Which NMAP option enables sending packets with intentionally bad checksums?

Testing how networks handle malformed traffic by using intentionally corrupted checksums. Nmap can send such traffic with the --badsum flag. When this is enabled, Nmap crafts and transmits packets whose checksums are deliberately incorrect, allowing you to see whether routers, firewalls, and intrusion detection systems validate those checksums or drop/analyze the packets. This helps in assessing misconfigurations, potential evasion opportunities, and how the security stack behaves with malformed traffic. The other common scanning options—SYN scan, OS detection, and version probing—control the type of scan, detection features, or the information gathered, but do not alter checksum validity. Note that crafting and sending bad checksums often requires privileged access and can trigger alerts, so use judiciously.