UDP Ping (-PU [portlist])A UDP ping is a departure from the other ping types because it uses UDP frames to communicate between devices. Since most of the other ping types focus on TCP frames, the UDP ping can assist in locating active devices through firewalls that the other ping types might not discover.
UDP Ping Operation
The UDP ping attempts to locate a remote device by sending a single UDP frame to the remote device. If an ICMP port unreachable message is returned, a system is alive on the other end:
Source Destination Summary -------------------------------------------------------------------------------------- [192.168.0.5] [192.168.0.3] UDP: D=31338 S=42560 LEN=8 [192.168.0.3] [192.168.0.5] ICMP: Destination unreachable (Port unreachable)If no response is received, it's assumed that the remote system is unavailable. This could be an incorrect assumption if an open UDP port is probed, because many UDP applications don't send a response to any random incoming frame. If possible, the UDP ping should be sent to a port number that is presumed to be closed.
This ping will only run as a privileged user. If this ping is run as a non-privileged user, this amusing message is displayed:
Sorry, UDP Ping (-PU) only works if you are root (because we need to read raw responses off the wire) and only for IPv4 (cause fyodor is too lazy right now to add IPv6 support and nobody has sent a patch)
The UDP ping can specify individual port numbers delimited with commas. If a port is not specified, UDP port 31338 is used by default.
The UDP ping is simple and innocuous. The single UDP ping frame blends well with other network traffic, and the UDP ping process requires very little network interaction.
Disadvantages of the UDP Ping
The UDP ping relies heavily on ICMP. If ICMP is filtered, there will be no response to the UDP ping.
Not all applications will reply to a random UDP frame that appears on its open port. It's recommended that the UDP ping intentionally use an unavailable port as a destination to ensure a response from the remote station.
The UDP ping only runs as a privileged user, and there are no UDP-based ping alternatives for non-privileged nmap users.
When to use the UDP Ping
The UDP ping is useful when the link between the nmap station and the remote device is not filtered, since packet filters will often drop the ICMP replies. If ICMP can't traverse the network link, this ping type will have limited effectiveness.
It's also important to use UDP ports that are not in use, which can be a challenge when traversing firewalls. If UDP is going to be open through a firewall, it will be to an open service port. However, we don't usually want this ping to use an open UDP port. This limits the effectiveness of this ping through a packet filter or firewall.