diff -urNb nmap-3.50/NmapOps.h nmap-3.50-osdetect/NmapOps.h
--- nmap-3.50/NmapOps.h	2003-09-12 21:19:54.000000000 -0700
+++ nmap-3.50-osdetect/NmapOps.h	2004-06-10 16:56:39.425585100 -0700
@@ -205,6 +205,7 @@
   FILE *nmap_stdout; /* Nmap standard output */
   int ttl; // Time to live
   char *datadir;
+  int osscan_only; /* Only for OS scan */
  private:
   int max_rtt_timeout;
   int min_rtt_timeout;
diff -urNb nmap-3.50/nmap.cc nmap-3.50-osdetect/nmap.cc
--- nmap-3.50/nmap.cc	2003-12-01 17:09:39.000000000 -0800
+++ nmap-3.50-osdetect/nmap.cc	2004-06-10 16:58:58.114027200 -0700
@@ -242,6 +242,7 @@
     {"randomize_hosts", no_argument, 0, 0},
     {"osscan_limit", no_argument, 0, 0}, /* skip OSScan if no open ports */
     {"osscan_guess", no_argument, 0, 0}, /* More guessing flexability */
+    {"osscan_only", no_argument, 0, 0}, /* Do only OS Scanning */
     {"packet_trace", no_argument, 0, 0}, /* Display all packets sent/rcv */
     {"version_trace", no_argument, 0, 0}, /* Display -sV related activity */
     {"fuzzy", no_argument, 0, 0}, /* Alias for osscan_guess */
@@ -366,6 +367,9 @@
       } else if (strcmp(long_options[option_index].name, "osscan_guess")  == 0
                  || strcmp(long_options[option_index].name, "fuzzy") == 0) {
 	o.osscan_guess = 1;
+      } else if (strcmp(long_options[option_index].name, "osscan_only")  == 0) {
+	o.osscan_only = 1;
+	o.osscan++;
       } else if (strcmp(long_options[option_index].name, "packet_trace") == 0) {
 	o.setPacketTrace(true);
       } else if (strcmp(long_options[option_index].name, "version_trace") == 0) {
diff -urNb nmap-3.50/scan_engine.cc nmap-3.50-osdetect/scan_engine.cc
--- nmap-3.50/scan_engine.cc	2003-12-01 17:09:39.000000000 -0800
+++ nmap-3.50-osdetect/scan_engine.cc	2004-06-16 15:59:54.009368400 -0700
@@ -670,6 +670,10 @@
   unsigned long j;
   struct serviceDeductions sd;
 
+  int openport = 0;
+  int closedport = 0; 
+  int osscan_done = 0; /* flag to check whether the scanning is done,
+                          when osscan_only is set */
   if (target->timedout)
     return;
 
@@ -1108,6 +1112,19 @@
 	    if (senddelay) usleep(senddelay);
 	  }
 	}
+	/* Get the number of openport and closedport if osscan_only is set.
+	   If it is greater than or equal to 1, set osscan_done and 
+          break from scanning. 
+	   One open port and one closed port are sufficient to find the 
+	   operating system */
+	if (o.osscan_only ) {
+		openport = target->ports.state_counts_tcp[PORT_OPEN];
+		closedport = target->ports.state_counts_tcp[PORT_CLOSED];   
+		if (openport >= 1 && closedport >= 1 ) {
+                        osscan_done = 1;
+			break;
+                }
+	}
 	if (o.debugging > 1) log_write(LOG_STDOUT, "Ideal number of queries: %d outstanding: %d max %d ports_left %d timeout %d senddelay: %dus\n", (int) ss.numqueries_ideal, ss.numqueries_outstanding, ss.max_width, ss.ports_left, target->to.timeout, senddelay);
 
 	/* Now that we have sent the packets we wait for responses */
@@ -1161,8 +1178,8 @@
       /* Now we out o' here! */
       continue;
     }
-
-    if (ss.numqueries_outstanding != 0) {
+    /* Do not error out if osscan_only */
+	if (!o.osscan_only && ss.numqueries_outstanding != 0) {
       fatal("Bean counting error no. 4321897: ports_left: %d numqueries_outstanding: %d\n", ss.ports_left, ss.numqueries_outstanding);
     }
 
@@ -1199,6 +1216,10 @@
       log_write(LOG_STDOUT, "Finished round #%d. Current stats: numqueries_ideal: %d; min_width: %d; max_width: %d; packet_incr: %d; senddelay: %dus; fallback: %d%%\n", tries, (int) ss.numqueries_ideal, ss.min_width, ss.max_width, ss.packet_incr, senddelay, (int) (100 * ss.fallback_percent));
     }
     ss.numqueries_ideal = ss.initial_packet_width;
+    /* Break from the outer loop if osscan_done is set */
+    if(osscan_done) {
+       break;
+    }
     
   } while(pil.testinglist && tries < 20);