There are various methods we can use to scan for hosts on internal or external networks. We will explore some of these in detail. We will use nmap for several examples in this section. TCP port scans are default within nmap as most of our well-known servers running using TCP. However, from a penetration standpoint, there are some very useful UDP ports that might be open that could provide us with attack vectors such as SNMP.