In the company as in the office it is important not to lose control over the devices that are connected to the local network. Angry IP Scanner is a free and open source software used to scan the LAN in order to locate connected devices and open ports. It is a powerful network utility that can be used to facilitate the administration of connected devices, for security purposes, or simply to gain information about your network configuration.
With Angry IP Scanner you can create a sort of device inventory connected in a local network and establish which services are running on each of them. The presence of specifications open doors on individual hosts connected to the LAN it is often an indication of the services being listened to and the server components installed.
The program can also be used to carry out a scan public IP addresses: however, the operation should be carried out exclusively for study and diagnostic purposes. The automated scanning of a large number of IP addresses, as also mentioned in the case of nmap, the king of port scanners, could in fact be considered a hostile activity.
What Angry IP Scanner is and how it works
Angry IP Scanner is an application equipped with graphic interface, compatible with Windows, macOS and Linux. As the download page on the project’s official website also reminds us, the application requires runtime Java to work, regardless of the operating system you are using. L’installer automatically loads the Java runtimes necessary for the program to work on the machine.
Those who prefer not to have Java runtimes installed on their device can configure one virtual machine and run Angry IP Scanner from there. The important thing, regardless of whether you use Hyper-V, Virtualbox, VMware or other virtualization solutions, is to set the virtual machine so that you use avirtual network interface capable of overlooking the actual local network.
Angry IP Scanner can scan your entire local network or you can specify ranges private IP addresses to be taken into consideration. You can also specify a single IP address on which to focus the analysis activity. For each host detected, the application shows the corresponding name, the IP address, the ping i.e. the time in milliseconds with which a response was received and the list of open ports.
Hosts highlighted in blue respond to ping requests; those indicated in red, however, did not send any response. Some firewalls set at the individual device level can block pings (or rather ICMP requests, Internet Control Message Protocol) but still expose a certain number of open ports.
Starting a scan
On the main screen of Angry IP Scanner, you can specify a range of IPs or a single address. By choosing File elenco IPthe program can use as input a list of addresses to be scanned by extracting them from a text file.
The little button IP shown more or less in the center of the screen allows you to choose the network interface to use while Mask allows you to possibly change the subnet mask and therefore activate scanning on a IP address range more or less wide.
By clicking StartAngry IP Scanner searches for all hosts that – in the subnet indicated – provide an answer. Under the column Porte, the program displays the list of ports detected as open on each host. For example, if a device connected to the local network was running a server Webports like 80, 443, 8080 may be open.
Setting the ports to control
The router and NAS server are examples of devices that expose one or more ports because they run a web server accessible from other hosts on the local network. By default, Angry IP Scanner only checks ports 80, 443 and 8080 but by going to the settings (icon depicting a small gear) and clicking on the tab Porteyou can add additional doors to control.
In this Angry IP Scanner is a little less immediate than a IP scanner like the application Fing per Android which allows you to establish who is connected to the WiFi network or router. By tapping on a host name on Fing then choosing Find open doorsthe application returns the entire list of open ports, even non-standard ones.
Viewing hosts
Once the network scan is complete, you can click on the Angry IP Scanner status bar and opt, for example, for View active hosts or for View open doors in order to obtain, respectively, only the list of devices that respond to the ping and those that have open ports.
Ping methods: what are the differences
Angry IP Scanner allows you to choose between several ping methodall of which can be selected by accessing the settings and then going to the tab Scan.
- Windows ICMP– This method uses the native ICMP protocol to send ping requests to hosts on the network.
- UDP packet: Transmit UDP packets (User Datagram Protocol) to a specific port on each host.
- Test TCP port: Uses a TCP connection to check whether each host is active or not. Angry IP Scanner attempts to establish a TCP connection to a specific port on the host.
- UDP+TCP combined: Combines both UDP and TCP methods to determine the availability of hosts.
- Java integrated: Uses the Java library to send ping packets to hosts.
- ARP (LAN only): specific method for local networks based on the use of MAC addresses.
Angry IP Scanner does not show the type of each device
Bringing you onto the menu Instruments then clicking on the item again Instrumentswe suggest selecting the item MAC supplier in the right pane (Tools available) then click the arrow pointing to the left. In this way, scanning with Angry IP Scanner also returns the manufacturer of the network card that equips each device in the LAN. By doing so, you have other clues available to quickly trace the identity of each connected host.
Il card manufacturer of network used on each device is recognizable through the simple analysis of the first three octets that make up the MAC address. This is the unique identifier associated with each network adapter. In the list updated by IEEE (Institute of Electrical and Electronics Engineers) include the first three blocks of MAC address which identify each manufacturer.
Unlike the aforementioned Fing utility, Angry IP Scanner does not rely on any cloud database and is therefore not able to establish the type of devices. It is therefore not able to make up for additional information when some of it cannot be recovered from the individual hosts. For more precise results, we still suggest opting to use the ARP protocol (Address Resolution Protocol) as the ping method. ARP is in fact a service protocol that operates at the link level of the ISO/OSI stack while the standard ping command, for example that of Windows, macOS or Linux, works at a higher level, the network level (IP ).
