How does network scanning work?

In a general sense, network administrators use network scanning to identify active hosts on a network by evaluating IP addresses and more. The same types of principles can also be used in cyberattacks to find weaknesses in a system.

In a practical sense, there are different tools and techniques for network scanning. Administrators may conduct ping sweeps, where they find a range of IP addresses that map to live hosts in the network. This may require using tools like Nmap to look at how these IP addresses are mapped.

Administrators can also use port scans, which send messages to each port in a network, to look at where that network is strong or weak. Different types of port scans include a regular or "vanilla" port scan where the scanner sends out communications to all of the ports in a system. Where this is not practical, administrators can use more specific types of scans like a strobe scan, stealth scan or other technique.