The Penguin's Practical Network Troubleshooting Guide - page 4

Start with Cable Testing

It is amazing how many different uses nmap has. Just when you think you know it inside out, out pop more interesting and useful features. This command scans a subnet to see what hosts are up:

# nmap -sP 192.168.1.*

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-04-27 14:54 PDT
Host 192.168.1.0 seems to be a subnet broadcast address (returned 2 extra pings).
Host windbag.alrac.net (192.168.1.10) appears to be up.
Host uberpc.alrac.net (192.168.1.11) appears to be up.
MAC Address: 00:10:0A:54:61:DA (Unknown)
Host stinkpad.alrac.net (192.168.1.12) appears to be up.
MAC Address: 00:1A:E2:4A:8B:DD (Wistron)
Host 192.168.1.255 seems to be a subnet broadcast address (returned 2 extra pings).

Nmap finished: 256 IP addresses (3 hosts up) scanned in 7.005 seconds

Want to map your entire network and see what services are running?

# nmap -O 192.168.1.*

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-04-27 22:06 PDT
Interesting ports on windbag.alrac.net (192.168.1.10):
(The 1658 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE

22/tcp  open  ssh
80/tcp  open  http
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
631/tcp open  ipp
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 1.567 days (since Wed Apr 26 08:30:31 2006)

[output snipped]

Nmap finished: 256 IP addresses (3 hosts up) scanned in 8.341 seconds

There are a whole lot of open services here. The -O tells nmap to try to identity the operating systems.