diff --git a/CHANGELOG b/CHANGELOG
index 5f5dfbd88..533e98fa8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,12 @@
 # Nmap Changelog ($Id$); -*-text-*-
 4.20ALPHA7
 
+o Did a bunch of Nmap 2nd generation fingerprint integration work.
+  Thanks to everyone who sent some in, though we still need a lot more.
+  Also thanks to Zhao for a bunch of help with the integration tools.
+  4.20ALPHA6 had 12 fingerprints, this new version has 42.  The old DB
+  (still included) has 1,684.
+
 o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
   (http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006.
   Also added the unregistered PearPC virtual NIC prefix, as suggested
diff --git a/MACLookup.cc b/MACLookup.cc
index 738eb8712..4a053acc0 100644
--- a/MACLookup.cc
+++ b/MACLookup.cc
@@ -140,7 +140,7 @@ static void mac_prefix_init() {
   int lineno = 0;
   struct MAC_entry *ME;
 
-  MacTable.table_capacity = 9521;
+  MacTable.table_capacity = 19037;
   MacTable.table_members = 0;
   MacTable.table = (struct MAC_entry **) safe_zalloc(MacTable.table_capacity * sizeof(struct MAC_entry *));
 
diff --git a/nmap-os-db b/nmap-os-db
index 357a64399..5047b788a 100644
--- a/nmap-os-db
+++ b/nmap-os-db
@@ -23,6 +23,24 @@
 # For a complete description of Nmap OS detection and the format of
 # fingerprints in this file, see http://insecure.org/nmap/osdetect/
 
+#  Device type: switch.   Running: 3Com embedded.  
+# OS details: 3Com Superstack 3, 3300XM switch , Boot PROM Version:  1.00, Software Version:  2.69, Hardware Version:  0
+Fingerprint 3Com SuperStack III 3300XM switch
+Class 3Com | embedded || switch
+SEQ(SP=0%GCD=<7%ISR=0%TI=I%II=I%SS=S%TS=U)
+OPS(O1=M59C%O2=M59C%O3=M59C%O4=M59C%O5=M59C%O6=M59C)
+WIN(W1=400%W2=400%W3=400%W4=400%W5=400%W6=400)
+ECN(R=Y%DF=N%T=FF%TG=FF%W=400%O=M59C%CC=N%Q=)
+T1(R=Y%DF=N%T=FF%TG=FF%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=APR%O=%RD=0%Q=)
+T3(R=Y%DF=N%T=FF%TG=FF%W=400%S=O%A=S+%F=AS%O=M59C%RD=0%Q=)
+T4(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=APR%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S+%F=APR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=APR%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=APR%O=%RD=0%Q=)
+U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=ACD7%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=N%T=FF%TG=FF%TOSI=Z%CD=S%SI=S%DLI=S)
+
 Fingerprint Avaya G700 Telephony Media Gateway
 Class Avaya | embedded || VoIP gateway
 SEQ(SP=18-1C%GCD=FA00|1F400|2EE00|3E800|4E200|5DC00%ISR=9D-A2%TI=I%II=I%SS=S%TS=1|2)
@@ -39,6 +57,22 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G)
 IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
 
+Fingerprint Avaya Intuity Audix Multimedia Messaging System
+Class Avaya | embedded || telecom-misc
+SEQ(SP=A3-BF%GCD=<7%ISR=B6-BC%TI=I%II=I%SS=S%TS=U)
+OPS(O1=M400%O2=M400%O3=M280%O4=M400%O5=%O6=M109)
+WIN(W1=1000%W2=1000%W3=1000%W4=1000%W5=1000%W6=1000)
+ECN(R=Y%DF=N%T=40%TG=40%W=1000%O=M400%CC=N%Q=)
+T1(R=Y%DF=N%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=Y%DF=N%T=40%TG=40%W=1000%S=O%A=O%F=A%O=%RD=0%Q=)
+T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=1042%RIPCK=Z%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
+
 # Avaya P130 workgroup switch, SW version 2.11.3
 Fingerprint Avaya P130 workgroup switch
 Class Avaya | embedded || switch
@@ -73,8 +107,27 @@ T7(R=Y%DF=N%T=1E%TG=1E%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=1042%RIPCK=Z%RUCK=0%RUL=G%RUD=G)
 IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
 
