Using Nmap For Ping Scan + Other Tools to Use

Ping scans are typically used to find which IP addresses are in use on a network. There are, as we’re about to see, many reasons why one would need to do that. Traditionally, this task would be done by issuing successive ping commands and making note of the results. It is obvious that doing it that way is only practical with the smallest ranges of IP addresses.

When you have more than a few addresses to scan, you better resort to using a specialized scan tool. Nmap is one such tool and today, we’re having a look at using Nmap for ping scan.

We’ll start off our discussion by explaining what a ping scan is. And since it relies heavily on ping (who would have thought?) we’ll also give you some background information on the ping utility, what it is and how it works. We’ll then introduce Nmap, a free and open-source tools with several uses and tell you how to use it to perform a ping scan. Finally, we’ll have a look at a few other ping scan tools that you might want to try.

What Is A Ping Scan?

In a nutshell, a ping scan is the act of pinging each IP address in a given range or subnet to find which ones are responding and which ones aren’t. It sounds pretty boring and, to be truthful, it actually is. But there are several reasons why one would want to do that. One of them has to do with detecting rogue devices. They could be devices connected by malicious users to spy on your organization.

They could also be the act of users with perfectly good intentions. I once had this user who prevented many of his colleagues from accessing the network when he connected his home Internet router to it. He just needed a couple of extra ports to connect an additional test computer and thought he could use the switch built into his router. Unbeknownst to him, the router’s built-in DHCP server started assigning IP addresses from the wrong subnet to computers that were trying to connect to the network.

Other than security reasons, scanning IP addresses is also the first step of most manual IP address management processes. Many IP address management (IPAM) tools will include some form of IP address scanning but if you choose to take care of that manually, IP address scanning tools can come in handy. And for those who don’t have any IP address management process in place, scanning IP addresses is even more important. It will often be the only way to ensure that there are no IP address conflicts and it can be seen as a rather crude way of pseudo-managing IP addresses.

About Ping

No matter why you want to scan IP addresses, most tools are based on ping so let’s have a look at this vintage utility. Ping was created out of necessity back in 1983. Its developer needed a tool to help in debugging abnormal network behaviour he was observing. Today, ping is present on almost every operating system although its implementation varies somewhat between platforms. Some versions are offering multiple command-line options which can include parameters such as the size of each request’s payload, the total test count, the network hops limit, or the interval between requests. Some systems also have a companion Ping6 utility that serves the exact same purpose as ping but for IPv6 addresses.

How Ping Works

Ping is a simple utility which sends ICMP echo request packets to the specified target(s) and waits for it(them) to send back an ICMP echo reply packet for each received packet. This is repeated a certain number of times—five by default under windows and until it is manually stopped by default under most other implementations—and it then compiles response statistics. It calculates the average delay between the requests and their respective replies and displays it in its results. On most *nix variants as well as on the Mac, it will also display the value of the replies’ TTL field, giving an indication of the number of hops between source and destination.

Here’s a typical use of the ping command on Linux (the “-c 5” option tells the command to run five times and then report on the results, mimicking Windows’s operation of the command):

$ ping -c 5

PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=56 time=11.632 ms
64 bytes from icmp_seq=1 ttl=56 time=11.726 ms
64 bytes from icmp_seq=2 ttl=56 time=10.683 ms
64 bytes from icmp_seq=3 ttl=56 time=9.674 ms
64 bytes from icmp_seq=4 ttl=56 time=11.127 ms

--- ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms

For ping to work, the pinged host must abide by RFC 1122 which specifies that any host must process ICMP echo requests and issue echo replies in return. Most hosts do reply but some disable that functionality for security reasons. Firewalls often block ICMP traffic too. Pinging a host which does not respond to ICMP echo requests will provide no feedback, exactly like pinging a non-existent IP address. To circumvent this, many IP address scanning tools— is one of them—can use different types of packets to check if an IP address is responding.

Introducing Nmap

Nmap—which stands for Network Mapper—is a free and open-source network scanner created by Gordon Lyon (A.K.A. Fyodor Vaskovich). It is primarily used to discover hosts and services on a computer network by sending various packets and analyzing responses. Nmap started as a Linux utility and was later ported to many other systems including Windows, Mac OS, and BSD.

Nmap provides a number of features for probing computer networks. These include host discovery as well as service and operating system detection. The tool’s features can easily be extended by scripts that provide more advanced service detection, vulnerability detection, and more. It easily adapts to various network conditions including latency and congestion during a scan.

Nmap was originally distributed under the GNU Public License (GPL). However, in later releases, the tool’s authors added clarifications and specific interpretations to the license where they felt the GPL was unclear or lacking.

Using Nmap For Ping Scans

Because host discovery needs are so diverse, Nmap offers a wide variety of options for customizing the techniques used for ping scans. Despite its name, this technology goes well beyond the simple ICMP echo requests mentioned earlier. Using various options, you can skip the ping step entirely with a list scan (-sL) or by disabling ping (-Pn), or engage the network with arbitrary combinations of multi-port TCP SYN/ACK, UDP, and ICMP probes.

No matter what method you use, the objective is always to demonstrate which IP addresses are actually active (being used by a host or network device). On most networks, only a small percentage of IP addresses are active at any given time. This is particularly common with private address space such as This is used by many organizations of all sizes, many with much fewer devices than the 16.8 million IP addresses which are available in that address space. Some will have fewer than a thousand machines.

So, without going in too many details, here are a few ways that a typical ping scan can be performed using :

nmap, nmap or nmap

Any of these three commands will do the same thing, assuming that resolves to They scan that one IP address and then exit.

nmap, nmap, nmap 64.13.134.-, nmap

These four commands all instruct Nmap to scan the 256 IP addresses from through In other words, they ask to scan the class C sized address space surrounding

nmap --exclude,

This command instructs Nmap to scan the class C around, but to skip and if they are found within that address range.

nmap --exclude,

This one instructs Nmap to scan the whole private 10 range but to skip any IP address starting with 10.6 as well as the host.

We could go on forever with similar examples of the tool’s versatility. Nmap’s website ( provides ample documentation on how to do just about anything with this powerful tool.

Some Other Tools You Can Use

As powerful as can be, it’s not the easiest tool to use and it’s also not the prettiest. It will get the job of scanning a subnet or a range of IP addresses done but, if this is something you intend to do on a regular basis—and you probably should—perhaps you’d like to have a look at some alternative tools we’ve reviewed for you.

1. SolarWinds Ping Sweep (Part Of The Engineer’s Toolset)

First on our list is a tool from SolarWinds, maker some of the best network administration tools. The company is also known for its many free tools. When it comes to doing a ping scan, the SolarWinds Ping Sweep tool is simply one of the best products you can find. It is part of the SolarWinds Engineer’s Toolset, a bundle of more than 60 useful, Windows-based network management utilities, including Ping Sweep.

Using the SolarWinds Ping Sweep is super-easy. The tool has a graphical user interface where you enter the IP address range you want to scan. The range can be as big or as small as you want. You can even scan a discontinuous list of IP addresses from a text file. For instance, you could extract a list of assigned IP addresses from your DHCP server and use it as the tool’s input to see which ones are actually used.

SolarWinds Ping Sweep Screenshot

The SolarWinds Ping Sweep tool will ping all the specified IP addresses and list those that responded. This could hardly be simpler. The results can be exported to several file types such as CSV, XML, or even a web page. That way, you can analyze the results using your own favourite tool. As for the results, they don’t only include the IP addresses of the responding hosts. The tool also shows you each address’ response time and it does a reverse DNS lookup to find and display their hostnames.

Prices for the SolarWinds Engineer’s Toolset–including Ping Sweep–start at $1 495. This is a per named user price and you’ll need one license for each named user. Considering all the other tools that are part for bundle this is well worth the investment – and don’t forget there’s a 30-day trial which you could take advantage of.

Other Tools In The SolarWinds Engineer’s Toolset

The SolarWinds Engineer’s Toolset includes many more dedicated troubleshooting tools. Tools like DNS Analyzer and TraceRoute can be used to perform network diagnostics and help resolve complex network issues quickly. For security-oriented administrators, some of the tools can be used to simulate attacks and help identify vulnerabilities.

