nerdexam
GIAC

GCIH · Question #652

Why is a nmap ACK scan useful for network mapping?

The correct answer is C. Different systems respond differently to an unsolicited ACK packet for open or closed ports. An nmap ACK scan sends unsolicited ACK packets to probe firewall rules and host behavior, not to determine open or closed ports directly.

Reconnaissance, Scanning, and Enumeration

Question

Why is a nmap ACK scan useful for network mapping?

Options

  • AIt includes application-specific payloads for certain ports
  • BThe entire TCP handshake is completed for each port in the scan
  • CDifferent systems respond differently to an unsolicited ACK packet for open or closed ports
  • DIt tries to determine the version number of the program discovered on the listening port

How the community answered

(36 responses)
  • A
    6% (2)
  • B
    3% (1)
  • C
    83% (30)
  • D
    8% (3)

Why each option

An nmap ACK scan sends unsolicited ACK packets to probe firewall rules and host behavior, not to determine open or closed ports directly.

AIt includes application-specific payloads for certain ports

ACK scans send bare TCP ACK packets with no application-layer payload - payload delivery is done by application-layer probes, not ACK scans.

BThe entire TCP handshake is completed for each port in the scan

Completing the full TCP three-way handshake describes a TCP connect scan (-sT), not an ACK scan, which deliberately sends only the ACK flag.

CDifferent systems respond differently to an unsolicited ACK packet for open or closed portsCorrect

When an unsolicited ACK packet arrives, unfiltered hosts (or stateless firewalls) typically respond with a RST, while stateful firewalls silently drop it. This behavioral difference allows the scanner to distinguish filtered from unfiltered ports and map firewall rule sets, which is the primary utility of an ACK scan.

DIt tries to determine the version number of the program discovered on the listening port

Version detection is a separate nmap feature triggered with the -sV flag and operates after port discovery, not during an ACK scan.

Concept tested: nmap ACK scan for firewall rule mapping

Source: https://nmap.org/book/scan-methods-ack-scan.html

Topics

#nmap ACK scan#firewall detection#network mapping#TCP scanning

Community Discussion

No community discussion yet for this question.

Full GCIH Practice