When an information system is able to interact over the network, he is always giving some information about him. Attackers are looking for information in order to focus their attacks. Scanning is playing an important role in the process of network discovery for the end-user but also for potential attackers.
Network scanning is not exact science
Internet Control Message Protocol.
Not always filtered as some are required by RFCs and/or for proper operation.
Based on the result of TTL :
UDP requires a different approach to compare to TCP. As UDP is stateless, you have one way to check UDP port open :
* sending a UDP packet to a random port and waiting for an ICMP "destination port unreachable" type 3 code 3 * If there is an ICMP "destination port unreachable", there is no UDP service listening. * If you got no reply, there is probably a UDP service listening.
A lot of firewalls are filtering specific ICMP messages and the result of UDP scanning may vary from time to time.
If you know the UDP services targeted, you also use correct message to get reply. This approach is often giving more feedback.