4. Scan beyond Firewalls and IDS

nmap -f [Target IP Address]

nmap -g 80 [Target IP Address]

nmap --mtu 8 [Target IP Address]
# it fragments the packets (maximum 8 bytes size)

nmap -D RND:10 [Target IP Address]
# RND = Random IP address
nmap -D [Spoofed IP Address],[Spoofed IP Address],ME [Target IP Address]

nmap -sT -Pn --spoof-mac 0 [Target IP Address]

nmap -sP IP/24

nmap -sI [Live IP Address got in ping sweep ] [Target IP Address]