sudo.8 nmap(1) -sS -sV -p-
execute a command as another user
Network exploration tool and security / port scanner
-sS (TCP SYN scan) .
    SYN scan is the default and most popular scan option for good reasons. It can be performed quickly,
    scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. SYN
    scan is relatively unobtrusive and stealthy, since it never completes TCP connections. It also works
    against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as
    Nmap´s FIN/NULL/Xmas, Maimon and idle scans do. It also allows clear, reliable differentiation
    between the open, closed, and filtered states.

    This technique is often referred to as half-open scanning, because you don´t open a full TCP
    connection. You send a SYN packet, as if you are going to open a real connection and then wait for a
    response. A SYN/ACK indicates the port is listening (open), while a RST (reset) is indicative of a
    non-listener. If no response is received after several retransmissions, the port is marked as
    filtered. The port is also marked filtered if an ICMP unreachable error (type 3, code 1, 2, 3, 9, 10,
    or 13) is received.
-sV (Version detection) .
    Enables version detection, as discussed above. Alternatively, you can use -A, which enables version
    detection among other things.
-p port ranges (Only scan specified ports) .
    This option specifies which ports you want to scan and overrides the default. Individual port numbers
    are OK, as are ranges separated by a hyphen (e.g.  1-1023). The beginning and/or end values of a
    range may be omitted, causing Nmap to use 1 and 65535, respectively. So you can specify -p- to scan
    ports from 1 through 65535. Scanning port zero.  is allowed if you specify it explicitly. For IP
    protocol scanning (-sO), this option specifies the protocol numbers you wish to scan for (0–255).

    When scanning both TCP and UDP ports, you can specify a particular protocol by preceding the port
    numbers by T: or U:. The qualifier lasts until you specify another qualifier. For example, the
    argument -p U:53,111,137,T:21-25,80,139,8080 would scan UDP ports 53, 111,and 137, as well as the
    listed TCP ports. Note that to scan both UDP and TCP, you have to specify -sU and at least one TCP
    scan type (such as -sS, -sF, or -sT). If no protocol qualifier is given, the port numbers are added
    to all protocol lists.  Ports can also be specified by name according to what the port is referred to
    in the nmap-services. You can even use the wildcards * and ? with the names. For example, to scan FTP
    and all ports whose names begin with “http”, use -p ftp,http*. Be careful about shell expansions and
    quote the argument to -p if unsure.

    Ranges of ports can be surrounded by square brackets to indicate ports inside that range that appear
    in nmap-services. For example, the following will scan all ports in nmap-services equal to or below
    1024: -p [-1024]. Be careful with shell expansions and quote the argument to -p if unsure.
nmap [Scan Type...] [Options] {target specification}
source manpages: sudonmap