This technique is known as a fragmented packet scan. It deliberately splits the TCP header of a probe packet (e.g., a SYN or FIN packet) across multiple, smaller IP fragments. The objective is to evade detection by simple packet-filtering firewalls or older Intrusion Detection Systems (IDS). These security devices may only inspect the first fragment of a packet stream for rule matching. Since the TCP flags and port numbers are in subsequent fragments, the device fails to identify the scan's nature and may allow the packets to pass. The target host reassembles the fragments and processes the complete TCP packet, sending a response that reveals the port's state to the attacker.

A. ACK flag probe scanning: This scan sends TCP packets with only the ACK flag set to map firewall rules; it does not inherently rely on fragmentation for evasion.

B. ICMP Echo scanning: This is a "ping scan" that uses the ICMP protocol, not TCP. It does not involve splitting TCP headers.

D. IPID scanning: This is an advanced idle scan that uses a third-party "zombie" host to infer port states by observing IPID sequence changes, not by fragmenting packets.

1. Official Vendor Documentation (Nmap): The Nmap Reference Guide

a tool central to ethical hacking

explicitly describes this technique with its -f option. It states

"The -f option causes the requested scan...to use tiny fragmented IP packets. The idea is to split up the TCP header over several packets to make it harder for packet filters

intrusion detection systems

and other annoyances to detect what you are doing."

Source: Nmap Reference Guide

Section: "Firewall/IDS Evasion and Spoofing".

2. Academic Publication: The foundational paper on IDS evasion techniques discusses fragmentation as a primary method for bypassing network security controls. The authors explain how attackers can exploit the reassembly policies of end hosts versus the IDS.

Source: Ptacek

T. H.

& Newsham

T. N. (1998). Insertion

Evasion

and Denial of Service: Eluding Network Intrusion Detection. Secure Networks

Inc. Section 3.2

"Fragmentation."

3. University Courseware: Reputable computer science programs cover fragmentation as a classic network security evasion technique. Lecture materials explain how splitting headers across fragments can bypass stateless firewalls that do not perform full packet reassembly.

Source: University of California

Berkeley. CS 161: Computer Security. Lecture 14

"Network Security

" slide on "Evasion."