Many times people do port scans to get the list of services which are alive; however sometimes (i.e. on heavy load) the port is reported to be open, but the service does not respond (or responds after 1 minute..).

Well, surprise! (to me, at least): nmap can recognize the service behind the open port and its version! It's called 'service/version detection'.

This is useful for many purposes, one use is simply running:

nmap -A <ipaddr>

to get the list of service behind the open ports.

And for the topic I began this post with, it can be useful for listing the services (i.e. ssh) which are actually open and responding in a network, with a command like that:

nmap 192.168.0.0/24 -sV -p 22 --host-timeout=2s

Of course few greps would make it nicer. Fun!