices on the network. Thus, the data collector doesn’t need to know the addresses of the devices in order to collect information – it learns the IP address and MAC address of each device from the MIBs that come back.
The Site24x7 Network Monitor interprets the attribute information in the MIBs into an inventory. The status information gets displayed on the dashboard as live performance data. The Site24x7 Network Monitor also generates a network topology map based on the network inventory.
The Site24x7 data collector reissues an SNMP request periodically and each batch of responses provides updates to both the network inventory and the network topology map. Agents are allowed to sends out a MIB without receiving a request. This is called a Trap and it signifies a serious problem with a monitored device. The Site24x7 Network Monitor interprets this into an alert, which appears on the dashboard and is also sent as a notification to technicians via SMS, email, instant messaging post, or voice call.
The Network Monitor is part of the Site24x7 Infrastructure package, which is available for a 30-day free trial.
- Customizable dashboards
- Performance alerts
- Network map
- Traffic monitoring
ManageEngine Vulnerability Manager Plus is a package of security services that is built around a vulnerability scanner. The server for this system installs on Windows and Windows Server. There are also agents for each device on the network that need to be installed and these are available for Windows, macOS, and Linux. The service coordinates all elements to create a central summary of malicious activity and that is accessed through the management console.
The package of services in Vulnerability Manager plus includes a live threat intelligence feed. Any new exploit that ManageEngine discovers is immediately shared among all Vulnerability Manager Plus users, triggering a system sweep to look for that problem. In the absence of any new information, the service automatically performs a vulnerability scan every 90 minutes. It checks on network appliances, such as firewalls as well as all endpoints.
The “Plus” features of this package include system hardening guides on device settings and a patch manager that makes a software inventory and automatically detects whenever patches and updates for those resources become available. The patch manager can be set to automatically apply new patches within allowed time windows.
As well as checking on services for endpoint, the protection system also scans through web services to protect any websites that your business runs.
Vulnerability Manager Plus is available in three editions: Free, Professional, and Enterprise. The free version is limited to monitoring 25 computers. The Professional edition covers one site and Enterprise edition covers WANs. Both paid systems are offered on a 30-day free trial.
- 90-minutes scan cycle
- Patch manager
- Web application protection
Syxsense Secure is a security monitor for desktops, servers, and IoT devices. This package of services protects networks through a vulnerability manager and an endpoint detection and response module (EDR). This system is able to monitor hosts running Windows, macOS, and Linux. By covering all devices connected to a network, this service also protects the network from intrusion.
The vulnerability scanning service is adjustable. You decide how frequently the scan launches. The system also includes a port scanner.
The Syxsense Secure service maps networks as well as scanning them and logging all connected devices. One of the remediation actions that Syxsense Secure implements is patch management. By keeping all OS and software packages up to date, this system is able to reduce its exposure to exploits.
While repeatedly scanning the network, the Syxsense Secure service keeps its device inventory, network maps and software logs up to date. All asset inventory data plus logs of all actions taken by the security system contribute towards compliance reporting. The report and audit functions of Syxsense Secure help with compliance with SOX, PCI DSS, and HIPAA.
The Syxsense Secure service is a subscription system. The rate for the service starts at $960 per year for 10 devices. You can sample the service on a 14-day free trial.
- Network mapping
- Vulnerability scanning
- Port scanning
- Alerts and notifications
- Endpoint detection and response
- Patch management
Paessler PRTG Network Monitor is a free network monitoring tool that comes with an autodiscovery feature. Paessler PRTG Network Monitor can scan for devices by IP address range and automatically add them to be monitored with sensors or network maps. Users can configure scanning intervals to ensure that the network inventory is periodically updated with new devices.
When it comes to monitoring, users can create custom dashboards to monitor devices. You can also choose between a range of out-of-the-box sensors to monitor device performance. For example, you can use the SNMP Traffic Sensor to monitor the traffic in and out of a device. There is even a mobile app for iOS and Android, which allows you to monitor performance from a smartphone or tablet.
A highly configurable alerts system provides you with notifications on performance changes as they occur. Alerts can be generated including SMS messages, emails, push notifications, Slack messages, and more. These ensure that you never miss out on important information.
Paessler PRTG Network Monitor is a top network monitoring tool for a reason. It has all the built-in customization and a clean user interface to suit most users. There is even a freeware version that supports up to 100 sensors.
Paid versions start at a price of $1,750 (£1,411) for 500 sensors and one server installation. On-premises version requires Windows, Microsoft Windows Server 2019, 2012 R2 or Microsoft Windows 10. You can download the 30-day free trial.
- Customizable dashboards
- Network map
- Mobile app (iOS and Android)
Intruder is a cloud-based vulnerability scanner that can automatically search your network for vulnerabilities. Intruder not only scans your network for weaknesses but provides automated exposure analysis to interpret the results for you as well. For example, rather than providing you with technical jargon, the tool will tell you in plain terms what the problem is, such as your database is exposed to the internet.
The platform scans your network whenever new vulnerabilities are released. Monitoring the latest threats ensures that you have some level of protection in place. There are also integrations with Slack and Jira so that you can receive updates on problems immediately.
To support the rest of your operations, Intruder comes with an API for a more efficient workflow and the option to export scan results to an external platform. The API makes it easier to integrate Intruder with the rest of your operations so that you can address vulnerabilities efficiently.
Intruder is one of the top vulnerability scanning solutions for enterprises and DevOps teams. It not only can be used for vulnerability scanning but also comes with automated penetration testing as well. Pricing starts at $105 (£84.66) per month. You can start the 30-day free trial from this link here.
