Four Types of Nmap Scans Every Beginner Should Know (Part-2)

This is the second part of Four types of nmap scans every beginner should know and you can read the first part here. I have discussed TCP and TCP connect scan there in that post and if you didn’t read it then first go and read it

Ping Scan(-sP)

Ping scan is a normal scan that you can perform without using nmap i.e.. with your default terminal in Linux or Unix based systems and from cmd in Microsoft Windows systems.

  • Must Read: What is ICMP ? How does it work?

This scan only gives you information about the up or down status of the target. It just sends the ICMP echo request and if the system is up and running it will get reply, ICMP echo reply. If the system is down then you won’t get any reply.

The syntax for ping scan


  • No need any privileges. You can run from an account
  • Takes very less time because it won’t scan all the ports but just scan the status of the target


  • Very less information
  • Maximum servers blocks ping requests

UDP Scan(-sU)

UDP is very important protocol because streaming protocols use UDP protocol to communicate.

UDP scan is the only scan that identifies the UDP ports of the target. As UDP won’t have any handshakes nmap finds some difficulty to find the closed and filtered port

Must Read: What is UDP? How does it work?


Open Port: When nmap tries to connect to UDP open port then it will get ICMP reply from the target if it has two-way traffic but if it is one-way traffic then it won’t get a reply and this makes somewhat difficult for nmap to identify

Open port on two way traffic upon one-way traffic

Closed and filtered port: When nmap tries to connect to closed or filtered port then it will get ICMP reply that port is not available but if it is filtered then it won’t get any reply and this makes again difficult for nmap to identify

For closed port not for filtered port


  • It is the only scan that identifies UDP ports


  • Results are not accurate