This is becoming very redundant, over, and over, and over again.

Well what about if you use nmap -v -v -sS -PO -O -p 1-65535 192.168.x.x


1. -v verbose
2. -sS SYN stealth (best TCP scan)
3. -PO Dont ping hosts
4. -O OS detection
5. -p ports to scan 1-65535
6. 192.168.x.x = host

1. - verbose doesn't do a single thing for or against nmap anoniminity
2. -sS half open scans are great, but we covered that
3. -P0 is great too, but already covered
4. -O this was in my origonal post, and one of the main things that GIVE AWAY NMAP to IDS, is their window timestamp checks for OS detection.
5. -p 1-65535 - Every single port? That's just asking to get caught because of noisy scanning, that IDS picks up by the 3rd port check.


People, my question was answered on the first page, but this has continued on still trying to give me nmap advice. Thank you for the tips and tricks, but I know how nmap works inside and out, thus why I wanted to bring to everyone's attention it's downsides (see my first post). So please, no more tips, no more tricks. I know how nmap works and how incredibly easy it is to dtect any nmap scan. Besides, the origonal question of "Is there anyway to hand craft packets?" that this thread is about was answered. I'm not trying to sound rude, but it does seem as if very few people are taking the time to read the entire thread.

My thanks, to Tim, however, for his great insight and thoughts upon current IDS methods, and to the open mind he had towards considering "what else could there be that isn't known yet, to us?"