This scan is done across a wide range of TCP, UDP (and other transport layer protocols if desired such as SCTP).
Information security personnel may perform service scans to reduce risk.
For example, a service scanner may be configured to only search for Microsoft SQL Servers on TCP ports from 1 to 50,000 on all of the devices in an enterprise private network.
[8] An attacker may also use a service scanner to find open administrative ports such as Telnet on TCP/21 and SSH on TCP/22.
Once an attacker finds those ports they may then attempt to gain access to those devices by guessing usernames and passwords.