SolarWinds Enginerr's Toolset - Web Console

The SolarWinds Engineer’s Toolset also features some excellent monitoring and alerting capabilities. It includes several tools to monitor your devices and raise alerts for availability or health issues. And finally, you can use some of the included tools for configuration management and log consolidation.

Here’s a list of some of the other tools you’ll find in the SolarWinds Engineer’s Toolset:

  • Port Scanner
  • Switch Port Mapper
  • SNMP sweep
  • IP Network Browser
  • MAC Address Discovery
  • Response Time Monitor
  • CPU Monitor
  • Memory Monitor
  • Interface Monitor
  • TraceRoute
  • WAN Killer Network Traffic Generator
  • Router Password Decryption
  • SNMP Brute Force Attack
  • SNMP Dictionary Attack
  • Config Compare, Downloader, Uploader, and Editor
  • SNMP trap editor and SNMP trap receiver
  • Subnet Calculator
  • DHCP Scope Monitor
  • DNS Structure Analyzer
  • DNS Audit
  • IP Address Management

Official Download link:

2. Angry IP Scanner

Despite being deceptively simple the Angry IP Scanner makes extensive use of multithreading, making it one of the fastest tools of its kind. It is a free multi-platform tool which is available for Windows, OS X, or Linux. Since the tool is written in Java, you’ll need to have the Java runtime module installed to use it. This is pretty much the tool’s only drawback. This tool will not only ping IP addresses, but it will also optionally run a port scan on discovered hosts. It can also resolve IP addresses to hostnames and MAC addresses to vendor names. Furthermore, this tool will provide NetBIOS information about each responding host.

Angry IP Scanner Windows - IP Range

The Angry IP Scanner can not only scan complete networks and subnets but also an IP addresses range or a list of IP addresses from a text file. Although this is a GUI-based tool, it also comes with a command-line version that you can use if, for instance, you want to include the tool’s functionality in your scripts. As for the scan results, they are by default displayed on the screen in table format but they can easily be exported to several file formats such as CSV or XML.

3. Advanced IP Scanner

Advanced IP Scanner may seem like just another free IP address scanning tool but it has an interesting twist. The tool, which runs on Windows, is totally geared towards that operating system and it features several Windows-related advanced functionalities. More about that in a moment. The tool’s publisher claims this free software is used by over 30 million users worldwide. It is a portable tool that requires no installation.

Advanced IP Scanner

As for the tool’s functionality, it takes an IP address range as input but you can also supply a text file with a list of IP addresses. The results you get from this tool are impressive. You get, of course, the list of IP addresses that responded but you also get their corresponding hostname, MAC address and network interface vendor. For each responding Windows host, you also get a live list of its network shares. By live, I mean that you can click any share to open it on your computer—provided that you have the proper access rights. You can also start a remote control session with any discovered Windows host using either RDP or Radmin or even remotely turn a computer off.

4. Network Pinger

Network Pinger is another free Windows tool. Its interface is one of the most intuitive you can find. The tool’s performance is one of the best you can find. It was clearly optimized for the best possible performance. This tool can send 1000 pings in just 35 ms. This is fast; very fast. Network Pinger features several built-in tools. There’s automated mass ping, traceroute, port scanning, WMI, DNS and Whois queries, an IP calculator and converter, and many more.

Network Pinger Screenshot

Network Pinger makes great use of its graphical user interface and is loaded with visual features. For example, it can build live charts as it performs a ping sweep displaying a visual rendition of the important statistics such as a pie chart depicting the responding vs non-responding hosts or a graph showing average response times.

5. NetScan Tools

There are two different versions of NetScan Tools, a paid one called NetScan Tools Pro Edition and a free, ad-supported one called NetScan Tools Basic Edition with a reduced feature set. Both are toolsets which include multiple utilities and both include an IP address scanning tool called Ping Scan.

NetScan Tools Basic - Ping Scanner

NetScan Tools’ Ping Scan takes an IP address range as input, like most other IP address scanning tools. It scans the provided IP addresses and returns a list of all the scanned IP addresses with their hostname (when resolvable), average response time and a status in text form. Other useful tools in NetScan Tools include DNS tools, Ping, Graphical Ping, Traceroute, and Whois. If all you need is the IP address scanning functionality, go with the free Basic Edition.

6. MiTeC Network Scanner

Last on our list is a free tool called the MiTeC Network Scanner. This is another multi-use tool. It boasts a powerful IP address scanning function which can find any responding host in the specified range. The software will list each found device’s MAC address, hostname, and response time. In addition to just pinging each host, this tool can also poll SNMP-enabled devices and list their interfaces. It can also identify Windows computers and let you see their shares, remotely shut them down, perform remote execution, and more.

MiTeC Network Scanner Screenshot

But back to IP address scanning, the results show up as a table on the software’s dashboard. They can then be exported to a CSV file to be used with another tool. The tool will run on most modern versions of Windows—either workstation or server—since Windows 7. As for the tool’s other advanced features, there are simply too many to mention them all. It includes, for instance, a Whois function and a DNS resolution function.

Read Using Nmap For Ping Scan + Other Tools to Use by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

How to Use Nmap For Traceroute to Discover Network Paths

Traceroute—or tracert if you’re living in the Windows world—is, together with ping, one of the most-used network troubleshooting tools. As its name implies, traceroute will trace the route from one computer or network-connected device to another. It’s a very useful tool that will not only test the connectivity to a host but also reveal a lot about the path to get there and some issues that may be plaguing it. Although traceroute is a great tool, it’s also a rather limited tool and does nothing but tracing routes. On the other hand, Nmap, another well-know utility—albeit not as much—which is coming from the Linux world provides a way to trace the route to a host but it also offers a lot of extra functionality. In fact, Nmap’s primary uses are discovering networks and scanning ports. Today, we’re having a look at using Nmap for traceroute.

Before we get to the actual explanation of how to use Nmap for traceroute, we’ll begin by first introducing the traceroute utility. Knowing what it is but, more importantly, how it works will help you better understand how Nmap performs the same kind of task. Next, we’ll briefly introduce the Nmap utility, discussing what it is, where it’s coming from and what it can be used for. We’ll follow that by discussing how to use Nmap for traceroute and explain how Nmap actually performs the trace. You’ll see that it is radically different from traceroute’s approach. And finally, we’ll have a brief look at some other tools you can use to trace the route between two devices. As you’ll see, there are plenty of options available.

About Traceroute

The definition of traceroute from Wikipedia is very clear: “Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network”. As good as that description is, it kind of fails to give much detail about what it is concretely and how it works. Let’s explain. Traceroute will tell you the IP address of every router located between your computer and the remote computer. But that’s not all, traceroute will also report on the network delay between each of these routers.

Traceroute is a very old tool. The first version was released back in 1987. This is over 30 years ago; an eternity in computer years. It is also a very common tool. First introduced on the Unix operating system, it is now present on every Unix-like OS including Linux and Mac OS. It even eventually got ported to the Windows platform where it was renamed to tracert because of the original 8-character limit on filenames in Windows.

Traceroute is a tool that every network administrator should understand and use. Unfortunately, many of its users don’t completely understand how it works and can, therefore, run into some of the utility’s pitfalls. For example, the path could be asymmetrical with traffic in taking a different route than traffic out and the tool wouldn’t see it.

Traceroute’s Operation

First, a few prerequisites. The Internet—or any IP network, for that matter—is made of interconnected routers. Routers talk to each other, exchanging information about what networks they know how to reach. They use this information to build routing tables. Whenever a data packet reaches a router, it looks up the destination in its routing table and proceeds to send it to the next router on the path. The router only knows about the next router and has no idea of the complete path. It doesn’t have to.

In order to limit propagation delays due to excessive routing hops, the header of every data packet contains a field of data called the TTL or Time To Live. This is a true misnomer as the value of the TTL has nothing to do with time but everything to do with distance instead. When a packet leaves its origin, the TTL is set to 32. From then on, every router that handles it along the path to the destination decrements the TTL by one before routing the packet. When the TTL value reaches zero, a router will not route the packet and will instead return an ICMP “Time Exceeded” message back to the packet’s origin.

