What is the difference between -S (spoof source IP) and --source-port, and when would you use each?

In Nmap, you’re controlling what the probe looks like to the network. The two options change different parts of the packet headers. Spoofing the source IP means the packets are crafted to appear as if they come from a different IP address. This can test how a target’s filters respond to traffic from another origin and can help study IP-based access rules. But you won’t get reliable responses back to you, since replies go to the spoofed address. This technique generally requires elevated privileges and should only be used in a permitted, controlled environment. Setting the source port changes the transport-layer port the probe uses, while leaving the source IP unchanged. This affects how the target and any intermediate devices treat the packet and where responses are directed, which can help with evading simple filters that rely on ports or with matching a expected service context. It does not hide your true origin, it just tweaks the port used on the sending side. Use the spoofed IP to explore how filtering behaves with traffic from another address; use a specific source port to influence filtering decisions and the path of replies, all within an authorized testing scope.