# nmap -f <IP>
Most firewalls and IDS detect fragmented packets.
nmap --mtu command allows for specifying offset size (has to be a multiple of 8). This is similar to the packet
fragmentation technique. During the scan, nmap creates packets of that size, causing confusion to the firewall.
# nmap --mtu [MTU] <IP>
# nmap -D RND:[number] <IP>
Idle zombie scan:
# nmap -sI [zombie] <IP>
Manually specify a source port:
# nmap --source-port [port] <IP>
Append random data:
# nmap --data-length [size] <IP>
Randomize target scan order:
# nmap --randomize-hosts <IP>
Spoof MAC address:
# nmap --spoof-mac [MAC|0|vendor] <IP>
Send bad checksums:
# nmap --badsum <IP>
badsum command deploys an invalid TCP/UDP/SCTP checksum for packets transmitted to the target. Practically every
host IP stack will correctly drop the packets, so each response accepted is possibly originating from a firewall or
Intrusion Detection System that was not concerned with confirming the checksum.