Home/Toolchest

Free network scanner and port inventory guide

A practical guide to free network scanning options for host discovery, port inventory, and safe scan scoping.

Good For

  • port inventory
  • migration discovery
  • small network audits
  • exposed service review
  • asset cleanup

How to Use It

  1. Start with the smallest useful scope: one host, one subnet, or a known server list.
  2. Use built-in Windows commands for single-host connectivity or local socket review before reaching for a subnet scanner.
  3. Use Nmap or another approved scanner when you need externally visible service/version discovery across a defined range.
  4. Treat local socket inventory and remote scan results as different evidence sources; they answer different questions.
  5. Avoid aggressive timing, intrusive scripts, or internet-facing scans unless the network owner approved them.
  6. Export results and mark each finding as expected, unknown, stale, or cleanup candidate.

Execution Modes

  • local
  • remote-host-list
  • ad-filtered

Inputs and Outputs

Inputs

  • target host
  • CSV or TXT host list
  • Active Directory computer scope
  • approved subnet range

Outputs

  • verbose-console
  • csv
  • operator-notes

Command Starter

Safe to run: read-only

# Single-target TCP validation from a Windows workstation.
Test-NetConnection server01.contoso.com -Port 443

# Local socket inventory from the machine where the command runs.
Get-NetTCPConnection |
    Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess

# Approved remote scan view for a defined subnet. This is broader and should be scoped intentionally.
nmap -sV -Pn 192.168.1.0/24

Validation

  • Scan scope, source host, timing, and permission are documented.
  • Open ports are mapped to owners or an unknown-service queue.
  • Unexpected services are verified from a second source before remediation.

Reporting

  • export host and port inventory to CSV
  • group unknown services by subnet, owner, and risk
  • promote repeated use into an exposed-service inventory report

Safety Notes

  • Scanning can trigger alerts or affect fragile devices; get scope approval first.
  • Do not run intrusive Nmap scripts against production systems without explicit authorization.
  • Do not treat scan output as ownership truth until confirmed.