Recon: nmap host discovery:
nmap -Pn -n -T5 -sV -sC -p 135,137,139,445,3389 10.10.10.50 # map a windows server
nmap -Pn 10.10.10.50 # -Pn force nmap to scan ports even if the host seems to be down.
nmap -Pn -p443 10.10.10.50 # -p force nmap to scan ports even if filtered is in place.
nmap -Pn -sV -p80 10.10.10.50 # -sV force nmap to discovery the service versioning grabbing the banner.
nmap 10.10.10.0/20 --open # -open force nmap to only show open (or possibly open) ports
nmap -sV -script banner 10.10.10.50 # banner versioning
nmap -PE -sn 10.10.10.50 --reason --packet-trace --disable-arp-ping # ICMP type 8 (echo request) and packet trace enabled
-PP #ICMP type 13 TIMESTAMP
-PM #ICMP type 17 ADDRESS MASK REQUEST
-PS #TCP SYN sweep
-PA #TCP ACK sweep
-PU #UDP sweep
nmap -sS -p22 10.10.10.50 --reason --packet-trace --disable-arp-ping # scan on port 22 w/ packet trace enabled
Check out the nmap GUI version of the Nmap tool with ability to store scan data into the database, plot the network diagram based on the scan result such as services, hostname, etc..