One of the things we love most about Nmap is the fact that it works for both TCP and UDP protocols. And while most services run on TCP, you can also get a great advantage by scanning UDP-based services. Let’s see some examples.

Standard TCP scanning UDP scanning results using “-sT” :

[root@mmz:~]nmap -sT 192.168.8.110
Starting Nmap 7.60 ( https://nmap.org ) at 2018-10-01 09:33 -03
Nmap scan report for 192.168.8.110
Host is up (0.58s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
1900/tcp open upnp
20005/tcp open btx
49152/tcp open unknown
49153/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 1.43 seconds

UDP scanning results using “-sU” parameter:

[root@mmz:~]nmap -sU 192.168.8.110
Starting Nmap 7.60 ( https://nmap.org ) at 2018-10-01 09:37 -03
Nmap scan report for 192.168.8.110 (192.168.8.110)
Host is up (0.000021s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 997 closed ports
PORT STATE SERVICE
68/udp open|filtered dhcpc
111/udp open rpcbind
5353/udp open|filtered zeroconf