Fyodor's official nmap page: http://www.insecure.org/nmap/
Fyodor's article “The Art of Port Scanning”: out-of-date as it pertains to nmap syntax, still provides an excellent description of how port scanning in general, and stealth scanning in particular, work: http://www.insecure.org/nmap/nmap_doc.html
Entertaining article by Fyodor on nmap's OS fingerprintIng feature: http://www.insecure.org/nmap/nmap-fingerprinting-article.html
Network Magazine article by Rik Farrow: Describes nmap's OS fingerprinting in simpler terms: http://www.insecure.org/nmap/press/network_magazine-system_fingerprinting.txt
The IANA's official list of well-known, registered and private/dynamic ports: http://www.isi.edu/in-notes/iana/assignments/port-numbers/
The official Internet Engineering Task Force (IETF) RFC repository: wondering just what “RFC-793-compliant” means? Wonder no more. Of particular note are RFCs 793 (TCP Protocol), 768 (UDP Protocol) and 1413 (Ident Protocol): http://www.ietf.org/rfc.html
