Nmap is the premier port scanner. Key options: -sS (SYN scan/stealth), -sV (version), -O (OS detection), -A (aggressive: everything), -p- (all 65535 ports), --script (NSE scripts).
Common Nmap workflow: -sn (host discovery) → -sS (port scan) → -sV (version) → targeted NSE scripts. Always get written authorization before scanning. Nmap scanning unauthorized systems is illegal in many jurisdictions.