Tracert Sample Run

Traceroute exploits this error detection and reporting system to perform its feat. Traceroute will first send a packet to the destination with the TTL set to 1. The very first router on the path will decrement the TTL and return the Time Exceeded message, allowing traceroute to learn about the IP address of that first router–or hop, as it is often referred to. Traceroute will then send another packet with the TTL set to 2 and learn about the second hop. And it will keep doing that, incrementing the TTL each time until it eventually gets a response from the destination, telling it that it has been reached.

Traceroute will typically also measure the time it takes to get each successive response, allowing it to build a table of the response time for each hop. It will often also do a DNS lookup of each hop’s IP address to display each host’s FQDN instead of just their IP addresses in its results.

Traceroute’s Shortcomings

For the previous explanation, you’ll have figured that, due to the way it operates, traceroute will only show you the path towards the destination. It has, however, no way of discovering the return path. That could be a problem, especially in situations where the return path is somehow delayed. Traceroute measures the time it takes to get each response but it has no way of knowing if any delays were encountered on the way out to the destination or on the way back, potentially providing misleading results.

There’s also a potential problem with destinations that are load-balanced on several hosts. Nothing guarantees a traceroute user that each successive packet is sent to the same load-balanced host. And if the two hosts are in different locations, this could lead to inaccurate results.

Finally, for obvious security reasons some routers are configured not to respond to the type of requests that traceroute uses. This won’t stop traceroute from functioning and the utility will simply ignore those hops and report them as unreachable. However, some more advanced tools—such as Nmap—can use different types of packets for their path discovery, thereby mitigating the risk of unresponsive hops.

Introducing Nmap

Nmap, which stands for “Network Mapper” is a free and open-source utility for network exploration and security auditing. It was designed to rapidly scan large networks but it works just as well against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap is primarily used for security audits but many systems and network administrators use it for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Here’s an overview of all that Nmap can be used for:

  • Host discovery
  • Port discovery / enumeration
  • Service discovery
  • Operating system version detection
  • Hardware (MAC) address detection
  • Service version detection
  • Vulnerability / exploit detection, using Nmap scripts (NSE)
  • Network path discovery (traceroute)

Nmap was created by Gordon Lyon (A.K.A. Fyodor Vaskovich) and originally distributed under the GNU Public License (GPL). Unsatisfied with some of the terms of the license, the authors eventually added clarifications and specific interpretations to the license where they felt the GPL was unclear or lacking.

Using Nmap For Traceroute

Using Nmap to perform a traceroute is super easy. All you have to do is add the –traceroute option to the command. For instance:

nmap --traceroute

The –traceroute option can be used together with most types of Nmap scans except connect scans (-sT) and idle scans (-sI). The tracing is performed post-scan using information gleaned from the scan results to determine the port and protocol most likely to reach the target. All traces use Nmap’s dynamic timing model and are performed in parallel.

Contrary to the original traceroute utility described above, Nmap’s traceroute starts with a high TTL and then decrements it until it reaches zero. Doing it backwards (as compared with traceroute) lets Nmap employ clever caching algorithms to speed up traces over multiple hosts. On average Nmap sends 5 to 10 fewer packets per host, depending on network conditions.

A Few Other Traceroute Tools You May Want To Try

Traceroute (or tracert) and Nmap are not the only tools you can use to trace network paths. In fact, many tools are available from various vendors. Some claim to do it faster, some will succeed where others fail by using different ports and packet types to do their thing. Let’s review a few of the best traceroute tools we could find. It will give you an idea of what’s available.

The last two tools on our list are online tools. They essentially perform the same type of test as any traceroute, but they do it from an origin on the Internet. Most such services let you select the point of origin with the best ones offering options in multiple countries. Their primary use is in identifying how website users reach your site.

1. Traceroute NG From SolarWinds (FREE DOWNLOAD)

SolarWinds is a well-known name in the field of network management tools. The company makes some of the best monitoring tools starting with its flagship product, the Network Performance Monitor, a complete network monitoring solution. SolarWinds also has a solid reputation for making great free tools that address specific needs of network administrators. Traceroute NG is one such tool.

Traceroute NG leverages the SolarWinds Netpath technology to offer continuous TCP and ICMP tracing. It claims to be faster than other traceroute utilities and to return results in mere seconds. Of course, this mostly depends on the network.

Traceroute NG Screenshot

But Traceroute NG not only improves on the speed of traceroute. It also returns quite a bit more information, giving you a deeper insight into the situation. For each hop, the tool will use ping to return the packet loss percentage, the current and average response time as well as a latency bar graph. Also important, Traceroute NG will use a reverse DNS lookup to find and display the Fully Qualified Domain Name, or FQDN, of each hop.

Another great feature of Traceroute NG is its automatic detection of path changes. If there are multiple paths to a given host, the tool will figure it out and display each path individually. This is very useful when troubleshooting load-balanced environments. The tool will also let you choose to perform the test using either TCP or ICMP packets. This can be useful if some device along the path blocks ICMP, for example. And last but not least, this tool will write the results of its test to a .txt log file.

Traceroute NG runs on Windows only but, deceptively, it’s not a true Windows application. While it does run under the Windows operating system and is displayed within a window, it is mostly a text-based tool. But then again, would a GUI increase the tool’s usefulness? Probably not.

The tool, which is downloaded as a .zip file requires no installation but it relies on Winpcap which must be installed if it’s not already present on your computer. Traceroute NG, however, will detect its absence when it starts and will automatically launch the Winpcap installer which is included in the .zip file.

2. Open Visual Traceroute

If what you’re after is a true GUI-based traceroute tool, Open Visual Traceroute might be just what you need. The tool, which is available for Windows, most flavours of Linux, or Mac OS is simply amazing. And to make thing even better, the tool is free and open-source, released under the LGPL V3 license.

Open Visual Trace Route

The main component of this software is the Visual Traceroute per se. It is a visual, GUI-based utility that will let you see on a World 3D map–or 2D if you prefer–what path the data is taking to go from your computer to the target host. The map can be zoomed and scrolled at will, providing any level of detail you might want.

Open Visual Traceroute also comes with a few more tools, making it an even more useful product. First, there’s a “packet sniffer”. It’s not a packet sniffer like Wireshark, though. Its purpose is solely to allow you to see what data is being sent back and forth from the local system to the Internet. There is also a Whois feature that will pull information about domain names from the Internet.

3. MTR (My Traceroute)

MTR was first developed by someone named Mike and the acronym stood for Mike’s Traceroute. Someone else has taken over and renamed it to My Traceroute but it’s still the same product. The software has been around since 1997. If its longevity is a testament to its quality, this ought to be a pretty good tool.

My Traceroute GUI Interface

And it is. Functionally, it is almost identical–or at least very similar–to Traceroute NG reviewed above. The main differences between the two are that while the former is a Windows application, MTR runs on Linux and can be used with a GUI or from the command line.

Concretely, MTR combines the functionality of traceroute and ping in one network diagnostic tool. When you run the software, it first operates exactly like traceroute to learn the network path to a specified host. Once it knows the path, the tool can go a bit further. It will send a sequence of ICMP ECHO requests to each hop to measure the quality of the link to each router. And as it does that, it displays the measured statistics on the screen. In fact, it prints it to the standard output, meaning that it can be redirected to a file.

4. Monitis Online Visual Trace Route Tool (Online Tool)

Monitis is a TeamViewer company that makes a well-known website performance monitoring platform. The cloud-based virtual service will allow you to monitor your websites, servers, applications, and more anytime and from anywhere. With close to a quarter-million users, this is a rather popular platform.

Like many other vendors, Monitis has a few free tools available on their website. The Online Visual Trace Route, despite the unusual spelling, is exactly what it says it is. It will trace the route between Monitis’ server and the host you specify and plot it on a map of the World. Unfortunately, the map display rarely includes all hops. This is normal as the tool won’t be able to geolocate every hop and some hos won’t respond at all. And this is true of any such tool, not just this one.

