While it's very useful to be able to scan ports—and to use different packet headers in order to produce the best, most accurate results—there are a few things that simple port scanning cannot always achieve reliably. One of the most important of these elements is operating system detection.
When attempting to identify and attack a target, one of the most useful pieces of information is what operating system that machine is running. Because many pieces of software can run on multiple operating systems, this was traditionally a "hard" thing to solve. However, the developers at Nmap—with the help of the information security community at large—have been able to compile a database of the most common (and even some very rare) operating system fingerprints, which can consistently help to identify what operating system a target is running. It's an easy flag to remember—you simply have to invoke a scan with the -O
flag.