The Nmap book[1] covers this and a lot of other really cool tricks it can do. I highly recommend reading it cover-to-end if you use nmap at all.<p>Related to spoofed IP scanning, check out Zombie Scans[2]<p>[1] <a href="https://nmap.org/book/toc.html" rel="nofollow">https://nmap.org/book/toc.html</a><p>[2] <a href="https://nmap.org/book/idlescan.html#scan-methods-idle-scan-finding-zombies" rel="nofollow">https://nmap.org/book/idlescan.html#scan-methods-idle-scan-f...</a>