Recommended toolBeginnerReview before running

Free network scanner and port inventory guide

A practical guide to free network scanning options for host discovery, port inventory, and safe scan scoping.

Good For

  • port inventory
  • migration discovery
  • small network audits
  • exposed service review
  • asset cleanup

How to Use It

  1. Start with the smallest useful scope: one host, one subnet, or a known server list.
  2. Use built-in Windows commands for single-host connectivity or local socket review before reaching for a subnet scanner.
  3. Use Nmap or another approved scanner when you need externally visible service/version discovery across a defined range.
  4. Treat local socket inventory and remote scan results as different evidence sources; they answer different questions.
  5. Avoid aggressive timing, intrusive scripts, or internet-facing scans unless the network owner approved them.
  6. Export results and mark each finding as expected, unknown, stale, or cleanup candidate.

Execution Modes

  • local
  • remote-host-list
  • ad-filtered

Inputs and Outputs

Inputs

  • target host
  • CSV or TXT host list
  • Active Directory computer scope
  • approved subnet range

Outputs

  • verbose-console
  • csv
  • operator-notes

Command Starter

Safe to run: read-only

# Single-target TCP validation from a Windows workstation.
Test-NetConnection server01.contoso.com -Port 443

# Local socket inventory from the machine where the command runs.
Get-NetTCPConnection |
    Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess

# Approved remote scan view for a defined subnet. This is broader and should be scoped intentionally.
nmap -sV -Pn 192.168.1.0/24

Validation

  • Scan scope, source host, timing, and permission are documented.
  • Open ports are mapped to owners or an unknown-service queue.
  • Unexpected services are verified from a second source before remediation.

Reporting

  • export host and port inventory to CSV
  • group unknown services by subnet, owner, and risk
  • promote repeated use into an exposed-service inventory report

Safety Notes

  • Scanning can trigger alerts or affect fragile devices; get scope approval first.
  • Do not run intrusive Nmap scripts against production systems without explicit authorization.
  • Do not treat scan output as ownership truth until confirmed.

Keep Moving

Take the workflow further

Use the related material to understand the surrounding system, practice the workflow, or choose another operator asset.