Goal: Bypass security controls to reach the target or map the network rules without getting blocked.
| Flag | Function | Description |
|---|---|---|
| -sA | ACK Scan | Sends ACK packets. Used to map firewall rules (Filtered vs. Unfiltered). |
| -D RND:5 | Decoys | Sends packets from 5 random IPs + your real IP to confuse IDS. |
| -S <IP> | Spoof IP | Sets the source IP address (impersonate another host). |
| --source-port 53 | Source Port | Sets source port to 53 (DNS). Often bypasses firewalls. |
| -g 53 | Source Port | Short alias for --source-port. |
| -f | Fragment | Splits packets into tiny fragments to evade packet inspection. |
| --mtu <8,16..> | MTU | Manually sets the packet size for fragmentation (must be multiple of 8). |
If you don't get much detail using -O use -sC
And don't forget to perform UDP scans