This is really old, but still helpful
- Basic scan:
1$ sudo nmap 192.168.1.50
- Scan multiple addresses:
1$ sudo nmap 192.168.1.50 192.168.1.51 192.168.1.52
- Scan entire subnet looking for valid hosts. This quick scan will also grab MAC address and perform MAC lookup to help determine what the host is.
1$ sudo nmap -sP 192.168.1.50
-  Discovery: Before a scan nmap will attempt to send an ICMP echo request. To not send the ICMP, :
1$ sudo nmap -PN 192.168.1.50
- To do only a ping scan:
1$ sudo nmap -sP 192.168.1.50
- Do an ARP Ping scan:
1$ sudo nmap -PR 192.168.1.50
- Port Scanning options:Â Performing a Fast scan:
1$ sudo nmap -F 192.168.1.50
- Scan only specific ports:
1$ sudo nmap -p22 192.168.1.50
- Scan multiple ports:
1$ sudo nmap -p 22,25,53 , 80-250 192.168.1.50
- Scan ports by name (found in /etc/services)
1$ sudo nmap -p snmtp,ftp 192.168.1.50
- Scan all ports:
1$ sudo nmap -p "*" 192.168.1.50
- Choose between TCP and/or UDP:
1$ sudo nmap -p -T:3000-4000 192.168.1.50
- What OS is the target running?
1$ sudo nmap -O 192.168.1.50
- If the OS is unknown, have nmap attempt to guess the OS
1$ sudo nmap -O --osscan-guess 192.168.1.50
- Service version detection
1$ sudo nmap -sV 192.168.1.50