As mentioned in many books, including this one, people often forget about UDP. Often, this is partly because the response from scans against UDP services often lies. Return data from tools such as
scapy can provide responses for ports that are actually open, but reported as
As an example, research on a host indicates that a TFTP server may be active on it based on the descriptive banner of another service, but scans using
nmap point to the port as
The following figure, shows the response for the UDP service TFTP as open|filtered, as described preceding, even though it known to be open:
This means that the port may actually be open, ...