Here are some more flag combinations:
Below is list of tcp flags that can be used with nmap:
1 . CWR: Congestion Window Reduced
2 . ECN: Echo
3 . URG: Urgent
4 . ACK: Acknowledge
5 . PSH: Push
6 . RST: Reset
7 . SYN: Synchronize
8 . FIN: Finish/End
9 . ECE (ECN-Echo)
10 . NS: (Nonce Sum)
11 . ECT: ECN-Capable Transport
12 . CE: Congestion Experienced
you use them in any which you like for example:
nmap -vv -sF --scanflags CWRURGRST
nmap --vv -sN --scanflags ECTCEFINACK
While running nmap with the --scanflags run wireshark to see how the packets are sent with any of those flags it's kinda cool.
Those are just 2 examples
While using the -D(decoy) option to test your firewall there is no limits on how much decoys you can put that might test the straight of the firewall.
Be care full it might crash it.
nmap -vv -Dxxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx,x xx.xxx.xxx.xxx,xxx.xxx.xxx.xxx
I hope this will help some of you.
My first short tutorial so if i made any mistakes let me know