10 Free Or Low-Cost Network Discovery And Mapping Tools
Understand your network so you can defend it better
January 17, 2014
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=700&auto=webp&quality=80&disable=upscale)
One of the most useful adages for security professionals is "know thyself"--and when it comes to network security, the most fundamental task of knowing oneself is network discovery and mapping. Without up-to-date network diagrams and inventory lists, it is hard to even understand what you're protecting. The following tools can aid the process at little to no cost beyond man-hours.
A network discovery, inventory, and audit program, Open-AudIT is free open-source software that will scan the network and store information about configurations of discovered devices. It offers up a framework that can produce reports that include information about software licensing, configuration changes, nonauthorized devices, capacity utilization, and hardware warranty status.
Learn more about your WiFi networks with this free 802.11 discovery tool. Among the various performance-oriented features, security pros will be interested in the site survey features that can report on new access points and their locations to head off issues of rogue access points.
The name says it all. This handy tool performs speedy scans that detects network devices, including WiFi routers; scans ports to find HTTP, HTTPS, FTP, RDP and shared folders; and allows the user to connect to all computers on the network running Radmin Server. It also features ping, tracert, telnet, and SSH commands.
A slick utility that can be run on a desktop or a mobile device, Fing provides fast visibility to devices currently on the network, giving the user a look into IP and MAC addresses, device vendors, and ISP location. The application, itself, is free, though there's a paid add-on service for a monthly fee that offers advanced monitoring and analysis tools built on the discovery engine.
Take your understanding of the network a step beyond lists with this tool, which will create interactive network diagrams that offer useful visualizations about bandwidth utilizations that could point to infected nodes.
Another mapping alternative is Cheops-ng, a free mapping and monitoring tool that does network discovery and offers a visual way to see relationships between nodes. In addition to OS detection of hosts, the software can also probe hosts to see which services they're running.
Functioning above and beyond just discovery, OpenNMS is a network management application platform that can provide discovery, as well as event notification about network devices. It also does event management, managing its own events as well as those for outside sources, such as SNMP Traps, syslog, or TL/1. This could be useful for organizations without the resources for SIEM.
NetworkView is not quite free, but is still an affordable way to discover network devices, with licensing just shy of $80. It can be run on a desktop or via a flash drive, and will discover TCP/IP nodes and routes using DNS, SNMP, Ports, NetBIOS and WMI. It'll provide all of the relevant details, such as MAC addresses and manufacturer names in printable maps and reports.
With dozens of ways to discover resources in spite of obstacles like IP filters, firewalls, and routers, Nmap is a go-to tool for developing network inventories, not to mention managing service upgrade schedules, and monitoring host or service uptime.
A lightweight, simple IP scanner, Angry IP Scanner uses a multithreaded scanning technique to offer speedy scans with results that can be saved to CSV, TXT, XML, or IP-Port list files. Offering a flexible Java-based framework, the tool can be easily extended through plugins to gather additional information about scanned IPs.
A lightweight, simple IP scanner, Angry IP Scanner uses a multithreaded scanning technique to offer speedy scans with results that can be saved to CSV, TXT, XML, or IP-Port list files. Offering a flexible Java-based framework, the tool can be easily extended through plugins to gather additional information about scanned IPs.
A lightweight, simple IP scanner, Angry IP Scanner uses a multithreaded scanning technique to offer speedy scans with results that can be saved to CSV, TXT, XML, or IP-Port list files. Offering a flexible Java-based framework, the tool can be easily extended through plugins to gather additional information about scanned IPs.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024