How does --version-intensity affect version detection (and when would you adjust it)?

Version detection works by sending a set of probes to services and analyzing the responses to identify what version is running. The --version-intensity setting determines how aggressive those probes are. At lower values, Nmap uses a lighter probe set, which means scans are faster and gentler on the network, but you may miss some details or fail to fingerprint stubborn services. At higher values, the probe set becomes more thorough, trying more probes and fingerprinting techniques to extract precise version information. This yields more accurate or complete results, but it also makes the scan longer and more noticeable to the target’s defenses. You’d raise the intensity when you need deeper or more reliable version details—for example, when the default probes can’t identify a service, or you’re conducting a focused audit where exact versions matter and you’re willing to accept increased scan time. You’d keep it lower when scanning many hosts, in sensitive environments, or when you want to minimize traffic and detection risk.