- Automatic scanning
- Automated exposure analysis
- Penetration testing
- Notifications with Slack and Jira integrations
Acunetix is a network security scanner that lets you detect vulnerabilities in your network. Acunetix tests for over 50,000 known vulnerabilities and misconfigurations. When running scans, users can also see information on running services and discover open ports that leave the network at risk.
Scan results are displayed through the dashboard. The dashboard is simple to navigate and there is a Vulnerabilities tab that allows you to view a list of discovered vulnerabilities marked with icons that display the level of severity. You can also use the dashboard to generate reports.
Detecting misconfigurations with Acunetix is easy. You can use the tool to test for misconfigurations such as anonymous FTP access, weak SNMP community strings, poor proxy server configuration, weak TLS/SSL ciphers, and more. The range of issues you can detect gives you a wide layer of protection against attackers.
Acunetix is a reliable network security scanning solution for enterprises. The software comes with free network scans for a year. Prices start at $4,495 (£3,624) for 1-5 websites. You can get a demo from this link here.
- Detects over 50,000 vulnerabilities and misconfigurations
- Network scanning
Spiceworks IP Scanner is a cloud-based IP scanning tool that can scan IP ranges for devices. Spiceworks IP Scanner scans for devices and then adds them to a network inventory. Through a dashboard, the user can monitor an overview of discovered devices.
Information that can be viewed includes Name, IP addresses, Vendor, OS, MAC addresses, Open ports, Up/Down, and more. You can view performance data on CPU, memory, and storage. There is also a search function where you can search for information on a specific device.
When it comes to managing vulnerabilities, the main value of Spiceworks IP Scanner is its ability to detect issues like open ports or computers running outdated OS’s. You’ll also be able to check the disk space and memory of devices that aren’t performing as they should be.
Spiceworks IP Scanner is a great basic tool for creating a network inventory and monitoring basic information on performance and availability. The tool is easy to configure with an agent available for Windows and Mac. You can download the program for free from this link here.
- Network scanning by IP range
- Performance and availability monitoring
- Discover open ports and outdated OS’s
OpenVAS is an open-source vulnerability scanner for Linux that includes over 50,000 vulnerability tests with unauthenticated and authenticated testing. The platform comes with a web interface, which enables you to run vulnerability scans without being limited to a desktop app.
When scanning your network, you can use OpenVAS’s Task Wizard to guide you through the scanning process. A simple scan allows you to enter an IP address of the machine and you will be able to view the results alongside a summary and visualizations.
More advanced scan options can be configured through the Advanced Task Wizard. The advanced wizard lets you set a task name, enter a configuration for the scan, schedule future scans, and more. These options give you the ability to scan for more issues that less regular/comprehensive scanning might miss.
OpenVAS is a superb choice for enterprises in search of an affordable vulnerability scanning and penetration tool. As the program is open-source it’s available for free (although there is a source version available called the Greenbone Source Edition). You can download the program for free here.
- Vulnerability scanning
- Schedule future scans
- Installed as a virtual machine or source code
Angry IP Scanner is an open-source network scanner that can scan local networks and the internet by IP range. The software is easy to deploy and doesn’t require installation. Scan results can be viewed in a table format that breaks down information such as IP, Ping, Hostname, Ports, and more.
You can enhance the basic features included with Angry IP Scanner with plugins. Plugins are available as jar files and include Pinger, Fetcher, Exporter, or Feeder. Each plugin adds a new feature. For example, Pinger allows you to ping the availability of an IP address.
On the other hand, Exporter allows you to export scan results. Exporting scan results is useful for analyzing scans in other external tools you use as part of your everyday operations. Angry IP Scanner supports exports in a range of formats including CSV, TXT, XML, or IP-port list files.
Angry IP Scanner is worth a look for enterprises that need a free network scanning solution. The platform is available on Windows, Mac, and Linux. You can download the software for free from this link here.
- Network scanner
- Ping network devices
- Export scan results
Choosing a Network Scanner & Monitoring Tool
Whether you’re looking for a scanner to locate vulnerabilities or for a tool to discover connected devices, the closer you monitor your devices and potential vulnerabilities the better you’re able to protect your network and stay safe from cyber attackers.
Our top picks for this list are SolarWinds Network Performance Monitor and Paessler PRTG Network Monitor for network monitoring and Acunetix for vulnerability scanning. Between them, these tools have everything you need to start maintaining an inventory of devices or scanning for weaknesses.
Network Scanners FAQs
What are 3 types of network scanning?
The three network scanning types are port scanning, network scanning, and vulnerability scanning. Port scanning identifies open ports, network scanning lists all IP addresses in use together with related device identifiers, such as hostnames, and vulnerability scanning works through a list of known system weaknesses to see if they exist in the present network.
What is a null scan?
A null scan is a probe to identify open ports. The scanning strategy gets its name because it is implemented with a TCP packet with a sequence number of 0 and no set flags. This packet is meaningless to the contacted device and so provokes an RST response. The response discloses the operating status of each responding port. This discovery technique is often used by hackers.
What are the network scanners for Bulk Extractor?
Bulk Extractor includes 24 scanners, including bulk, which activates all the 23 other scanners. Only one scanner directly relates to network data. This is the net scanner, which is a packet sniffer. Bulk scanner only searches through the device on which it is resident. It gets network packets data from virtual memory, which is those live packet traffic traveling in and out of the device. Packets are dumped to a file in libpcap format.
How do I block network scanners?
Prevent hackers from probing your network with a network scanner by installing a network firewall. The firewall should be a standalone device so that its activities don’t hijack the resources of a hosting server. Non-hardware firewall substitutes are available from cloud providers. These are called “edge services;” and they block network scanning strategies before they reach your network gateway.