Fyodor's official nmap page:

Fyodor's article “The Art of Port Scanning”: out-of-date as it pertains to nmap syntax, still provides an excellent description of how port scanning in general, and stealth scanning in particular, work:

Entertaining article by Fyodor on nmap's OS fingerprintIng feature:

Network Magazine article by Rik Farrow: Describes nmap's OS fingerprinting in simpler terms:

The IANA's official list of well-known, registered and private/dynamic ports:

The official Internet Engineering Task Force (IETF) RFC repository: wondering just what “RFC-793-compliant” means? Wonder no more. Of particular note are RFCs 793 (TCP Protocol), 768 (UDP Protocol) and 1413 (Ident Protocol):