nmap

Please see network

Check UDP port 123

nmap -p123 -sU -P0 localhost

@ Check certificate

nmap -sV -p 443 --script ssl-cert example.com

Check SSL cipher suites used on connection

Note: you need at least Nmap 7.92 version to get TLS 1.3 recognized

nmap -sV -p 443 --script ssl-enum-ciphers site.company.com

nmap Check open port

nc -vz is now actively misleading on networks with stateful inspection or "allow SYN, drop payload" rules. You need to actually traverses the path, not just the handshake.

nmap is the right answer most of the time, because its scripts send a real protocol payload and report whether the response was valid.

nmap -Pn -sV -p 3269 ad.server.domain.org

The open|filtered vs open distinction is the one you want: open only appears when nmap actually got a valid protocol response. A "smart" firewall that allows SYN but drops payload shows up as open|filtered with the script erroring out — i.e. it does not lie the way nc -vz does.