+# Check Point VPN-1(TM) & FireWall-1(R) NGX (R60) HFA_03, Hotfix 603 - Build 015  & IPSO fw-001 4.1-BUILD016 releng 1515  05.19.2006-052320 i386
+# This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R60) HFA_03, Hotfix 603 - Build 015
+# IPSO fw-001 4.1-BUILD016 releng 1515  05.19.2006-052320 i386
+Fingerprint Checkpoint VPN-1 running IPSO 4.1
+Class Checkpoint | IPSO || firewall
+SEQ(SP=C0-10C%GCD=<7%ISR=107-10B%TI=I%II=I%SS=S%TS=1)
+OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11)
+WIN(W1=43E0%W2=4110%W3=423C%W4=4110%W5=4180%W6=403D)
+ECN(R=Y%DF=N%T=40%TG=40%W=4470%O=M5B4NW0%CC=N%Q=)
+T1(R=Y%DF=N%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=Y%DF=N%T=40%TG=40%W=4000%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=N)
+U1(DF=N%T=FF%TG=FF%TOS=E0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G)
+IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
+
 # IOS (tm) C820 Software (C820-K9OSV6Y6-M), Version 12.3(20), RELEASE SOFTWARE (fc2)
-Fingerprint Cisco 820-series router running IOS 12.3(20)
+Fingerprint Cisco 820-series router running IOS 12.3
 Class Cisco | IOS | 12.X | router
 SEQ(SP=E2-107%GCD=<7%ISR=108-10C%TI=Z%II=RI%TS=U)
 OPS(O1=M5B4%O2=M578%O3=M280%O4=M218%O5=M218%O6=M109)
@@ -90,6 +143,23 @@ T7(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=100%TG=100%TOS=C0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=100%TG=100%TOSI=S%CD=S%SI=S%DLI=S)
 
+# IOS (tm) 2500 Software (C2500-I-L), Version 12.1(27b), RELEASE SOFTWARE (fc1)
+Fingerprint Cisco 2500 router running IOS 12.1
+Class Cisco | IOS | 12.X | router
+SEQ(SP=F6-102%GCD=<7%ISR=108-10A%TI=Z%II=RI%TS=U)
+OPS(O1=M5B4%O2=M578%O3=M280%O4=M218%O5=M218%O6=M109)
+WIN(W1=1020%W2=1020%W3=1020%W4=1020%W5=1020%W6=1020)
+ECN(R=Y%DF=N%T=100%TG=100%W=1020%O=M5B4%CC=N%Q=)
+T1(R=Y%DF=N%T=100%TG=100%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=N%T=100%TG=100%W=1020%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=)
+T4(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=100%TG=100%TOS=C0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=100%TG=100%TOSI=S%CD=S%SI=S%DLI=S)
+
 # Cisco Systems Catalyst 1900,V9.00.03, 19XX's runs neither IOS nor CatOS
 Fingerprint Cisco Catalyst 1900 Switch, Software v9.00.03
 Class Cisco | embedded || switch
@@ -124,8 +194,44 @@ T7(R=Y%DF=N%T=FF%TG=FF%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G)
 IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
 
