Most vulnerability scanners will operate by evaluating a number of different responses to attempt to determine whether a system is vulnerable to a specific attack. In some cases, a vulnerability scan may be as simple as establishing a TCP connection with the remote service and identifying a known vulnerable version by the banner that is self-disclosed. In other cases, a complex series of probes and specially crafted requests may be sent to a remote service in an attempt to solicit responses that are unique to services that are vulnerable to a specific attack. Nessus sequences a large number of tests together to attempt to generate a complete picture of the attack surface for a given target.