NMap

Nmap is a great tool, first you install nmap I'm a FreeBSD guy so to install all I do is.
#cd /usr/ports/security/nmap
#make install clean
Now nmap is installed there are many type of scans you can do. I choose to do syn scans. A syn scan is pretty much like playing ding dong ditch. You Initiate a 3way handshake and you wait for the response and leave you never return the third handshake. To do a syn scan you use the switch -sS. Another good switch you will want to add is -P0(zero) this will make nmap run even if it doesn't get a respond from the ping. This is good because allot of firewalls block icmp requests. The most important switch is the port switch -p"port#". You can either tell nmap to look at a port or a range of ports, I usually choose port 3389 mstsc port, You will find out what OS its running, XP Vista Server 2k of server 03 just by logging on. so the command will look something like this to scan 3389 with all the switches I talked about.
#nmap -p3389 -P0 -sS
The next thing you have to include in the command is the IP address. You can either scan an IP or a range of IP. I usually scan a range on Thursday night for by the time its Friday night I'll have something to do. To scan the IP 192.168.1.107 you would do this.
#nmap -p3389 -P0 -sS 192.168.2.107
To scan 192.168.2.0-255 you would use the /24 for all of you who don't know what the 24 is it means 255.255.255.0 which equates to 24 1's 11111111.11111111.11111111.00000000 so the command will look something like
#nmap -p3389 -P0 -sS 192.168.2.0/24
The results of the Scan will look something like this.
PORT STATE SERVICE
3389/tcp filtered ms-term-serv
If the program isn't listening on 3389 and you have a firewall it will say filtered. If nothing is listening on the port and you don't have a firewall it will say closed and if something is listening on that port it will say open.