Monitis Online Visual Trace Route

If you scroll down the screen, you’ll see that the tool also present the information in a tabular form, much like a traditional traceroute tools would. You might also notice that, at the top of the tabular display, there are three tabs labelled United States, Europe, and Asia/Pacific. You’d be lead to think that clicking on a tab runs the test from a different source located in those three geographic areas but, looking at the results, it doesn’t seem to be the case. Both the table and the map display change from one tab to the other but I haven’t been able to figure out how they operate.

5. G-Suite.Tools Visual Traceroute (Online Tool)

Don’t let yourself get fooled by its name, G-Suite.Tools is in no way related to Google. The website proposes a handful of useful network and Internet tools. Among those is a visual traceroute tool. Using it is pretty simple. You simply type in an IP address or FQDN and click the TRACE button. Pretty soon, a smallish map on the page will visually display the path to the specified host.

G-Suite.Tools Visual Traceroute

Like most other similar tools, a table is available. It shows IP address and FQDN (when resolvable) as well as the cumulative round-trip time to each hop. One thing we particularly loved about this tool–and it is particularly well-suited for newcomers–is the wealth of information about the traceroute process that can be found on the page.

While you’re there, G-Suite.Tools has a few other tools you might want to use. Each can be easily accessed from a ribbon menu at the top of the page. There’s DNS Lookup, Whois lookup, ping, my IP address, IP address location as well as a tool to verify the operation of email addresses.

Read How to Use Nmap For Traceroute to Discover Network Paths by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The 10 Best Network Scanner Tools and Software to Use

If you need to know what’s currently connected to your network, your best bet is to scan it and see what actually responds. While this can be done manually, on all but the smallest of networks, this can quickly turn into a considerable—and time-consuming—endeavour. Fortunately just as there are a million reasons why you’d need to scan your network, there are also a million products that can help you do just that. So many options are available that picking the best tool for the purpose can be an overwhelming challenge. Today, we’re having a look at some of the best network scanner tools.

We’ll begin our discussion by having a look at network scanning. We’ll try to cover the how and the why of it. Next, we’ll be introducing ping. After all, this is by far the most useful tool for network scanning and many integrated network scanning tools use it in the background or they use similar techniques. Knowing ping’s inner workings will help you better understand how network scanners operate. And last but not least, we’ll review some of the very best network scanning tools.

Network Scanning 101

Other than the pure fun and enlightenment of knowing what IP addresses are in use, there are several reasons one would want to scan IP addresses. First and foremost is security. Scanning IP addresses on a network allows you to quickly discover unauthorized devices. These could, for instance, be devices connected by malicious users to spy on your organization.

But even well-intentioned users can sometimes wreak havoc by connecting their personal devices. I recall that user who prevented many of his colleagues from accessing the corporate network when he connected his home Internet router to it. He just needed a couple of extra ports to connect an additional test computer and thought he could use the switch built into his router. Unbeknownst to him, the router started issuing IP addresses from its built-in DHCP server. And several of his colleagues got assigned erroneous IP addresses.

Other than for security reasons, scanning IP addresses is also the first step in any attempt at IP address management. While many—if not all—IP address management (IPAM) tools do include some form of IP address scanning, many choose to manage IP address using a manual process instead of an integrated tool. In these situations, IP address scanning tools become a necessity.

For people without any kind of formal IP address management process, scanning IP addresses is possibly even more important. It will often be the only way to ensure that there are no IP address conflicts. It can, in fact, be considered a rather crude way of pseudo-managing IP addresses.

Introducing Ping

No matter what you need for scanning IP addresses is, most tools are based on Ping. Let’s have a look at this ubiquitous albeit antique utility. Ping was created out of necessity back in 1983 proving once more that necessity is the mother of invention. Its developer needed a tool to help in debugging an abnormal network behaviour he was observing. Its name refers to the sound of sonar echoes as heard in submarines. Today, ping is present on almost every operating system, yet its implementation varies somewhat between platforms. Some versions are offering multiple command-line options which can include parameters such as the size of each request’s payload, the total test count, the network hops limit, or the interval between requests. Some systems have a companion Ping6 utility that serves the exact same purpose but uses IPv6 addresses.

Here’s a typical use of the ping command on Linux (the “-c 5” option below tells ping to stop after five repetitions, mimicking the Windows default behaviour):

$ ping -c 5

PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=56 time=11.632 ms
64 bytes from icmp_seq=1 ttl=56 time=11.726 ms
64 bytes from icmp_seq=2 ttl=56 time=10.683 ms
64 bytes from icmp_seq=3 ttl=56 time=9.674 ms
64 bytes from icmp_seq=4 ttl=56 time=11.127 ms

--- ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms

Ping’s Inner Workings

Ping is a pretty simple utility. All it does is sending ICMP echo request packets to the target and waiting for it to send back an ICMP echo reply packet. This process is repeated a certain number of times—five by default under windows and until it is manually stopped by default under most Unix/Linux implementations. Once the command terminates, response statistics are compiled and displayed. The utility calculates the average delay between the requests and their respective replies and displays it in its results. On most *nix variants, it will also display the value of the replies’ TTL (time to live) field, giving an indication of the number of hops between source and destination.

For the command to work, the pinged host must abide by RFC 1122. The standard specifies that any host must process ICMP echo requests and issue echo replies in return. And while most hosts do reply, some disable that functionality for security reasons. Firewalls also often block ICMP traffic. To circumvent this, the better IP address scanning tools can use a type of packet different from ICMP to check if an IP address is responding. Pinging a host which does not respond to ICMP echo requests will provide no feedback, which is exactly like pinging a non-existent IP address.

The Best Network Scanner Tools

This list includes some of the best tools we could find for network scanning. We’ve incorporated tools for most platforms so that whether you’re a Windows, Linux or Mac user, there’s something in there for you, Some of the tools on our list are pure network scanners while others are broader tools that do include a scanning module.

1. SolarWinds IP Address Tracker (FREE DOWNLOAD)

First on our list is a great tool from SolarWinds, a company that is well-known in the network administration field for making some of the best tools and also for publishing many free tools, each addressing a specific need of network administrators. Together with free tools such as the Advanced Subnet Calculator or the Kiwi Syslog Server, the SolarWinds IP Address Tracker is one such free tool.

SolarWinds IP Address Tracker Screenshot

The SolarWinds IP Address Tracker can be used to manage and track up to 254 IP addresses. This limitation makes it a fine tools for smaller installations. It will track IP address availability and alert you of an upcoming shortage of available IP addresses. It will also automatically detect IP address conflicts and alert you when it finds one. This feature-limited tool won’t interact with your DNS and DHCP servers, though. You’ll have to manually fix any issues it finds. It’s got an attractive dashboard-based user interface with colour-coded status and it also features historical trends and events reports.

2. SolarWinds IP Address Manager (FREE TRIAL)

For a more complete, enterprise-grade tool, the SolarWinds IP Address Manager might be just what you need. It starts where the IP Address Tracker stops. This is a full-featured IP address management tool that has none of the limitations of the free tool. This one can manage up to 2 million IP addresses, enough for the biggest environments.

SolarWinds IP Address Manager Screenshot

Although it doesn’t include DHCP or DNS capabilities, the IP Address Manager will interact with your existing DNS and DHCP servers, making it a true DDI solution. Of course, the tool features automatic IP address tracking. It wouldn’t be in this list if it didn’t. It will automatically monitor your subnets so that you always know how IP addresses are used. The system will alert you of IP address conflicts, depleted scopes, and mismatched DNS records.

The tool integrates with DHCP servers from Microsoft, Cisco, and ISC and will work with BIND and Microsoft DNS servers. Pricing starts at $1 995 and varies according to the number of managed addresses. A free 30-day trial is available if you want to test the product before purchasing it.

3. Angry IP Scanner

The Angry IP Scanner is a multi-platform tool that will run on Windows, Mac OS, and Linux. This tool can scan complete networks or subnets but also an IP addresses range or a list of IP addresses in a text file. It uses Ping to find IP addresses that are responding but it will also resolve hostnames and MAC address vendors as well as provide NetBIOS information for hosts that support it. This tool is also a port scanner and can list the open ports on each responding host.

