School of Computer Science Engineering and Information Systems

5Yr Integrated M.Tech(Software Engineering)

CSE3501 : Information Security Analysis and Audit
FALL 2024-2025

Digital Assignment – I
Name : Kaushik K
Reg . No : 21MIS0332

Introduction:
Fing is a flexible network scanning and monitoring program that may be used for a number of
tasks, including finding every device linked to a network and supplying information such as
MAC and IP addresses as well as device makers. It is frequently used for security audits,
bandwidth monitoring, intrusion detection, and network troubleshooting. Fing is an essential
tool in both residential and business settings since it assists in locating rogue devices or
illegal devices on the network. By examining open ports and keeping an eye on running
services, it makes network diagnostics possible. Additionally, users can optimise the network
for efficiency with the tool's ability to give network performance information. It also makes it
simpler to identify out-of-date hardware and software, which enhances overall performance
and security. Fing is available as a desktop and mobile software, enabling users to conduct
more thorough research on a computer or to scan and manage networks while on the go.

Users of The Tool :

Although a wide spectrum of people and organisations use Fing, network administrators, IT
security experts, and tech-savvy users make up the majority of its users.
Fing is used by network managers to keep an eye on network performance, diagnose
problems, and guarantee the best possible network security by identifying intrusions.
IT security experts utilise it to find susceptible devices or services, carry out security audits,
and find illegal network access.
Fing is also used by tech-savvy homeowners to administer and keep an eye on the operation
and security of their home network.
Small and medium-sized enterprises (SMBs) also utilise Fing to monitor their
infrastructure, maintain secure networks, and make sure that no rogue devices are interfering
with the system. Fing is also used by public agencies, corporate settings, and educational
institutions for effective and safe network management.

Advantages of Fing:
1. User-Friendly Interface: Fing offers an easy-to-use interface that makes network
scanning and management efficient for users of all technical skill levels.

2. Device Detection: It provides comprehensive details such as IP addresses, MAC

addresses, and manufacturers, precisely identifying any device linked to a network.

3. Security Audits: The tool facilitates the identification of vulnerable services and open
ports, which makes security audits easier to carry out.

4. Cross-Platform Availability: Fing gives customers the freedom to keep an eye on their
networks while they're on the go by being accessible on desktop and mobile platforms.

5. Bandwidth Monitoring: Users are able to monitor the amount of bandwidth used and
identify any devices or activities that might be causing the network to lag.
6. Fast Troubleshooting: Fing assists in identifying typical network problems including
sluggish connectivity, illegal devices, or incorrectly configured devices.

7. Real-Time Alerts (Premium): To improve security, Fing's premium edition sends out
real-time alerts whenever new devices connect to the network or when something
changes.
8. Historical Data (Premium): Long-term network performance can be understood by
using the historical data that Premium customers have access to.

9. Multipurpose: With scalability based on requirements, it can be used for home networks,
small enterprises, and even huge organisations.
10. Free Version: Fing is a great tool for infrequent users or small networks because it
comes with significant functionality even in its free edition.

Disadvantages of Fing:
1. Needs Technical Knowledge: Despite the tool's ease of use, some level of technical
knowledge is necessary to evaluate the data and take appropriate action.
2. Limited Features in the Free Version: The premium version is the only way to access
several sophisticated features, like real-time alerts and historical data.

3. No Active Penetration Testing: Fing's capacity to detect complex security concerns is

limited because it doesn't actively test or exploit vulnerabilities.

4. Passive Scanning: Deep vulnerability assessments are not performed by the program;
instead, it primarily focusses on passive network scanning.

5. Lack of Built-in Vulnerability Fixing: Although Fing finds vulnerabilities, it doesn't

automatically patch them or offer solutions; the user must perform explicit actions.

6. Premium Cost: For small-scale users or those who don't need advanced capabilities, the
premium version can be prohibitively costly.

7. Device Limitation: Fing's scalability may be limited in large networks with hundreds of
devices due to its subpar performance.

8. No Customisable Scans: Fing's flexibility is limited by its inability to run scans in

accordance with user-specified criteria or to customise them.

9. Limited Integration: Fing is less helpful for thorough IT infrastructure management

since it is difficult to integrate with other security or monitoring technologies.

10. Lack of Deep Packet Inspection: In order to thoroughly examine network traffic and
identify complex threats, Fing lacks deep packet inspection.

Open Source/Paid :
Fing has both paid and free versions available. For home users or small enterprises, the free
version is extremely effective since it provides basic network scanning, device detection, and
some necessary diagnostic features. Fing Premium, on the other hand, is a subscription
version that grants access to more sophisticated features including automated alerts about
possible problems, historical device data, enhanced notifications for network changes, and
deeper network analysis. This version is more suited for IT specialists and businesses that
need proactive network administration and continuous monitoring. Fing is a proprietary tool
created by Domotz, Inc.; it is not an open-source tool. Nonetheless, a lot of users can take
advantage of its essential services without needing to pay for a membership thanks to its free
tier offering.

Identifying Vulnerabilities Using Fing:

Consider a machine-hosted web server as an example of an application that runs on a network
in a house or workplace. The program would first scan the network and list every device—
including the web server—using Fing. The device's manufacturer, IP address, MAC address,
and the services (ports) that are operating on it would all be visible to the user. This allows
Fing to find any ports that are open and accessible from the network by the web server.
Important ports, like HTTP (80) or HTTPS (443), may be subject to brute force or DDoS
attacks if they are left open and unprotected. Fing may also signal a potential security risk if
the server or device's firmware is out of date. The network administrator or user can take
action, such blocking superfluous ports, upgrading firmware, or putting in additional security
layers like firewalls and encryption, by recognising these vulnerabilities. Although Fing alone
cannot solve these problems, it offers crucial insights that can help lessen their effects.

The Fing server is always showing error , it is under maintanance so couldn’t paste
screenshots