Fast, Single-Service Sweep

Sometimes it is useful to scan a large range of IPs quickly for a
single service.  Nmap "turbo mode":

 # nmap -sSV -p22 -PS22 -iR 5000 |egrep -i -B2 "nmap| open  ssh " |grep -v PORT
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-12-01 19:29 PST
Interesting ports on ES216118069.user.veloxzone.com.br (200.216.118.69):
22/tcp open  ssh     OpenSSH 3.4p1 (protocol 2.0)
--
Interesting ports on custom2.custom.com.br (200.198.125.190):
22/tcp open  ssh     OpenSSH 2.2.0p1 (protocol 1.99)
--
Interesting ports on hansonandtilton.com (64.176.36.170):
22/tcp open  ssh     SSH 1.2.32 (protocol 1.5)
--
Interesting ports on broccoli.socialecology.com (4.42.179.151):
22/tcp open  ssh     OpenSSH 3.4p1 (protocol 1.99)
--
Interesting ports on 202.83.90.60:
22/tcp open  ssh     OpenSSH 3.0.2p1 (protocol 2.0)
--
Interesting ports on kothlis2.manquehue.net (200.74.172.211):
22/tcp open  ssh     OpenSSH 3.7.1p2 (protocol 1.99)
--
Interesting ports on 134.252.164.26:
22/tcp open  ssh     SSH 1.2.20 (protocol 1.5)
[...]
Nmap run completed -- 5000 IP addresses (141 hosts up) scanned in 573.545 seconds