Angry IP Scanner Screenshot

The Angry IP scanner is a GUI-based tool but there’s also a command-line version that you can use. This is useful for including the tool’s functionality in your scripts. Results are displayed on the screen in a table form and can be exported to several file formats such as CSV or XML.

4. Advanced IP Scanner

The Advanced IP Scanner has an interesting twist. The tool runs on Windows and is made for Windows. More about all that in a moment. This software simply takes an IP address range as its input. You could also supply the tool with a text file containing a list of IP addresses. The tool will scan the addresses and provide you with a list of those addresses that respond. But you don’t only have IP addresses, the tool will also display each host’s name, MAC address and network interface vendor.

Advanced IP Scanner Screenshot

For Windows hosts that the tool discovers, you get much more functionality. For instance, the tool will list network shares. And clicking any share opens it on your computer. You can also start a remote control session using either RDP or Radmin or remotely turn a Windows computer on–provided it has wake on LAN–or off.

5. SoftPerfect Network Scanner

The SoftPerfect Network Scanner will scan a range of IP addresses and list those that respond along with their MAC address, hostname and response time. It can also be used as a port scanner and will optionally list what IP ports are open on each host.

SoftPerfect Network Scanner Main Window

Just like our previous entry, additional functionality is available for Windows hosts. This tool will, for instance, display all shares on each host. Even hidden shares will be displayed. It can also list what user account(s) are currently connected to each Windows computer. Furthermore, the tool will let you remotely access computers and run commands remotely. And finally, you can broadcast messages to the discovered computers.

6. LizardSystems Network Scanner

The main difference with the LizardSystems Network Scanner is that it is browser-based. It runs only on Windows and requires Internet Explorer. As for its features, they leave nothing to be desired. The tool is easy to use, it offers great performance thanks to its use of multi-threading, and it’s scalable. There’s actually no limit to the number of addresses you can scan.

LizardSystems Network Scanner Screenshot

There are also quite a few advanced features such as results filtering or customizable status checks that will check for any port you specify. It will also retrieve NetBIOS information as well as verify access rights to remote resources. And if you want to manipulate the results, you can export them to HTML, XML, or text.

7. LanScan

LanScan from Iwaxx is available from the Apple app store. It’s a simple application that does just what its name implies: scan a LAN. It is a free, simple and efficient IPv4-only network scanner. It can discover all active devices on any subnet. It could be the local one or any other subnet that you specify. In fact, it is quite flexible when it comes to specifying what to scan and it can be as small as a single IP address and as large as a whole network. A unique characteristic of this product is how it will use ARP to scan a local subnet and use ping, SMB, and mDNS packets to scan external and public networks.

LanScan Mac Screenshot

This product has several advanced features. It will, for instance, automatically detect configured interfaces. It will also display the IP address, MAC address, hostname and interface card vendor associated with each discovered IP address. It will also discover SMB domains if they are in use and will do hostname resolution using either DNS, mDNS for Apple devices or SMB for Windows devices.

In-app purchase will let you upgrade the app to the pro version which has only one extra feature: it will display the full hostname of each discovered host. The free version will only display four full hostnames and the first 3 characters of the remaining ones.

8. IP Scanner For Macintosh

The IP Scanner for Macintosh will scan your LAN to identify what IP addresses are in use and identify all computer and other devices on the network. The product is free for use on small home networks of up to six devices and paid Home and Pro versions are available for larger networks. The tool yields powerful results yet it is easy and intuitive to use. Local networks are scanned automatically and custom IP address ranges can be added and scanned manually

IP Scanner for Macintosh Screenshot

The IP Scanner for Macintosh is designed to allow you to customize your scan results. Once a device has been identified, you may assign it a custom icon and name to more easily recognize it at a glance. The tool will let you sort the results list by device name, IP address, MAC address or Last Seen timestamp. It can also give you an overview of the current network or show you changes over time.

The results display is highly customizable and you can adjust columns, text size, bezel transparency, and more. Double-clicking a device gives you more information and allows you to customize its appearance. Right-clicking a device will let you initiate a ping sequence or run a port scan of it.

9. Bopup Scanner

It is unexpected to see a product from B-Labs on this list as the company usually specializes in messaging systems. In fact, its Bopup Scanner is its only network administration tool. It is a free tool for the Windows operating system.

BopUp Scanner Screenshot

This tools will scan your network and output a list of all connected devices. It displays IP addresses, hostnames, and MAC addresses. It will also tell you if a web server is responding on each host it tests. You can drill down on each host to view more information such as a list of available shares. Option-wise, the tool will let you specify exactly what IP addresses to scan and you can also set the response timeout to prevent unresponsive IP addresses from slowing down the process.

10. MyLanViewer Network/IP Scanner

The MyLanViewer Network/IP Scanner is a free IP address scanner for Windows whose main differentiating factor is how results are displayed. Instead of a table with a list of IP addresses and corresponding parameters, this tool presents the results in a hierarchical way. It looks like the left pane of a Windows Explorer window.

MyLANViewer IP Scanner

This tool will scan the whole network where the computer used to run it is connected. It will show each responding host as a node on a tree structure. Clicking the plus sign next to any entry will reveal more information about it. It displays the same complement of data as most other tools.

Read The 10 Best Network Scanner Tools and Software to Use by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Serpstack Review: A JSON Rest API for Google Search Results

If you need to fetch search engine results—in particular those from Google—one way to do it is to run an actual search on and try to parse the intricate HTML code that you’ll get as a result. It can be done but it’s quite an endeavour. If you want to take an easier route, why not use a dedicated SERP API that you can feed with your search term and that will return the results in a format that can easily be parsed. One such product is the Serpstack API from apilayer. It takes your search query string and parameters as input and returns the search results in JSON format. Let’s have an in-depth look at the product.

Serpstack Home Page

We’ll start off as we often do by discussing SERP in general. Next, we’ll explain what it is and describe a few of the different types of results that are typically available from search engines. We will also explore some reasons why one would use a SERP API. And once we’re all on the same page, we’ll have a detailed look at the Serpstack API. We’ll have a quick look at some of its main features before we dig into how to use the API. And before we conclude, we’ll explore the service’s pricing structure and available plans.

SERP In A Nutshell

First things first, SERP is an acronym for Search Engine Results Pages. These are the web pages that are served to users when they search for something online using a search engine such as Google or Bing. The user specifies their search query using specific terms and phrases that are commonly referred to as keywords and then the search engine presents them with a SERP.

Every SERP is unique. This is even true of multiple search queries performed on the same search engine using the same keywords or query text. The main reason for that is that virtually every search engine customizes the experience for their users by presenting results based on a wide range of factors that go well beyond their search terms. These factors can include the user’s physical location, his browsing history and social settings, etc. And while two SERPs may appear identical and may contain many of the same results, they will often feature subtle differences.

Search engine providers such as Google, Bing or other players are constantly evolving their services and technologies and experimenting with their results. Their goal is to offer their users a more responsive and intuitive experience. As new technologies are introduced in the search space—and they are at an amazing pace, the SERPs’ appearance change, and they are today quite different from what they once were.

Organic Results

SERPs will normally contain two types of content: organic results and paid results. Organic results are listings of web pages that appear as a result of the search engine’s algorithm. More on this in a moment. Search Engine Optimization, or SEO, is the science—or is it rather an art—of manipulating content to trick search engines into listing our website for a specific keyword or search string.

About Search Algorithms and Ranking Signals

So, back to organic results. In a nutshell, they are listings that have been indexed by the search engine based on a number of factors that are collectively referred to as “ranking signals.” For instance, the search algorithm used by Google features hundreds of ranking factors. Search engine providers tend to keep the details of their ranking system secret. So, while nobody outside of Google—and possibly not that many people inside—know precisely what the ranking signals are, some are considered to be more important than others.

Why use a SERP API?

There are several reasons why anyone would have a use for a SERP API. There’s the obvious need for periodically retrieving SERP data for your products and websites and keeping track of it over time as it is an essential part of any SEO strategy. With rankings constantly fluctuating and search keywords becoming more or less applicable and valuable in the course of time, there is only one way of staying on top of these changes and that is to use a ready-made Software-as-a-Service (SaaS) solution that implements SERP data directly into your own applications or websites using a SERP API like Serpstack.

