Sending -f is one of the major giveaways though. Most IDS's by default are meant to trigger when they receive a fragmented packet, and most firewalls are set to go off when they receive a fragmented packet, dropping it completely.

Example, below on my firewall:
(prenote, obviouslly this isn't my entire firewall settings, but that's my own information to keep)



Nmap won't cut it, nor any other port scanner because they are IDS and firewall detectable to an entire degree. My origonal question, once again, was is there a way to hand craft packets and send them out by hand?