I think everyone in the security field known this popular tool, recently evolved into the 5.x series.
Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and many other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
Nmap was originally command line tool that has been developed for only Unix/Linux based operating system but now its windows version is also available and eases to use
For a quick and simple scan use.
$ nmap 192.168.x.x
Starting Nmap 5.21 (http://nmap.org) at 2011-04-10 23:06 PKT
Nmap scan report for 192.168.x.x
Host is up (0.0012s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
-f fragments packets
-D Launches decoy scans for concealment
-I IDENT Scan – find owners of processes (on UNIX systems)
-b FTP Bounce
Port Scan Types
TCP Connect scan
TCP SYN scan
TCP FIN scan
TCP Xmas Tree scan (FIN, URG, and PUSH)
TCP Null scan
TCP ACK scan
Nmap works on the basic scanning types like:
TCP connect() scanning
TCP SYN scanning
TCP FIN scanning
TCP reverse ident scanning
FTP bounce attack
UDP ICMP port unreachable scanning
UDP recvfrom() and write() scanning
ICMP echo scanning
Operating system detection or OS fingerprinting is the important part of scanning you should know about the operating system of target machine to launch an available exploit on it. Nmap provides you know about running operating system although you can find it by using banner grabbing but why doing too much job. Use -O for operating system.