In a nutshell, the main difference between using a browser to retrieve SERP data and using a SERP API such as Serpstack is the format of the response. The Serpstack API will return JSON data that is easily parsed by your in-house software. Using it frees you from having to extract the meaningful data from all the surrounding web formatting.

Introducing Serpstack

In one sentence, Serpstack is a real-time and accurate Google Search results API. Trusted by some of the largest brands worldwide, this JSON REST API is lightning fast and easy to use. The product is built and maintained by apilayer, a software company based in London, United Kingdom and Vienna, Austria. Originally created out of an internal need to keep track of search engine positions in an automated fashion, the product has grown to become one of the most trusted SERP APIs available on the market. As for apilayer, this is the company behind some of the most popular API and SaaS products worldwide, including Currencylayer, Invoicely and Eversign.

The Serpstack API retrieves SERP data from search engines in an automated fashion by using a proxy network and a proprietary scraping technology whenever API requests are made. The resulting SERP data is publicly available and anyone can access it. Furthermore, the Serpstack API supports nearly all the search result types returned by Google, including web results, image results, video results, news results, shopping results, sponsored ads, questions, and much more.

Built on top of apilayer cloud infrastructure, a system that some of the world’s most popular real-time API services are running on, the Serpstack API is highly scalable and flexible at any stage. It was built to offer a way of scraping Google SERP data in real-time and at any scale. Implementing the service takes just a few minutes using a simple HTTP GET URL structure, and results are returned either in JSON or CSV format.

Main Features Of Serpstack

Feature-wise, the Serpstack API leaves nothing to be desired. First and foremost, the service is highly scalable and always queueless. Apilayer’s powerful cloud infrastructure was simply built to withstand high volume API requests without the need for a queue. It has been at the core of several of the company’s products. It is also highly customizable. Since no two customers have identical needs, you can tailor your automated search queries based on a series of options, including location, language, device, and more.

Using this product, gone is the worrying about global IPs, browser clusters or CAPTCHAs. Thanks to a powerful underlying proxy network, this SERP scraping API has got you covered in pretty much every single situation. And it’s also easy on the budget. You get up to 100 monthly requests for free and, should you need more than that—and you’ll most likely do—paid plans start at only $29.99 a month. We’ll cover the product’s pricing in greater detail shortly.

Here’s an overview of some of the product’s most important features:

Simple Integration

Using the Scrapestack API could hardly be easier right from the get-go. It only takes a few minutes to create customized queries and start scraping SERP pages at any scale using custom locations, devices, languages, and more.

High Level of Security

All data streams sent to and received from the Serpstack API are encrypted using 256-bit SSL Encryption. This is the same type of security that is used by banking sites or most e-commerce platforms. You can rest assured that your data will remain protected.

Unparalleled Speed and Availability

With a near-perfect availability score, you can rest assured that the Scrapestack API will be there when you need it. And apilayer never compromises on speed. API requests sent to the API are processed in a matter of milliseconds. Of course, how fast the results come is also dependent on Google’s response times.

Serpstack Status Page

Choice of Output Formats

To make suing the SERP data even easier, the Serpstack easy-to-use REST API offers a choice of JSON or CSV responses. That makes it compatible with any programming language.

World-Class Support

It is often said that a product is only as good as its technical support structure. Again, this is a place where Scrapestack shines. If you have any technical questions, a trained team of specialists is there to assist you with any requests you might have. The response is quick and the service works rather well.

Extensive Documentation

Just as important as the support, the Documentation will often be your primary way of learning how to use a product. Serpstack offers extensive API documentation that is waiting to be explored. Using it will get you started within just a few minutes and make you an expert in a matter of days, not weeks or months.

Serpstack Documentaiton

Using Serpstack

Enough bragging about the product’s great features—and they truly are, let’s have a look at how you can actually use the product and the different types of requests you can make and the corresponding responses you can expect.

The Basics

To use the Serpstack API, you’ll first need to sign up for an account. This is free and as a result, you’ll be assigned a unique API access key. This is what you’ll use from now on to authenticate with the API via simple HTTP GET requests to access any of the available endpoints. So, to use the API you simply need to append your API key to the base URL using the “access_key” parameter. Here’s what a typical—albeit very basic and totally useless—request looks like:

? access_key = YOUR_ACCESS_KEY

For added security, all paid plans allow for the use of 256-bit SSL encryption. To use it, all you need is to send HTTPS requests instead of HTTP requests. For instance, the above example with encryption would become:

? access_key = YOUR_ACCESS_KEY

Whenever an API request fails, the Serpstack API will return a JSON object containing details about the error. For example, here’s what would be returned by the API if the maximum allowed API request limit has been reached or exceeded. Each subscription plan has a different limit to the number of requests one can make.


"success": false,

"error": {

"code": 104,

"type": "usage_limit_reached",

"info": "Your monthly API request volume has been reached. Please upgrade your plan."



API Request and Parameters

Unless specified otherwise, the Serpstack API will always default to delivering search results from Google. Consequently, if you want to query the API for Google search results, all you need to do is append the “query” parameter to the API’s base URL and set it to a search query of your choice. Here’s how a query using “mcdonalds” as the search term looks like with authentication and encryption:

? access_key = YOUR_ACCESS_KEY

& query = mcdonalds

As you can see, this is a rather simple syntax. There are, as you certainly would have imagined, a ton of optional parameters that can be appended to a request to further narrow down the search results. We’ll explore a few of them in a moment but a detailed list of all of them is available in the online API documentation.

API Responses

The responses you’ll get from the Serpstack API will strongly depend on your search query and the parameters you choose to use. A basic query with no filtering specified will return a ton of data. Here’s the beginning part of the response you’d get from the example query above.


"request": {

"success": true,

"processed_timestamp": 1566207832,

"search_url": "",

"total_time_taken": 1.5


"search_parameters": {

"engine": "google",

"query": "mcdonalds",

"type": "web",

"device": "desktop",

"google_domain": "",

"hl": "en",

"gl": "us",

"page": "1",

"num": "10"


"search_information": {

"total_results": 759000000,

"time_taken_displayed": 0.91,

"did_you_mean": null,

"showing_results_for": null,

"query_displayed": "mcdonalds",

"detected_location": null,

"no_results_for_original_query": false


The purpose of the above sample is just to give you an idea of what the results may look like. I’ve only included the first 25 lines of the response which, in its entirety is over four hundred lines long.

As you may have noticed when using Google search, a typical search result page has different sections, each displaying a different type of results. You’ll have paid ads results, organic results, images, videos, etc. Furthermore, a ribbon at the top of the page will let you display specific types of results such as maps, news, shopping or books, just to name a few. Various optional parameters will allow you to specify what type of search results you’re interested in getting, making the parsing of the resulting JSON file much simpler. Let’s have a deeper look at some of the different types of results you can get.

Ad Results

Whenever there are sponsored ads for your search query—and there will most often be, the API response will come with an ads object. It contains all the ads in the order they are shown in the search result. It includes both ads that are shown at the top and at the bottom of the search result.

Organic Results

Organic search results are the main search results provided by Google, and they are likely those you’ll be particularly interested in. They are determined by a series of factors, such as web traffic, back-links, social media presence, and much more, with the exact algorithm kept secret by Google in order to keep its competitive edge. These results are parsed by the API in detail and returned as “organic_results”.

Image Results

Just as there are two ways to get image results from a Google search, there are two ways images can be returned by the API. When doing a standard web search, some images are provided by Google within the search results. These images—which are referred to as inline images—are returned by the Scrapestack API within an “inline_images” array.

"image_results": [


"position": 1,

"title": "McDonald's Gold Card: The True Story ...",

"width": 1024,

"height": 683,

"image_url": "",

"type": "png",

"url": "",

"source": ""



"position": 2,

"title": "McDonald's - Wikipedia",

"width": 1200,

"height": 1051,

"image_url": "",

"type": "png",

"url": "",

"source": ""



"position": 3,

"title": "Best New Global Menu Items ...",

"width": 970,

"height": 545,

"image_url": "",

"type": "png",

"url": "",

"source": ""



If, on the other hand, images are searched specifically, with the type parameter being set to images, images are returned as an “image_results” array. In these situations, the API returns 100 images by default.

