Usage
Scanning
TCP SYN-ACK

TCP SYN-ACK

The SYN-ACK probe targets hosts that may have existing TCP connections by sending forged SYN-ACK packets. Any RST or ACK response indicates activity on the probed port.

rmap scan --path targets.txt tcp-syn-ack --port 80 \
  --output-file synack.csv --columns target,port,tcp_flags,alias

Configuration

  • --port <u16> – destination port to probe (default 80).

Tags emitted

  • port – source port from the response.
  • tcp_flags – hex representation of the responder’s TCP flags.
  • alias / alias_prefix – dealiaser verdict.

SYN-ACK probing is noisier than regular SYN scans and should be used sparingly due to potential IDS triggers.

UDPDNS