+# Cisco Catalyst 6509 (setup to perform routing)
+# IOS (tm) c6sup2_rp Software (c6sup2_rp-JK2S-M), Version 12.1(26)E4, RELEASE SOFTWARE (fc1)
+Fingerprint Cisco Catalyst 6509 running IOS 12.1
+Class Cisco | IOS | 12.X | switch
+SEQ(SP=E6-FF%GCD=<7%ISR=105-114%TI=RD%II=RI%TS=U)
+OPS(O1=M218%O2=M218%O3=M218%O4=M218%O5=M218%O6=M109)
+WIN(W1=1020%W2=1020%W3=1020%W4=1020%W5=1020%W6=1020)
+ECN(R=Y%DF=N%T=FF%TG=FF%W=1020%O=M218%CC=N%Q=)
+T1(R=Y%DF=N%T=FF%TG=FF%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=N%T=FF%TG=FF%W=1020%S=O%A=S+%F=AS%O=M218%RD=0%Q=)
+T4(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
+U1(R=N)
+IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
+
+# Cisco DOCSIS CMTS running IOS 12.1  (this is a cable modem termination server)
+# IOS (tm) 7200 Software (UBR7200-IK1S-M), Version 12.1(8.5)EC, EARLY DEPLOYMENT MAINTENANCE INTERIM SOFTWARE
+Fingerprint Cisco DOCSIS cable modem termination server running IOS 12.1
+Class Cisco | IOS | 12.X | specialized
+SEQ(SP=F8-FF%GCD=<7%ISR=107-109%TI=Z%II=RI%TS=U)
+OPS(O1=M218%O2=M218%O3=M218%O4=M218%O5=M218%O6=M109)
+WIN(W1=1020%W2=1020%W3=1020%W4=1020%W5=1020%W6=1020)
+ECN(R=Y%DF=N%T=FF%TG=FF%W=1020%O=M218%CC=N%Q=)
+T1(R=Y%DF=N%T=FF%TG=FF%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=N%T=FF%TG=FF%W=1020%S=O%A=S+%F=AS%O=M218%RD=0%Q=)
+T4(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
+U1(R=N)
+IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
+
 # Cisco IOS Software, C350 Software (C350-K9W7-M), Version 12.3(8)JA2, RELEASE SOFTWARE (fc1) / Cisco Aironet 350
-Fingerprint Cisco Aironet 350 WAP Running IOS 12.3(8)JA2
+Fingerprint Cisco Aironet 350 WAP running IOS 12.3
 Class Aironet | IOS | 12.X | WAP
 SEQ(SP=DF-F9%GCD=<7%ISR=107-10C%TI=Z%II=RI%TS=U)
 OPS(O1=M5B4%O2=M578%O3=M280%O4=M218%O5=M218%O6=M109)
@@ -176,6 +282,39 @@ T7(R=Y%DF=Y%T=FF%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=FF%TG=FF%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=N%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
 
+Fingerprint KEMP Technologies LoadMaster 1500 load balancer
+Class Kemp | embedded || load balancer
+SEQ(SP=CC-CE%GCD=<7%ISR=D1-D3%TI=Z%II=I%TS=U)
+OPS(O1=M5B4NNSNW0%O2=M5B4NNSNW0%O3=M5B4NW0%O4=M5B4NNSNW0%O5=M5B4NNSNW0%O6=M5B4NNS)
+WIN(W1=16D0%W2=16D0%W3=16D0%W4=16D0%W5=16D0%W6=16D0)
+ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=)
+T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=Y%DF=Y%T=40%TG=40%W=16D0%S=O%A=S+%F=AS%O=M5B4NNSNW0%RD=0%Q=)
+T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
+
+# Linux 2.4.20 #1473 Tue Nov 1 09:32:46 CET 2005 mips unknown, Sveasoft Firmware Version: Talisman/Basic 1.11-devsnap20051101, Linksys WRT54GS router
+Fingerprint Linksys WRT54GS WAP (Linux 2.4.20 kernel) running Sveasoft Firmware
+Class Class Linksys | Linux | 2.4.X | WAP
+SEQ(SP=CA-CC%GCD=<7%ISR=CD-CF%TI=Z%II=I%TS=7)
+OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11)
+WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
+ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=Y%Q=)
+T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=)
+T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
+
 # Firmware Version 4.30.7, Linux 2.4.20 I believe
 Fingerprint Linksys WRT54GL WAP (Linux kernel)
 Class Class Linksys | Linux | 2.4.X | WAP
@@ -245,9 +384,11 @@ U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
 
