Nmap UDP Scan

Learn how the Nmap UDP scan works.

We'll cover the following

Nmap UDP scans are more detailed than TCP scans. Generally, TCP scans are used by Nmap to discover ports and services. On the other hand, UDP scans provide much more information regarding running services, rogue hosts, and identification of open UDP ports. Let’s look at how UDP scans work.

How UDP scans work

Unlike TCP, UDP is a connectionless protocol. This means that there’s no three-way handshake or establishing of a connection. There’s only a one-way data transfer when we send data to a UDP port. In a UDP connection, there’s no way to determine if the data reached the intended port. So, how exactly do we determine if a port is open or closed?

If a UDP port is open, we won’t get any response. However, if a UDP port is closed, the server will send an ICMP response saying, “Destination unreachable.” Nmap uses this feedback to determine if a port is open or closed. Here’s how it works:

Get hands-on with 1200+ tech skills courses.