Nmap has a number of great options for host discovery. The big thing to remember Nmap will always attempt to discovery live hosts before port scanning and will only port scan hosts it detects. If all you want to do is a simple network sweep you have to use the -sn argument to disable port scanning even if you specify other discovery methods. Without -sn Nmap will do discovery of target using any specified method but will then do a port scan on top of that. Conversely if you use the -Pn argument Nmap will try to scan hosts even if they don't respond to any of the host discovery methods. Beyond that Nmap will always use ARP as its default method for discovering hosts on the same subnet. The default behavior for hosts on remote subnets is to probe with ICMP echo request + ICMP timestamp request + TCP SYN to 80 and TCP SYN to 443 to increase the odds of successful discovery. One last thing, if Nmap was called without root / system privileges it will only be able to try and initiate a TCP three-way handshake for remote hosts.
Here is a miniature cheat sheet I drew up specifically for host discovery. I will eventually draw up something similar for all the major scanning options and combine them into a single cheat sheet but for now enjoy this one.
The -sn argument will tell Nmap to disable port scanning. This allows you to only do a simple host discovery. When -sn is used without any other options it defaults to doing a simple ICMP echo request and ICMP timestamp query and stop there.
Using -PA[p] will send TCP ACK for host discovery. Again adding a number for [p] will tell Nmap to send an ACK to that specific port. If omitted it will default to 80.
Using -PE will only result in a standard ICMP echo request.
The -PP argument will invoke ICMP timestamp requests.
With -PM it will try to use ICMP address mask requests
When using -PR Nmap will only use ARP requests.
The -PO[id] command gives some interesting options. With this you can test for responses with a number of different IP protocols. Wikipedia has a pretty good list of the different IP protocols (http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers)
