Windows

Use Angry IP Scanner to find hosts by open ports

Finding systems on a network can be a challenge, especially if critical services like DNS are not available. In this post, IT pro Rick Vanover shows how the Angry IP Scanner can help you find systems on a network.

Don’t let the name fool you, it doesn’t make you angry. The Angry IP Scanner can actually make you happy! I was recently in search of a way to scan a network for a host that wasn’t running Windows, so I couldn’t use my trusty nbtscan tool.

The basic premise is that I know what ports would be open on a specified host, but I don’t have DNS to find the system. Instead of seeing what systems are online and simply attempting to log into them, the Angry IP Scanner tool can let me scan an IP range and also report if specific ports are open. In my situation, I was looking for an ESXi host on a particular network; and I knew that ports 443 and 902 will be listening on that system.

I tried using all of my normal tools and found that the Angry IP Scanner would be the tool to get this task done. The Angry IP Scanner has a parameter for the scan to list if the results will display one or more ports. This was perfect for what I was looking for.

In the lab network I scanned, I had two ESXi hosts that would be running the selected ports (443 and 902). The scan was completed rather quickly, and the results quickly display any resolvable host name as well as the hosts that don’t have a ping reply (those in red) as shown in Figure A below:

Figure A

Figure A

The Angry IP Scanner is a rather easy tool to use. Further, it is a standalone tool that doesn’t require an installation. I used the Windows version, but there are also Linux and Mac OS editions of the tool.

The Angry IP Scanner is a free title and can be downloaded from AngryIP.org.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

21 comments
seanferd
seanferd

I guess I haven't downloaded a new version in a while. Good to see it's still actively developed. It is a nice, focused tool.

TCP 765
TCP 765

You have other prograsm like Netscan and Nmap.. very use full when is time to fiind host in a network and ypu dont know the ip address o if you need the MAC address...

b4real
b4real

Yep, that is a big plus for Angy IP.

TBBrick
TBBrick

Not one that I use every day, but the little guy saves boocoo headaches when you need it. Wanna try something interesting? Run it on your home network. You may find some unexpected connections.

chris
chris

None of the available Mac versions run on Mac Pro Intel with Leopard 10.5.8.

Bapster
Bapster

Look at Lan, which i like alot better, is not available anymore.

andrewgauger
andrewgauger

Angry IP scanner works over a VPN whereas NMap will not. When I'm scanning for a remote host, I turn to Angry IP. When I'm local, I use NMap--often with the zenmap gui. I highly recommend both

Neon Samurai
Neon Samurai

Normally, I'll use nmap since I'm rarely without a machine that has it handy: nmap -sP 192.168.0.0/24 nmap -sT -p443,902 192.168.0.0/24 If I'm working on one of my own Windows boxes then it's usually Cain & Abel. Cain has a great arp scanner. I've yet to see it not dump a network device within the IP range though it may not be able to resolv a hostname (you'll get IP, MAC and manufacturer at minimum). Netdiscover is also worth a look if your only interested in ARP/IP relationships.

robo_dev
robo_dev

Scany on the iPhone. Besides nmap, don't forget about SuperScan from Foundstone. nMap has a very nice Windows GUI for those who are allergic to the command line.

DStorey@inquisitllc.com
DStorey@inquisitllc.com

I've never truly found a scanner that finds everything all the time. Like other posters mentioned, AngryIP crops up as a virus. I personally use NMAP in Linux, NetScan in Windows and Overlook Fing on mobile devices.

alan_stiver
alan_stiver

I've been using it for years. Biggest problem: My Anti-virus keeps wanting to delete it as a "Potentially Unwanted Program." Put in an exception for specific workstations, and now it works like a charm.

tbmay
tbmay

nmap -sP 192.168.0.0/24 I'll give angy ip scanner a try though. I sounds like it has a good many features.

steven.summon
steven.summon

I have been using this for years and never got around to blogging about this. Nice article ;-)

pgit
pgit

Like a lightweight wireshark plus arpscan. I use arpscan a lot, and separately wireshark when I need to see ports, OS versions and other gravy. I'll give this critter a try and see how well it fits. EDIT: it sure is fast! Looking good so far, except it seems to have missed some open ports and a host name or two. It apparently doesn't compare 'alive' IPs with the hosts file, all mine here are static and listed in everyone's /etc/hosts I'll keep poking at it, but this is definitely useful as it is so far. Maybe I need to slow the time out on the port scan a bit...

b4real
b4real

Basically - that's how I'll find the system I'm looking for.

Neon Samurai
Neon Samurai

Not sure if it's the cause but it initially sounds like nmap is detecting your local NIC instead of your VPN nic device. Maby try specifying the interface: nmap -e interface

Neon Samurai
Neon Samurai

I've actually used cli nmap to run the scan saving to an xml then opened the xml in Zenmap for it's network diagram function. Zenmap probably comes closest of all nmap GUI overlays for giving some form of access to all of nmap's functions.

pgit
pgit

I concur that most tools like this occasionally miss a host or open ports. It keeps you on your toes wondering whether it's missing the very thing you are looking for. One exception to this is arpscan. It's a very limited tool that does one thing: find IPs in use on a network. I have yet to see it miss the presence of a host, so long as ICMP is enabled, which it durn well is or else you're probably not using the networking in the first place.

pgit
pgit

In many distros "nmapfe" is a link to zenmap. I wonder if there are any other front ends to nmap worthy of packaging.