Networking Protocols with Nmap

There are four types of protocols IP, UDP, TCP, ICMP and these are the protocols that are used by Nmap to perform scans on any target.

IP – Internet Protocol

TCP – Transmission Control Protocol

UDP – User Datagram Protocol

ICMP – Internet Control Message Protocol

What is a Protocol?

We are talking about protocols and about some heck around here but before we proceed let’s discuss what actually protocol is?

The protocol is nothing but a connection between two devices for a certain period of time.  This is the basic definition but if you want in deep we are going to discuss them in later posts.

IP is a 32-bit number that is managed by IANA. TCP and UDP are two different types of protocols that are used to transfer data. Remember protocol is a connection it is not a direct link. It is used to transfer data in the form of packets. Finally, ICMP is a type of protocol where there won’t be any transfer of data but how it is helpful? I am going to explain it clearly to you.


As I informed your protocol is a connection between two devices. It is nothing but an address from origin to destination, for example, our system is the origin and the web server is the destination or vice versa. It is a 32-bit number.


IP has the address to transfer from origin to destination but who is responsible for that information? Who will receive the packets and who will send the packets? Off course sever and our system. In a system, there are 65,535 ports which are simply called doors. The packets will be delivered to these doors. In TCP connection when a data is sent by the system to another system then the receiver ones will send the reply that the packet is received and the sent packet consists of all the details of the ports. TCP will send the reply if that is in the correct order. So Nmap takes advantage of this and sends the packets whenever the packets are received from the target it concludes that the particular port is open. In general port 80 is HTTP or web traffic port so this port is not filtered. This port is considered to be a special port.


This is another important protocol that helps to transfer data but the difference is it won’t bother about the delivery report. In TCP there will be the confirmation report about the packet that it is received wherein UDP this is not present.

If a port 80 is open for TCP that means it is not surely open for UDP also. Very rarely both protocols are possible at a single port. When Nmap performs scans it says about the port is open or closed and if it is open to which one either TCP or UDP. UDP sends no reply but how it can be declared? It is the magic of ICMP.


ICMP performs a much more important task in protocol networking. It is a multitasking protocol that can identify the unreachable destination, can redirect traffic and also identifies when the system is overloaded. When Nmap sends to the UDP unavailable port then ICMP sends the reply that the port is not available. Unfortunately, many of the systems are filtered to ICMP. Still, Nmap is capable of determining ports using ping.

Nmap Process

Nmap goes on a four-step process to determine the ports of the target

  1. The IP address, you can also use the domain name. There is no such device without an IP address. This step is called DNS lookup.
  2. Nmap confirms whether the device really exists or not. To do this Nmap sends a series of packets when it got any response it will continue the task. This step is called Nmap ping process.
  3. This step gives the hostname according to the IP address. This process is called reverse DNS lookup.
  4. Final Nmap scan for finding ports, version whatever…