GCIH · Question #652
Why is a nmap ACK scan useful for network mapping?
The correct answer is C. Different systems respond differently to an unsolicited ACK packet for open or closed ports. An nmap ACK scan sends unsolicited ACK packets to probe firewall rules and host behavior, not to determine open or closed ports directly.
Question
Why is a nmap ACK scan useful for network mapping?
Options
- AIt includes application-specific payloads for certain ports
- BThe entire TCP handshake is completed for each port in the scan
- CDifferent systems respond differently to an unsolicited ACK packet for open or closed ports
- DIt tries to determine the version number of the program discovered on the listening port
How the community answered
(36 responses)- A6% (2)
- B3% (1)
- C83% (30)
- D8% (3)
Why each option
An nmap ACK scan sends unsolicited ACK packets to probe firewall rules and host behavior, not to determine open or closed ports directly.
ACK scans send bare TCP ACK packets with no application-layer payload - payload delivery is done by application-layer probes, not ACK scans.
Completing the full TCP three-way handshake describes a TCP connect scan (-sT), not an ACK scan, which deliberately sends only the ACK flag.
When an unsolicited ACK packet arrives, unfiltered hosts (or stateless firewalls) typically respond with a RST, while stateful firewalls silently drop it. This behavioral difference allows the scanner to distinguish filtered from unfiltered ports and map firewall rule sets, which is the primary utility of an ACK scan.
Version detection is a separate nmap feature triggered with the -sV flag and operates after port discovery, not during an ACK scan.
Concept tested: nmap ACK scan for firewall rule mapping
Source: https://nmap.org/book/scan-methods-ack-scan.html
Topics
Community Discussion
No community discussion yet for this question.