Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,900 --> 00:00:01,790 UDP scan 2 00:00:04,610 --> 00:00:08,060 so we in our previous lessons we discussed the UDP scan. 3 00:00:09,280 --> 00:00:14,440 Most of the services that are popular in server systems run over DCP protocol. 4 00:00:14,460 --> 00:00:21,540 However UDP services are also widely used so DNS. 5 00:00:21,550 --> 00:00:33,720 Port 53 as an MP ports 161 and 162 and DHL GP port 67 and 68 are the most commonly used services UDP 6 00:00:33,720 --> 00:00:41,420 scanning is generally slower and it's more difficult than DCP scanning so for this reason some security 7 00:00:41,420 --> 00:00:51,310 controllers kind of ignore these ports extensible UDP services are common therefore this is an error 8 00:00:51,340 --> 00:01:00,820 because attackers do not ignore the entire protocol so in order to scan UDP within map we will need 9 00:01:00,820 --> 00:01:04,540 to add the as you parameter to the map command. 10 00:01:05,870 --> 00:01:15,010 And it can be combined with a DCP scan type just as the Sen scan as s to control both protocols using 11 00:01:15,010 --> 00:01:16,870 the same scan. 12 00:01:17,190 --> 00:01:26,560 Sound good a UDP scan works by sending a UDP packet to each targeted port and for most ports this packet 13 00:01:26,560 --> 00:01:27,720 will be empty. 14 00:01:27,730 --> 00:01:34,900 That means no load but a protocol specific data payload will be sent for several of the more common 15 00:01:34,900 --> 00:01:47,070 ports now for different situations can occur when we scan UDP with an map and these will be open status. 16 00:01:47,070 --> 00:01:50,730 That's when any map sends UDP packet to the target system. 17 00:01:50,870 --> 00:01:58,470 If the UDP response is sent from the destination system that means that the destination port is open 18 00:02:00,710 --> 00:02:02,750 and a closed status. 19 00:02:02,750 --> 00:02:09,350 So when map sends a UDP packet to the target system and if the ICMP port from the destination system 20 00:02:09,710 --> 00:02:17,660 sends an unreachable error response that just means that the destination port is closed an operation 21 00:02:17,690 --> 00:02:28,970 cannot be performed filtered status and map sends a UDP packet to the target system and if the ICMP 22 00:02:28,970 --> 00:02:35,910 sends unreachable areas from the target system the destination port is filtered to the port is open 23 00:02:35,940 --> 00:02:37,320 but it cannot be operated. 24 00:02:38,040 --> 00:02:49,970 It's likely that security software is being audited by open filtered condition and map sends a UDP packet 25 00:02:49,970 --> 00:02:56,360 to the target system and if there is no response from the target system for a certain period and map 26 00:02:56,600 --> 00:03:05,590 accepts this port as open filtered that just means it cannot decide whether the port is open or closed 27 00:03:06,310 --> 00:03:10,670 but still an operation cannot be performed. 28 00:03:10,690 --> 00:03:15,750 So now let's do a simple UDP scan here's the example. 29 00:03:15,940 --> 00:03:25,360 We'll do a UDP top 10 port scan on the Metis portable server we install to we open a virtual box open 30 00:03:25,390 --> 00:03:33,770 Kelly Linux open meadows loyal and log in Kelly Linux VM and open up terminal and write this command 31 00:03:34,440 --> 00:03:48,080 and map and zero to two to four as you top port 10 reason as V and press enter and there are your scan 32 00:03:48,080 --> 00:03:50,080 results. 33 00:03:50,200 --> 00:03:59,460 So as you can see that time is too long for the DCP scan and map UDP scan the top 10 ports listed the 34 00:03:59,460 --> 00:03:59,970 results. 3951