Video Results

The exact same considerations we just went over for images are also valid for video results with the availability of both inline videos withing the global search results or dedicated video results

We could go on for pages and give you detailed information on the various types of results that the Serpstack API can return, but we think you’re getting the picture. Suffice to say that whatever type of results are returned by a typical Google search is also available within the API’s response. In addition to the types of results already described, the API will return, news results, shopping results, and local results as well as the contents of the results page’s answer box, weather box, events, top carousel, top stories, etc.

Supported Programming Environments

One of the best things about the Serpstack API is that you can easily use it from within most environments, Whatever the language you are using, as long as you can send HTTP requests, you should be good to go. All the popular web languages such as PHP or Python are supported. In fact, the API’s documentation includes examples of how to use it from PHP, Python, Nodejs, jQuery, Go, and Ruby.

Here is, for instance, the PHP code to print the total number of search results as well as each organic search result returned by the Serpstack API.

$queryString = http_build_query([

'access_key' => 'YOUR_ACCESS_KEY',

'query' => 'mcdonalds',


$ch = curl_init(sprintf('%s?%s', '', $queryString));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$json = curl_exec($ch);


$api_result = json_decode($json, true);

echo "Total results: ", $api_result['search_information']['total_results'], PHP_EOL;

foreach ($api_result['organic_results'] as $number => $result) {

echo "{$number}. {$result['title']}", PHP_EOL;


And here’s some code to accomplish the same thing in Python:

import requests

params = {

'access_key': 'YOUR_ACCESS_KEY',

'query': 'mcdonalds'


api_result = requests.get('', params)

api_response = api_result.json()

print "Total results: ", api_response['search_information']['total_results']

for number, result in enumerate(api_response['organic_results'], start=1):

print "%s. %s" % (number, result['title'])

Pricing And Plans

The Serpstack API is available under several plans depending on your needs. The most basic plan is the Free plan. As its name implies, it is free but, although it is not time-limited like typical trial versions it is feature-limited as well as usage limited. You’ll only be able to run up to 100 searches per month.

Serpstack Pricing Structure

The next three levels are full-featured and vary only by the maximum number of monthly searches you’re allowed to run. The Basic plan will give you 5000 for $29.99/month, the Business plan at $99.99/month brings it up to 20 000, and the Business Pro plan lets you run a whopping 50 000 searches for $199.99 per month. If none of these plans suit you, there’s also a variably-priced Enterprise plan that can be customized to your exact needs. If you choose yearly billing instead of monthly, you’re entitled to a 20% discount, making the service even more affordable.

Wrapping Up

In a nutshell, the Serpstack API is an easy-to-use, full-featured product that you can put to good use whenever you need to fetch SERP data from Google. Its stellar uptime and impressive response time are some of its best assets. Backed by apilayer which has brought us other excellent APIs, we’re confident that this one will deliver the results you expect. This is a product that we can only recommend.


Read Serpstack Review: A JSON Rest API for Google Search Results by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

6 Best ITIL Security Management Tools in 2019

ITIL is a relatively widespread and very thorough framework for IT service management. Originally from the UK and designed to serve both the government and private businesses, it is a set of highly structures processes, recommendations and practices. It is separated into several specific areas with security management being nothing more than one of many aspects of it. But since security is such an important topic—especially when considering the modern threat scene and how organizations are constantly being targeted by unscrupulous hackers—we’ve decided to have a look at some of the very best ITIL security management tool.

We’ll start off by explaining in greater details what ITIL is before moving on to the specific area of ITIL security management. Next, we’ll introduce the concept of Security Information and Event Management, describe what it consists of, and explain how it can relate to ITIL security management. We’ll finally get to the interesting part and present a quick review of some of the best ITIL security management tool, describing each tool’s best features and functionality.

ITIL In A Nutshell

ITIL, which used to stand for Information Technology Infrastructure Library, started way back in the 80s as an effort from the UK Government’s Central Computer and Telecommunications Agency (CCTA) to develop a set of recommendations and standard practices for IT service management in the government and the private sector as well. It originated as a collection of books, each covering a specific practice within IT service management and was built around a process model-based view of controlling and managing operations.

Initially composed of over 30 volumes, it was later somewhat simplified and services were grouped, reducing the number of volumes to 5. It is still in constant evolution and the latest version’s Foundation book was published last February, ITIL groups various elements of IT service management into practices, with ITIL Security Management being just one of many.

About ITIL Security Management

As for the Security Management ITIL process, it “describes the structured fitting of information security in the management organization.” It is largely based on the code of practice for information security management system (ISMS) now known as ISO/IEC 27001.

The main goal of security management is, obviously, to ensure adequate information security. And in turn, the primary goal of information security is to protect information assets against risks, Thereby maintaining its value to the organization. Typically, this is expressed in terms of ensuring its confidentiality, integrity and availability, but also with related properties or goals such as authenticity, accountability, non-repudiation and reliability.

There are two primary aspects of security management. First and foremost are the security requirements which could either be defined within service level agreements (SLA) or other requirements specified in contracts, legislation as well as internal or external policies. The second aspect of it is simply basic security that guarantees management and service continuity. It is somewhat related to the first aspect as it is necessary to achieve simplified service-level management for information security.

While ITIL security management is a broad concept, it is somewhat more circumscribed in the context of software tools. When talking about security management tools, several types of tools can come to mind. One type, however, seems to be more interesting than the others: Security Information and Event Management (SIEM) tools.

Introducing Security Information and Event Management (SIEM)

In its simplest form, Security Information and Event Management is the process of managing security information and events. Concretely, a SIEM system does not provide any real protection. This is different, for instance, from anti-virus software which actively stops viruses from infecting protected systems. SIEM’s primary purpose is to make the life of network and security administrators easier. A typical SIEM system simply collects information from various systems—including network devices and other detection and protection systems. It then correlates all this information, assembling related events, and reacts to meaningful events in various ways. SIEM systems also include some form of reporting and, more importantly, dashboards and alerting subsystems.

What’s in a SIEM System

SIEM systems vary greatly from vendor to vendor. There are, however, a certain number of components to them that seem to be present in many of them. They won’t all include all of those components and, when they do, they could function differently. Let’s review some of the most important—and most common—components of SIEM systems in greater detail.

Log Collection And Management

Log collection and management is without a doubt the most important component of a SIEM system. Without it, there is no SIEM. The first thing a SIEM system has to do is acquire log data from a variety of different sources. It can either pull it—using, for instance, a locally installed agent—or different devices and systems can push it to the SIEM tool.

Since each system has its own way of categorizing and recording data, the next task of the SIEM tool is to normalize data and make it uniform, no matter what its source it is coming from. How that step is done varies mainly according to the original format of the received data.

Once it is normalized, the logged data will often be compared against known attack patterns in an attempt to recognize malicious behaviour as early as possible. Data can also be compared to previously collected data, thereby helping build a baseline that will further enhance abnormal activity detection.

Event Response

It is one thing to detect event but, once an event is detected, some response process must be started. This is what the event response module of the SIEM tool is all about. The event response can take many forms. In its most basic implementation, an alert message will be generated on the system’s dashboard. Email or SMS alerts can also be generated as the primary response.

However, the best SIEM systems go a step further and they can typically initiate some sort of remedial process. Again, this is something that can take many forms. The best systems have a complete incident response workflow system that can be customized, providing exactly the type of response you need. The incident response does not have to be uniform and different events—or different types of events—can trigger different processes. The top SIEM tools can give you complete control over the incident response workflow.


It’s one thing to have log collection and management and to have an event response system in place, but you also need another important element: reporting. Even though you might not know it just yet, you will need reports; plain and simple. Your organization’s executives will need them to see for themselves that their investment in a SIEM system is paying off. But that’s not all, you might also need reports for conformity purposes. Complying with standards such as PCI DSS, HIPAA, or SOX is much easier when your SIEM system can generate conformity reports.

