Skip to content
  • There are no suggestions because the search field is empty.

What is the difference between TCP SYN and TCP SYN + ACK in a scan profile?

This article explains the difference between the TCP SYN and TCP SYN + ACK host discovery methods available in scan profile settings. 

TCP SYN

The TCP SYN Ping sends a connection-like request to a port, receiving a reset (RST) for closed ports or an SYN/ACK for open ones. The scanner marks the host as responsive, regardless of port status.

TCP SYN + ACK

TCP ACK method sends an acknowledgment (ACK) for non-existent data, triggering an RST response revealing the host's presence. If no response is received back, the scanner will also try the TCP SYN method.

 Both methods allow the Scanner Appliance to navigate different firewall setups, increasing the chances of successful host discovery in diverse network environments. 

If your firewall is configured to respond on behalf of protected IPs, TCP SYN/ACK methods may falsely identify dead hosts as alive. In that case, try switching to ICMP ping instead, or adjust the firewall to let the scanner reach the actual targets.