nmap UDP Port Scan Example

By | 2012/06/13

By default nmap performs a TCP scan only. I’ll show you how to scan for UDP ports with nmap!

The syntax is

$ sudo nmap -sU -p port target


$ sudo nmap -sU -p 3478

Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 20:43 EDT
Nmap scan report for example.com (
Host is up (0.096s latency).
3478/udp open|filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 1.17 seconds

Note that UDP scanning is problematic because of the lack of a confirming SYN-ACK or other packet as with TCP. As such, many false positives can occur from UDP port scans.

3 thoughts on “nmap UDP Port Scan Example

  1. jamie

    sometimes you gotta use -PN also to skip host discovery.

    basically, pretend the host is up before you get started.

    think of a nat/firewall that drops everything BUT port 53 for DNS queries which are port-forwarded to the actual DNS server inside the LAN.

    nmap will figure host is down since the firewall said so, and you don’t know the dns server from the firewall from the WAN perspective.

  2. Jafar

    Ports can also be specified by name according to what the port is referred to in the nmap-services. You can even use the wildcards * and ? with the names. For example, to scan FTP and all ports whose names begin with “http”, use -p ftp,http*. Be careful about shell expansions and quote the argument to -p if unsure.


Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.