Reports may not be at the core of every SIEM system but they are still one of their essential components. Actually, reporting is one of the main differentiating factors between competing systems. Reports are like candies, you can never have too many. When evaluating systems, look at what reports are available and how they look like and keep in mind that the best systems will let you create custom reports.


The last important component of most SIEM tools is the dashboard. It is important as it is your window into the status of your SIEM system and, by extension, into the security of your IT environment. We could have said dashboards—with an S—just as well as there could be multiple dashboards available in some systems. Different people have different priorities and interests and the perfect dashboard for a network administrator will be different from that of a security administrator. Likewise, an executive will need a completely different dashboard as well.

While we can’t evaluate SIEM systems just on the number of dashboards they offer, you need to pick one that has the dashboard(s) you need. This is definitely something you’ll want to keep in mind as you evaluate vendors. And just like it is with reports, the best tools allow you to build customized dashboards to your liking.

Using SIEM As An ITIL Security Management Tool

No matter how complex the concept of security management can be in the context of the ITIL framework. It actually sums up to one primary goal: ensuring that data is secure. And although the whole IT security management paradigm has several different aspects, when it comes to the software tools you can use, there doesn’t appear to be an ITIL security management software package. On the other hand, there are countless offerings from various software publishers of tools aiming at ensuring the security of your data.

We’ve also seen how SIEM tools have a similar goal of preserving data security. It is, in our view, that common goal that makes them one of the best types of tools for IT security management. Keep in mind, however, that the practice of ITIL security management goes far beyond SIEM and, although they are a good starting point, they are only part of the solution, albeit an important one.

The Best ITIL Security Management Tools

Since we’ve established that the best ITIL security management tools were indeed SIEM tools, we’ve searched the market looking for the best of them. We found a great variety of tools from some of the best-known organizations. All of the tools on our list have all the major features you’d expect from a security management tool. Picking the best one for your particular need is often a matter of personal taste. Or perhaps one of the tools has a unique feature that appeals to you.

1. SolarWinds Security Event Manager (FREE TRIAL)

SolarWinds is a common name in the network monitoring world. Its flagship product, called the Network Performance Monitor is one of the best SNMP monitoring tool available. The company is also known for its numerous free tools such as its Advanced Subnet Calculator or its Free SFTP Server.

When it comes to SIEM, SolarWinds’ offering is the SolarWinds Security Event Manager. Formerly called the SolarWinds Log & Event Manager, the tool is best described as an entry-level SIEM tool. It is, however, one of the best entry-level systems on the market. The tool has almost everything you can expect from a SIEM system. This includes excellent log management and correlation features as well as an impressive reporting engine.

SolarWinds Security Event Manager Screenshot

FREE TRIAL: SolarWinds Security Event Manager

Official Download Link:

The tool also boasts excellent event response features which leave nothing to be desired. For instance, the detailed real-time response system will actively react to every threat. And since it’s based on behaviour rather than signature, you’re protected against unknown or future threats and zero-day attacks.

On top of its impressive feature set, the SolarWinds Security Event Manager’s dashboard is possibly its best asset. With its simple design, you’ll have no trouble finding your way around the tool and quickly identifying anomalies. Starting at around $4 500, the tool is more than affordable. And if you want to try it and see how it works in your environment, a free fully functional 30-day trial version is available for download.

Official Download Link:

2. Splunk Enterprise Security

Splunk Enterprise Security—or Splunk ES, as it is often called—is possibly one of the most popular SIEM systems. It is particularly famous for its analytics capabilities. Splunk ES monitors your system’s data in real-time, looking for vulnerabilities and signs of abnormal and/or malicious activity.

Splunk ES Risk Analysis

In addition to great monitoring, security response is another of Splunk ES’ strong suits. The system uses what Splunk calls the Adaptive Response Framework (ARF) which integrates with equipment from more than 55 security vendors. The ARF perform automated response, speeding up manual tasks. This will let you quickly gain the upper hand. Add to that a simple and uncluttered user interface and you have a winning solution. Other interesting features include the Notables function which shows user-customizable alerts and the Asset Investigator for flagging malicious activities and preventing further problems.

Splunk ES is truly an enterprise-grade product and that means that it comes with an enterprise-sized price tag. Pricing information is unfortunately not readily available from Splunk’s web site. You’ll need to contact the sales department to get a quote. Contacting Splunk will also allow you to take advantage of a free trial, should you want to try the product.

3. RSA NetWitness

Since 2016, NetWitness has focused on products supporting “deep, real-time network situational awareness and agile network response”. After being acquired by EMC which then merged with Dell, the NetWitness brand is now part of the RSA branch of the corporation. This is good news as RSA is a highly respected name in IT security.

RSA NetWitness is ideal for organizations seeking a complete network analytics solution. The tool integrates information about your organization which it uses to help prioritize alerts. According to RSA, the system “collects data across more capture points, computing platforms, and threat intelligence sources than other SIEM solutions”. The tool also features advanced threat detection which combines behavioral analysis, data science techniques, and threat intelligence. And finally, the advanced response system boasts orchestration and automation capabilities to help get rid of threats before they impact your business.

RSA NetWitness

One of the main drawbacks of RSA NetWitness as reported by its user community is that it’s not the easiest to set up and to use. There is, however, comprehensive documentation available which can help you with setting up and using the product. This is another enterprise-grade product and, as it is often the case, you’ll need to contact sales to get pricing information.

4. ArcSight Enterprise Security Manager

ArcSight Enterprise Security Manager helps identify and prioritize security threats, organize and track incident response activities, and simplify audit and compliance activities. It used to be sold under the HP brand but ArcSight has now been merged into Micro Focus, another HP subsidiary.

Having been around for more than fifteen years, the ArcSight Enterprise Security Manager is another immensely popular SIEM tools. It compiles log data from various sources and performs extensive data analysis, looking for signs of malicious activity. To make it easy to identify threats quickly, the tool lets you view analysis results in real-time.

ArcSight Command Center

As for the product’s features, it leaves nothing to be desired. It has powerful distributed real-time data correlation, workflow automation, security orchestration, and community-driven security content. The ArcSight Enterprise Security Manager also integrates with other ArcSight products such as the ArcSight Data Platform and Event Broker or ArcSight Investigate. This is another enterprise-grade product and as such, pricing information is not readily available. It will require that you contact the ArcSight sales team to get a customized quote.

5. McAfee Enterprise Security Manager

McAfee is definitely another household name in the security industry. It is, however, better known for its virus protection line of products. Unlike other products in this list, the McAfee Enterprise Security Manager is not just software, it is an appliance that you can get either as a piece of hardware or in a virtual form.

In terms of its analytics capabilities, the McAfee Enterprise Security Manager is considered to be one of the best SIEM tools by many. The system collects logs across a wide range of devices and its normalization capabilities are second to none. The correlation engine easily compiles disparate data sources, making it easier to detect security events as they happen.

McAfee Enterprise Security Manager

But to be true, there’s more to this McAfee solution than just its Enterprise Security Manager. To get a complete SIEM solution you also need the Enterprise Log Manager and Event Receiver. Fortunately, all products can be packaged in a single appliance. And for those of you who may want to try the product before you buy it, a free trial is available.

6. IBM QRadar

IBM is without a doubt one of the best-known names in the IT industry. It is no surprise then that the company has managed to establish its SIEM solution, IBM QRadar as one of the best products on the market. The tool empowers security analysts to detect anomalies, uncover advanced threats and remove false positives in real-time.

IBM QRadar boasts a suite of log management, data collection, analytics, and intrusion detection features. Together, they help keep your network infrastructure up and running. There is also risk modelling analytics that can simulate potential attacks.

IBM QRadar Dashboard

Some of IBM QRadar’s key features include the ability to deploy the solution on-premises or in a cloud environment. It is a modular solution and one can quickly and inexpensively add more storage or processing power as their needs grow. The system uses intelligence expertise from IBM X-Force and integrates seamlessly with hundreds of IBM and non-IBM products.

IBM being IBM, though, you can expect to pay a premium price for its SIEM solution. But if you need one of the best SIEM tools on the market and a tool which is backed by a solid organization, IBM QRadar might very well be worth the investment.

Read 6 Best ITIL Security Management Tools in 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter