Standard Definition
Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal devices and await a response. Most network scanning today is used in monitoring and management, but scanning can also be used to identify network elements or users for attacks. [Source]
Simplified Analogy
The network scanner, as its name suggests, skims through the network in search of active devices. This is comparable to the way security guards use a handheld metal detector wand to find metallic objects on a person. The wand vibrates or beeps when it passes over a metal object, alerting the user to its presence. It doesn’t specify what the object is (a coin, a belt buckle, a dagger, etc.), but it notifies the security staff that there may be something metallic that needs to be examined more closely.
A network scanner operates in a similar manner by scanning a computer network for devices or vulnerabilities. It shows open ports (A port is like a door on a computer or device that allows communication in and out for specific purposes or services), active hardware, and any security threats. A network scanner, like the metal detector wand, doesn’t always delve deeply into the specifics of each vulnerability (that would be the responsibility of more specialist tools or a thorough manual inspection), but it does offer an alarm or indicator that something of interest or worry exists. Network scanning requires permission from the network’s owners; otherwise, it is unlawful.
Logs generated by network scanners can be used to show negligence. These logs can indicate a failure to take appropriate security precautions if vulnerabilities found in earlier scans weren’t fixed and a breach occurs. These logs can also serve as evidence of infiltration by recording illegal attempts and documenting the timeline of an attacker’s operations.