The motivation behind CTF Methodology - Network Reconnaisance post is to keep a cheat sheet of all scanning methods that come in handy while starting the Reconnaisance phase for a CTF or a lab box . Will try to keep this list updated as new boxes teach new scanning methods .
Full TCP Nmap
Enumerate through all the ports and services for identifying easy to find vulnerabilities and get a full picture of applications/services running on the host in question
nmap -sV -sC -p- -o nmap.out -vvv $RHOST
-sV Probe open ports to determine service/version info
-sC equivalent to --script=default. --script=<Lua scripts>: <Lua scripts> is a comma separated list of directories, script-files or script-categories
-p- means it has to scan for all ports from 0 to 65535
-T4 is a time template where T0 is very slow and T5 very fast