User Datagram Protocol (UDP)

TCP could be described as a very "needy" protocol. It requires a formal handshaking process, and it demands an acknowledgement for every byte of data that traverses the network.

UDP, however, is the polar opposite. Data that flows across the network with UDP at the helm might get to the other side, or it might not. We don't care! If we really cared enough about the data, we'd send it via TCP so that we'd know it successfully arrived on the other side of the network. It's not that the odds of UDP data getting to the other side are any different than TCP, but UDP doesn't expect a reply. Human beings sometimes interpret that kind of nonchalance as a lack of concern.


In reality, UDP is an extremely valuable protocol! For example, Voice over IP technology uses UDP extensively to send voice information across the network. Since voice information can't be retransmitted, the voice over IP designers realized that UDP is the perfect protocol. If one UDP voice packet is lost that contains a tenth of a second of information, the voice conversation can continue without missing too much of the conversation. Occasionally, the data won't even be missed!


UDP Ports
Just like TCP, UDP uses ports to determine where the data is going once it arrives at the destination. And, just like TCP, UDP ports are numbered between 1 and 65,535. However, TCP and UDP port numbers are unique to their individual protocols. A server that listens for TCP data on port 80 isn't going to accept UDP data on port 80. Most applications use one transport type or the other, but rarely both. If a server shows that port 143 is open, it's important to specify if it's TCP port 143 or UDP port 143. It might be both or it might be none, but it still must be specified.



The Non-existent UDP Handshake
UDP is a connectionless protocol, which means that it doesn't require a formal handshake to get the data flowing. A frame that contains UDP data simply communicates to another station without any prior warning or fanfare. Of course, the receiving station must be configured to receive data on the appropriate UDP port, but no formal handshaking process is required. To send UDP data, it's packaged up in an IP frame and sent on its way – no questions asked!


Internet Control Message Protocol (ICMP)

ICMP is the tattletale of the network. If there's something going on, you can bet that ICMP is going to be there to talk about it. ICMP is a multifaceted protocol that can identify an unreachable destination, redirect traffic to another network, identify routing loops, synchronize clocks, or identify when a router is overloaded.

ICMP is extremely helpful when nmap is scanning for available ports. If some UDP data is sent to another station using a port that's not available, an ICMP "port unreachable" message is usually sent back to the originating station as a notification that data using that particular port number isn't welcome here.

Nmap loves ICMP, because it's so obvious when a port isn't available. It's more difficult when ICMP is filtered or turned off, but nmap can still interpret network responses to determine which ports are open or closed. Since many smart organizations do not allow ICMP to flow through their firewall, it's not always available for nmap to use.

One of ICMP's many functions is to send 'echoes' from one station to another, usually with a program called ping. This functionality is useful when troubleshooting a device's availability. A station sending an ICMP echo request should receive an ICMP echo reply from the other station. By default, nmap sends an ICMP before scanning, although there are scanning options within nmap that can customize this functionality.