Discovering hosts with TCP ACK ping scans
Similar to the TCP SYN ping scan, the TCP ACK ping scan is used to determine if a host is responding. It can be used to detect hosts that block SYN packets or ICMP echo requests, but it will most likely be blocked by modern firewalls that track connection states because it sends bogus TCP ACK packets associated with non-existing connections.
The following recipe shows how to perform a TCP ACK ping scan and its related options.
How to do it...
Open your terminal and enter the following command:
# nmap -sn -PA <target>
The result is a list of hosts that responded to the TCP ACK packets sent, therefore, online:
# nmap -sn -PA 192.168.0.1/24
Nmap scan report for 192.168.0.1
Host is up (0.060s latency).
Nmap scan report for 192.168.0.60
Host is up (0.00014s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 6.11 seconds
How it works...
The -sn
option tells Nmap to skip the port scan phase and only perform host discovery. And...