05. Nmap TCP Connect and UDP Scan

1. nmap -sT 192.168.0.1

Purpose: TCP Connect Scan
Explanation:
- -sT: Performs a TCP Connect Scan, which completes the full 3-way handshake (SYN, SYN-ACK, ACK) with the target.
- It checks for open TCP ports by establishing a full connection.
- This is a reliable method of port scanning but easily detectable by firewalls and intrusion detection systems (IDS) because the connections are fully established.
- If a port is open, the connection is successful. If the port is closed, the target responds with an RST packet.
Use Case:
- Used when SYN scan (-sS) cannot be performed, such as when running Nmap without root or administrative privileges.
- Commonly used for identifying open services on a target machine.
Disadvantages:
- Slower than SYN scans as it requires completing the handshake.
- More likely to be logged by the target system.

2. nmap -sU 192.168.0.1

Purpose: UDP Scan
Explanation:
- -sU: Performs a UDP scan to identify open UDP ports on the target.
- Unlike TCP, UDP is a connectionless protocol, so Nmap sends a UDP packet to each target port and waits for a response:
  - If no response is received, the port is considered open or filtered.
  - If an ICMP Port Unreachable message is received, the port is closed.
- Since UDP is stateless, responses can take longer, making the scan slower than TCP scans.
- This scan helps find services like DNS (UDP port 53), SNMP (UDP port 161), and DHCP.
Use Case:
- Used to identify UDP-based services running on the target.
- Useful for scanning servers where UDP services are expected to be open.
Disadvantages:
- UDP scans are slower and more resource-intensive.
- Firewalls can easily block or filter UDP packets, leading to false positives (ports being marked open/filtered).

Option	Purpose	Protocol	Behavior	Speed	Detectability
`-sT`	TCP Connect Scan	TCP	Completes 3-way handshake with target	Faster	Easily detectable
`-sU`	UDP Scan	UDP	Sends UDP packets, waits for response	Slower	Less detectable