One of the things we love most about Nmap is the fact that it works for both TCP and UDP protocols. And while most services run on TCP, you can also get a great advantage by scanning UDP-based services. Lets see some examples.

Standard TCP scanning output:

[root@mmzacademy:~]nmap -sT 192.168.1.1Starting Nmap 7.60 ( https://nmap.org ) at 2018-10-01 09:33 -03Nmap scan report for 192.168.1.1Host is up (0.58s latency). Not shown: 995 closed ports PORT STATE SERVICE80/tcp open http1900/tcp open upnp20005/tcp open btx49152/tcp open unknown49153/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 1.43 seconds

UDP scanning results using -sU parameter:

[root@mmzacademy:~]nmap -sU localhost Starting Nmap 7.60 ( https://nmap.org ) at 2018-10-01 09:37 -03Nmap scan report for localhost (127.0.0.1) Host is up (0.000021s latency). Other addresses for localhost (not scanned): ::1Not shown: 997 closed ports PORT STATE SERVICE68/udp open|filtered dhcpc111/udp open rpcbind5353/udp open|filtered zeroconf