nmap is one of my favorite network tools. It's versatile and powerful and lots of fun to use. Nmap scan types are denoted by -s*. -sS is a syn stealth or half-open scan and -sT is a TCP connect scan which uses the full TCP three way handshake. One of the most useful scan types is -sV, which "fingerprints" the open ports nmap discovers. By fingerprinting the port, nmap can often determine exactly what application or service is listening behind it.
To illustrate, take the example below. This is an internet host that appears to be listening on port 443 which is commonly used for https.
nmap -sS 220.127.116.11
PORT STATE SERVICE
443/tcp open https
If we change the scan type to -sV and add -p443 we can fingerprint the listening port.
nmap -sV -p443 18.104.22.168
PORT STATE SERVICE VERSION
443/tcp open ssh WeOnlyDo sshd 2.1.3 (protocol 2.0)
Very interesting, -sV shows us that its actually an SSH server listening on the port and also tells us the specific version of the software.