Saturday, November 5, 2016

How to scan up UDP and TCP ports using Nmap

TCP / UDP port scan using Nmap

UDP is a connectionless protocol which means it basically just sends packets out to the specified destination. TCP is connection-oriented which means it establishes a connection to the other end using the ‘3-way handshake’.

So it makes sense to apply the ‘telnet’ paradigm to TCP – you make connection to a specific host and port, you still remain connected (for a period of time) even if you aren’t sending any data and you can send and receive data continuously without having to reconnect in between.

UDP on the other hand doesn’t really fit the telnet model – its more of a fire-and-forget system where you fire-off a series of packets towards the destination. You then go on with something else (or just wait doing nothing) until (or if) the remote process sends some packets back.

Note that UDP scanning is problematic because of the lack of a confirming SYN-ACK or other packet as with TCP. As such, many false positives can occur from UDP port scans


Example for UDP:
nmap -sU -p 3478 192.168.1.11

Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 20:43 EDT
Nmap scan report for example.com (192.168.1.11)
Host is up (0.096s latency).
PORT     STATE         SERVICE
3478/udp open|filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 1.17 seconds


Example for TCP:
nmap -sT -p 22 192.168.1.11
 
Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 20:43 EDT
Nmap scan report for example.com (192.168.1.11)
Host is up (0.096s latency).
PORT     STATE         SERVICE
ss/Tcp open|ssh
 
Nmap done: 1 IP address (1 host up) scanned in 1.17 seconds

Posted by at

8 comments:

Subscribe to: Post Comments (Atom)