Se la tua idea è quella di frammentare i pacchetti penso che sia necessario utilizzare il parametro -f in base al loro aiuto
-f (fragment packets); --mtu (using the specified MTU) .
The -f option causes the requested scan (including ping scans) to use tiny fragmented IP packets. The idea is to split up the TCP header over several packets to
make it harder for packet filters, intrusion detection systems, and other annoyances to detect what you are doing. Be careful with this! Some programs have
trouble handling these tiny packets. The old-school sniffer named Sniffit segmentation faulted immediately upon receiving the first fragment. Specify this option
once, and Nmap splits the packets into eight bytes or less after the IP header. So a 20-byte TCP header would be split into three packets. Two with eight bytes of
the TCP header, and one with the final four. Of course each fragment also has an IP header. Specify -f again to use 16 bytes per fragment (reducing the number of
fragments).. Or you can specify your own offset size with the --mtu option. Don't also specify -f if you use --mtu. The offset must be a multiple of eight. While
fragmented packets won't get by packet filters and firewalls that queue all IP fragments, such as the CONFIG_IP_ALWAYS_DEFRAG option in the Linux kernel, some
networks can't afford the performance hit this causes and thus leave it disabled. Others can't enable this because fragments may take different routes into their
networks. Some source systems defragment outgoing packets in the kernel. Linux with the iptables. connection tracking module is one such example. Do a scan while
a sniffer such as Wireshark. is running to ensure that sent packets are fragmented. If your host OS is causing problems, try the --send-eth. option to bypass
the IP layer and send raw ethernet frames.
Fragmentation is only supported for Nmap's raw packet features, which includes TCP and UDP port scans (except connect scan and FTP bounce scan) and OS detection.
Features such as version detection and the Nmap Scripting Engine generally don't support fragmentation because they rely on your host's TCP stack to communicate
with target services.
D'altro canto, è molto utile caricare il file pcap, notare che si inserisce un filtro che potrebbe nascondere i pacchetti frammentati