I'm working on a forensics case where I have multiple memory scrapes with strange volatility output. This has down some rabbit holes and I'm at the point where signs are pointing to anti-forensics. This has led me to dig into how pool tag scanning works and I've found several articles referencing a apparently still yet unreleased (mentioned in 2014, and 2016) Volatility plugin called TCPScan which uses an alternative method (which uses methods that are not detailed).

You can find references to the plugin here: