These steps will help you to identify firewall using the Nmap:

1. To perform an Nmap firewall ACK scan, nmap should be called with the IP address specification, the destination port, and the -sA option:

2. On performing this scan on the Metasploitable2 system in my local network without routing the traffic through a firewall, the response indicates that the TCP port 22 (SSH) is unfiltered. A port-filtering assessment can be made on Nmap's 1,000 common ports by performing the same scan without providing a port specification:

3. When performed against the Metasploitable2 system on the local network that is not sitting behind any firewall, the results indicate that all scanned ports are unfiltered. If the same scan is performed against a target sitting behind a packet-filtering firewall, all ports are identified to be filtered except for ports where the firewall does not restrict traffic. When scanning a range of ports, the output only includes unfiltered ports.

4. To perform a scan of all possible TCP ports, all possible port address values must be scanned. The portions of the TCP header that define the source and destination port addresses are both 16 bits in length, and each bit can retain a value of 1 or 0. As such, there are 2¹⁶, or 65,536, possible TCP port addresses. To scan the total possible address space, a port range of 1-65535 must be supplied: