-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Nmap 6: Network Exploration and Security Auditing Cookbook

Similar to the TCP SYN ping scan, the TCP ACK ping scan is used to determine if a host is responding. It can be used to detect hosts that block SYN packets or ICMP echo requests, but it will most likely be blocked by modern firewalls that track connection states.
The following recipe shows how to perform a TCP ACK ping scan and its related options.
Open a terminal and enter the following command:
# nmap -sP -PA <target>
A TCP ACK ping scan works in the following way:
Nmap sends an empty TCP packet with the ACK flag set to port 80
If the host is offline, it should not respond to this request
If the host is online, it returns an RST packet, since the connection does not exist
It is important to understand that there will be cases when this technique will not work. Let's launch a TCP ACK ping scan against one of these hosts.
# nmap -sP -PA 0xdeadbeefcafe.com Note: Host seems down. If it is really up,...
Change the font size
Change margin width
Change background colour