1. Nmap uses raw IP packets to identify live hosts, open ports, and services on a network. 2. It supports SYN, ACK, UDP scans, OS fingerprinting, and service version detection. 3. Nmap's scripting engine (NSE) allows custom scripts for vulnerability detection and network auditing. Example: 1. Basic port scan on a target: `nmap -sS 192.168.1.1` 2. OS detection and version scan: `nmap -A -T4 scanme.nmap.org`