 # Linux 2.6.12-12mdksmp #1 SMP 5 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz Mandriva (custom kernel), laptop
-Fingerprint Linux 2.6.12-12mdksmp (Mandriva)
+# Linux *.edu 2.6.9-42.0.2.ELsmp #1 SMP Thu Aug 17 17:57:31 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux
+# Linux localhost 2.6.12-21mdk #1 Tue May 9 21:15:09 MDT 2006 i686 Pentium III (Katmai) unknown GNU/Linux
+Fingerprint Linux 2.6.9 - 12.6.12
 Class Linux | Linux | 2.6.X | general purpose
-SEQ(SP=CA-CC%GCD=<7%ISR=D0-D2%TI=Z%II=I%TS=A)
+SEQ(SP=CA-CE%GCD=<7%ISR=CA-D2%TI=Z%II=I%TS=A)
 OPS(O1=M400CST11NW2%O2=M400CST11NW2%O3=M400CNNT11NW2%O4=M400CST11NW2%O5=M400CST11NW2%O6=M400CST11)
 WIN(W1=7FFF%W2=7FFF%W3=7FFF%W4=7FFF%W5=7FFF%W6=7FFF)
 ECN(R=Y%DF=Y%T=40%TG=40%W=7FFF%O=M400CNNSNW2%CC=N%Q=)
@@ -394,16 +535,34 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
 
-# OpenBSD 3.9-stable (GENERIC) #0: Tue Aug 29 06:52:40 CDT 2006 (i386)
-Fingerprint OpenBSD 3.9-stable (x86)
+# OpenBSD 3.4 GENERIC#18 i386     Device acting like firewall       pf version
+Fingerprint OpenBSD 3.4 (x86)
 Class OpenBSD | OpenBSD | 3.X | general purpose
-SEQ(SP=CB-10C%GCD=<7%ISR=FA-100%TI=RD%II=RI%TS=21|22)
+SEQ(SP=F9-FB%GCD=<7%ISR=100-102%TI=RD%II=RI%TS=1)
+OPS(O1=M5B4NNSNW0NNT11%O2=M5B4NNSNW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NNSNW0NNT11%O5=M5B4NNSNW0NNT11%O6=M5B4NNSNNT11)
+WIN(W1=43E0%W2=4110%W3=423C%W4=4000%W5=4180%W6=403D)
+ECN(R=Y%DF=Y%T=40%TG=40%W=4470%O=M5B4NNSNW0%CC=N%Q=)
+T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=Y%DF=Y%T=40%TG=40%W=403D%S=O%A=S+%F=AS%O=M5B4NNSNW0NNT11%RD=0%Q=)
+T4(R=Y%DF=Y%T=40%TG=40%W=4000%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
+
+# OpenBSD 3.9 GENERIC#759 sparc64 , Sun Ultra 5, UltraSPARC-IIi
+# OpenBSD 3.9-stable (GENERIC) #0: Tue Aug 29 06:52:40 CDT 2006 (i386)
+Fingerprint OpenBSD 3.9-stable
+Class OpenBSD | OpenBSD | 3.X | general purpose
+SEQ(SP=CB-10C%GCD=<7%ISR=FA-10A%TI=RD%II=RI%TS=21|22)
 OPS(O1=M5B4NNSNW0NNT11%O2=M5B4NNSNW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NNSNW0NNT11%O5=M5B4NNSNW0NNT11%O6=M5B4NNSNNT11)
 WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)
 ECN(R=Y%DF=Y%T=40%TG=40%W=4000%O=M5B4NNSNW0%CC=N%Q=)
 T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
 T2(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=40%TG=40%W=4000%S=O%A=S+%F=AS%O=M5B4NNSNW0NNT11%RD=0%Q=)
+T3(R=Y%DF=Y%T=40%TG=40%W=4000%S=O%A=O|S+%F=AS%O=M5B4NNSNW0NNT11%RD=0%Q=)
 T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
 T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
@@ -428,10 +587,28 @@ T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
 
