I take it then that a node cannot 'request' transactions in the mempool over the network to cross check against? I guess this could be used to drain resources/ddos.
If I'm not wrong, as per BIP35, nodes can send a mempool message to each other for updates to their own mempool.
A node could send a mempool message to the other nodes for information of their mempool. The response will be an inv message which gives a full list of the TXID in the mempool.