Scanning the IPv4 space. I know there are many different projects that do it. I was thinking about how I would do this today. I believe the first step would be to arrive at all the IPv4 blocks (/22, etc), then do a calculation to arrive at the address of each based on the prefix. Then in an array of threads or so, try to connect(2) to the address on some type of service in a timeout handler. If it succeeds, then consider that address as up. I would consider doing this in an async loop with epoll(7), so that many connections could be attempted at once and improve through put.
Anyway. nmap can probably do this and is a great tool
You wouldn't want to use nmap for WAN. nmap is really great if both the scanning and target nodes are somewhat distrbuted across a LAN. Internet mapping is done using Z{map,grab} (censys.io) or masscan. Reduce using the Censys or Shodan search.
If you want to have your scan done in a reasonable amount of time, you probably want to use raw packets, and not connect.
If you don't mind all the flak you'll get, just send a SYN on the port you care about to each IP (maybe skip rfc1918, multicast and reserved addresses; or only send to addresses included in bgp announcements). If you send one packet to each addresses, including the addresses you should probably skip that's 4 Billion packets; if you do it at 1M pps (should fit on a 1Gbps ethernet connection), that's less than two hours.
That's what masscan automates. To fully utilize ms, one requires a friendly ISP. And even then, they can only be ms-friendly as long as their peers are. If you annoy the peers enough, they'll just drop you (http://www.sudosecure.com/ecatels-harboring-of-spambots-and-...). Many datacenters classify port-scanning as an offensive action, even with low package thoughput.
Pulling data from research servers (such as Censys), reducing and then scanning is always a good idea.
Anyway. nmap can probably do this and is a great tool