There are way too many different nmap scanning options to talk about, but a typical first scan for this kind of test would be the w/t following command:
nmap -A -v -T 3 192.168.1.100
- OS Detection.
- Services Version Detection.
- TCP SYN Connect, with a timing of 3.
What you’re looking for is open ports, and to see if the scan returns the name of the Operating System and/or the name and version number of the service(s) that are running on any open port(s). If you get nothing of the sort back, then you’re OK. This scan really only affects people who are running services on their computer, such as the SSH Daemon, sendmail, apache httpd, and so forth.
Other useful scans.
nmap -sU -sV -v 192.168.2.11
UDP+UDP Services and verbose.
nmap -sU -P0 -p161 -v -v IP
Port 161 UDP.
nmap -sU -P0 -p161 -sV -v -v 192.168.2.11
Port 161UDP + Service.
sudo nmap -vv -O -P0 18.104.22.168
Fast OS Check (fast).
nmap -vv -O -P0 -sSU 22.214.171.124
OS Check (+ slower).