So far we've mentioned UDP services, but haven't talked about how to actually scan them. UDP services are connectionless, which makes scanning them more difficult than traditional port scans—sometimes connections need to be protocol based in order to receive any response, and even when most services receive an actual response, it can take a large amount of time—in other words, scanning UDP services is generally slower and less reliable than their TCP counterparts.

That said, though, it's very important to be able to scan services that only listen on UDP. Many VPNs, for example, have their listening ports as UDP only. NTP and DNS, similarly, often listen exclusively on UDP ports. For this reason, it's important to understand ...