Free network scanner and port inventory guide
A practical guide to free network scanning options for host discovery, port inventory, and safe scan scoping.
Good For
- port inventory
- migration discovery
- small network audits
- exposed service review
- asset cleanup
How to Use It
- Start with the smallest useful scope: one host, one subnet, or a known server list.
- Use built-in Windows commands for single-host checks before reaching for a subnet scanner.
- Use Nmap or another approved scanner when you need service/version discovery across a defined range.
- Avoid aggressive timing, intrusive scripts, or internet-facing scans unless the network owner approved them.
- Compare findings against CMDB, firewall policy, server owners, and expected service inventory.
- Export results and mark each finding as expected, unknown, stale, or cleanup candidate.
Execution Modes
- local
- remote-host-list
- ad-filtered
Inputs and Outputs
Inputs
- target host
- CSV or TXT host list
- Active Directory computer scope
- approved subnet range
Outputs
- verbose-console
- csv
- operator-notes
Command Starter
Safe to run: read-only
Test-NetConnection server01.contoso.com -Port 443 Get-NetTCPConnection | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess nmap -sV -Pn 192.168.1.0/24
Validation
- Scan scope, source host, timing, and permission are documented.
- Open ports are mapped to owners or an unknown-service queue.
- Unexpected services are verified from a second source before remediation.
Reporting
- export host and port inventory to CSV
- group unknown services by subnet, owner, and risk
- promote repeated use into an exposed-service inventory report
Safety Notes
- Scanning can trigger alerts or affect fragile devices; get scope approval first.
- Do not run intrusive Nmap scripts against production systems without explicit authorization.
- Do not treat scan output as ownership truth until confirmed.