Which flag performs an ACK scan?

An ACK scan probes how a host or its firewall handles traffic by sending TCP packets with the ACK flag set, rather than trying to open a connection. The idea is to see if the network devices respond in a way that reveals filtering. If a port is unfiltered, you’ll typically see a reset (RST) response, indicating the port is reachable. If a firewall is filtering, you often get no response. This pattern lets you map firewall rules and distinguish filtered versus unfiltered ports without confirming open/closed state. The flag used to perform this kind of probe in many scanners is the one that sends ACK packets, written as -sA. Other scan types use different flags and aim at different behaviors (for example, SYN scans, TCP connect scans, or scans that rely on unusual flag combinations), so they don’t serve the same firewall-mapping purpose as the ACK scan.