KB / Telemetry-Free Network Scanning
Telemetry-Free Network Scanning on Windows
Network scanners used to be simple: download an exe, scan your subnet, done. The popular "free" options have steadily moved away from that model, and the consequences show up at exactly the wrong time — on a client site, on a secured network, or during an audit.
What Changed With Free Scanners
- Cloud account requirements. Several well-known scanners now gate results behind a web dashboard login. Your network inventory — every device, hostname, and MAC on the client's LAN — transits someone else's servers.
- Heavy installers. MSI packages that install services, schedule background tasks, and add auto-updaters. On a managed endpoint this lights up EDR, and on a client machine it leaves residue you have to clean up.
- Telemetry. Usage analytics baked in with no off switch. For anyone working in a regulated or air-gapped environment this is disqualifying on its own.
- Feature gating. Export, scan history, and device detail moved behind subscriptions.
What a Scanner Actually Needs to Do
The core job has not changed in twenty years:
- Sweep a CIDR range with concurrent ICMP and ARP — a /24 should finish in seconds
- Resolve hostnames and MAC addresses
- Identify the vendor from the MAC OUI so an unknown IP becomes "Synology NAS" or "Cisco switch" instead of a mystery
- Export the results in a format you can attach to documentation — CSV or JSON
None of that requires the internet, an account, or a service running in the background.
The Portable-Binary Approach
A compiled native binary solves the operational problems directly:
- No installation — runs from a folder or USB stick, leaves nothing behind
- Fully offline — no data leaves the machine; usable in air-gapped environments
- Instant start — no service dependencies, no first-run setup
- Code signed — a verified publisher signature means SmartScreen and EDR can attribute the binary rather than flagging an unknown executable
SubnetSweep — Portable Windows Network Scanner
Native compiled binary. Scans any subnet in seconds, identifies vendors by MAC, keeps scan history, exports CSV/JSON. Runs entirely offline — no account, no telemetry, no installer. Free to use with nothing locked.
See SubnetSweep →
Practical Notes for Client Site Scans
- Always get written authorization before scanning a network you do not own — a ping sweep is harmless but IDS systems log it.
- ARP resolution only works on the local broadcast domain. Across VLANs you will see IPs respond but MAC/vendor data only for the local segment.
- Save the scan before you leave the site. Comparing a saved baseline against a later scan is the fastest way to spot new or missing devices.