While performing an external penetration test, you want to map which TCP ports are allowed through a stateful inspection firewall without triggering the IDS that logs connection attempts based on the three-way handshake. You decide to send a single probe that looks like part of an existing conversation so the firewall will forward it, and rely on the target host-not the firewall-to reply with RST packets for ports that are actually reachable. Which Nmap scan type best fits this requirement?
A TCP ACK scan (-sA) sends packets with only the ACK flag set, making them appear to belong to an established connection. Because most stateful firewalls create state entries only when they see a SYN flag, an unsolicited ACK often slips through the rule set. If the packet reaches the target, the host replies with RST, showing that the port is unfiltered. If no response arrives, the firewall likely blocked the probe, so the port is marked filtered. Other scans such as SYN half-open (-sS), NULL (-sN), and FIN (-sF) are designed to determine a port's open/closed state on the host, not to map firewall rules, and therefore do not provide the same information about which ports the firewall passes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a stateful inspection firewall work?
Open an interactive chat with Bash
What is the significance of the RST packet in the ACK scan?
Open an interactive chat with Bash
What makes TCP SYN scans different from TCP ACK scans?
Open an interactive chat with Bash
What is a stateful inspection firewall?
Open an interactive chat with Bash
How does a TCP ACK scan work?
Open an interactive chat with Bash
Why wouldn’t SYN half-open scans (-sS) work for this scenario?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .