This is the twelfth post detailing my notes on Nmap Network Scanning.
This scan is identical to the TCP ACK Scan (-sA) except instead of reporting “unfiltered” for returned RST packets, it examines the TCP Window value to determine the state of the port:
TCP RST Response with non-zero window field = Open
TCP RST Response with zero window field = Closed
No response = Filtered
ICMP unreachable error (type 3, code 1, 2, 3, 9, 10 or 13) = Filtered
Here’s the scan:
~# nmap -sW scanme.nmap.org
Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-07 19:03 BST
Nmap scan report for scanme.nmap.org (74.207.244.221)
Host is up (0.048s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
554/tcp closed rtsp
7070/tcp closed realserver
Same results as the ACK scan except both port 554 and 7070 reported closed rather than filtered.