Discovering hosts with TCP ACK ping scans
Similar to the TCP SYN ping scan, the TCP ACK ping scan is used to determine if a host is responding. It can be used to detect hosts that block SYN packets or ICMP echo requests, but it will most likely be blocked by modern firewalls that track connection states.
The following recipe shows how to perform a TCP ACK ping scan and its related options.
How to do it...
Open a terminal and enter the following command:
# nmap -sP -PA <target>
How it works...
A TCP ACK ping scan works in the following way:
Nmap sends an empty TCP packet with the ACK flag set to port 80
If the host is offline, it should not respond to this request
If the host is online, it returns an RST packet, since the connection does not exist
There's more...
It is important to understand that there will be cases when this technique will not work. Let's launch a TCP ACK ping scan against one of these hosts.
# nmap -sP -PA 0xdeadbeefcafe.com Note: Host seems down. If it is really up,...
