Over the years Nmap has evolved from just a simple port scanner. It has become a swiss army knife of network scanning and has a number of tools built in including traceroute, port scanning, ping sweeps, OS fingerprinting, and versions scanning. Even beyond that there is the Nmap scripting engine which has incredible flexibility but is beyond the scope of what I am covering, maybe something for a future post.
Lets start with traceroute. Nmap's implementation of traceroute is very different from any other kind of trace route out there. When you start a traceroute to a remote host Nmap will guess the number of hops to the remote host and adjust that up or down based on the responses until it gets the exact number. Once that number is known Nmap will then decrement the TTL until it it reaches 0 or it hits a hop/router it has already discovered. In short Nmap works backwards. This is pretty inefficient for single hosts, however, in larger complex environments with multiple subnets and multiple network branches it becomes substantially more efficient then traditional traceroute since Nmap never repeats a trace over known hops.
Here is a little diagram outlining what it looks like visually.
I'll cover the other major functions and release a cheat sheet for common and most used switches when I get the time to write one up.