Originally posted here by Java_Jimsta
Does port scanning involve sending ICMP requests to check if ports are open?
No, it does not. There is no ICMP message to check whether a port is open. Instead, the scanner just starts to make a normal connection request to that port. For TCP, this means trying to connect to it (they don't always go all the way though, some "hang up" half way through establishing a connection). For UDP, it typically means sending an empty packet to the port (as there are no connections on UDP).

For TCP, the responses is either a SYN|ACK, which means the port is open, a RST which means the port is closed, or nothing which means, well, nothing.

For UDP, the possible responses are:
- Nothing - which *could* indicate the port is open and the application doesn't respond to empty datagrams.
- An ICMP port unreachable message - which *should* indicate the port is closed
- A UDP response - which indicates that you've hit a service which responds to empty datagrams.

UDP scanning is fairly unreliable because you can't distinguish a firewalled port and an open one in most cases.

Slarty