What is the difference between TCP SYN and TCP SYN + ACK in a scan profile?

In this article we will take a look at a very specific option in the scan profile, regarding TCP SYN and TCP SYN + ACK.

In every scan that is done a discovery scan is conducted to see which hosts are active and which ones are inactive.

One of the steps in the discovery scan is to run TCP handshakes to determine a fingerprint of every host. TCP SYN + ACK is the standard for our scan profiles, however this might need to be adjusted.

Depending on firewall configurations and other circumstances you may sometimes want to use a different handshake method. Then you can change it to TCP SYN instead.

An example case of where you might want to change this option, is when there are assets created even for non responding IPs because of the firewall configuration.  

Have more questions? Submit a request


Please sign in to leave a comment.