This scan type also falls victim to the ICMP limiting rate described in the UDP scans section, however since only 256 protocols are possible (8-bit field for IP protocol in the IP header) it should not take too long.
Results of an -sO on my Linux workstation are included below.
[chaos]# nmap -sO 127.0.0.1 Starting Nmap 4.01 at 2006-07-14 12:56 BST Interesting protocols on chaos(127.0.0.1): (The 251 protocols scanned but not shown below are in state: closed) PROTOCOL STATE SERVICE 1 open icmp 2 open|filtered igmp 6 open tcp 17 open udp 255 open|filtered unknown Nmap finished: 1 IP address (1 host up) scanned in 1.259 seconds