Which option enables UDP port scanning in Nmap, and what is a common drawback compared to TCP scanning?

• A. Use -sU; UDP is slower and many hosts don't respond, leading to timeouts.
• B. Use -sT; UDP is faster and always reliable.
• C. Use -sS; UDP scanning triggers IDS more often.
• D. Use -sV; UDP ports always indicate services when scanned.

Answer: (A)

UDP port scanning in Nmap is performed with the -sU option. The essential idea here is why UDP scans tend to be slow and less definitive. UDP is a connectionless protocol with no handshake to confirm an open port. Many hosts simply drop UDP probes or only reply with an ICMP Port Unreachable message after a delay. If there’s no usable response, Nmap must wait for timeouts to decide the port’s state, which makes UDP scans much slower and often yields ambiguous results (like open|filtered). This slow, uncertain behavior is the main drawback compared to TCP scanning, where the protocol provides clearer, faster signals about whether a port is open, closed, or filtered through responses to TCP connections or SYNs.