+# Windows 2003 Server winver output: Version 5.2 (Build 3790.srv03_sp1_rtm.050324-1447 : Service Pack 1)
+Fingerprint Microsoft Windows 2003 Server SP2
+Class Microsoft | Windows | 2003 | general purpose
+SEQ(SP=F7-F9%GCD=<7%ISR=106-108%TI=I%II=I%SS=S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)
+ECN(R=Y%DF=N%T=80%TG=80%W=4000%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=N%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=N%T=80%TG=80%W=4000%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
+# Microsoft Windows Vista English PRE-RC1 Build 5536
 # Vista Beta 2 Build 5472
 Fingerprint Microsoft Windows Vista Beta 2 (Build 5472)
 Class Microsoft | Windows Vista || general purpose
-SEQ(SP=D2-D7%GCD=<7%ISR=107-109%TI=I%II=I%SS=S%TS=7)
+SEQ(SP=D2-11B%GCD=<7%ISR=107-113%TI=I%II=I%SS=S%TS=6|7)
 OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11)
 WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
 ECN(R=Y%DF=Y%T=80%TG=80%W=2000%O=M5B4NW8NNS%CC=N%Q=)
@@ -462,22 +639,40 @@ T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=80%TG=80%TOS=0%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
 
+# Windows XP Pro (VLK) Version 5.1 build 2600.xpsp_sp2_gdr.050301-1519 (Service Pack 2)  Machine does have MS05-019 and all other patches
 # Windows XP Professional SP2: Version 5.1 (2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2. firewall disabled)
 Fingerprint Microsoft Windows XP SP2 (firewall disabled)
 Class Microsoft | Windows | NT/2K/XP | general purpose
-SEQ(SP=DC-100%GCD=<5%ISR=100-110%TI=I%II=I%SS=S)
+SEQ(SP=DC-100%GCD=<7%ISR=100-110%TI=I%II=I%SS=S%TS=0)
 OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
 WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
-ECN(R=Y%DF=Y%T=80%TG=80%W=FFFF%O=M5B4NW0NNS%CC=N%Q=)
-T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
-T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=80%TG=80%W=FFFF%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
-T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-U1(DF=N%T=80%TG=80%TOS=0%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
-IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+ECN(R=Y%DF=Y%T=7F|80%TG=80%W=FFFF%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=7F|80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=7F|80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=7F|80%TG=80%W=FFFF%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=7F|80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=7F|80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=7F|80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=7F|80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=7F|80%TG=80%TOS=0%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=7F|80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
+# Polycom ViewStation 4000 PRI T1 MP, Release 6.0.5 FX - 08 Jun 2005
+Fingerprint Polycom ViewStation 4000 video conferencing system
+Class Polycom | embedded || webcam
+SEQ(SP=0-18%GCD=<7|9140289|12280512|1B3C079B|24500A24|2D640CAD|36780F36%ISR=0-151%TI=I%II=I%SS=S%TS=U)
+OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4)
+WIN(W1=5B40%W2=5B40%W3=5B40%W4=5B40%W5=5B40%W6=5B40)
+ECN(R=Y%DF=N%T=3C%TG=3C%W=5B40%O=M5B4%CC=N%Q=)
+T1(R=Y%DF=N%T=3C%TG=3C%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=Y%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=N%T=3C%TG=3C%W=5B40%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=)
+T4(R=Y%DF=Y%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=3C%TG=3C%TOS=0%IPL=70%UN=0|6850%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=3C%TG=3C%TOSI=Z%CD=Z%SI=S%DLI=S)
 
 # Ultra 10 uni-processor
 Fingerprint Sun Solaris 9 (SPARC)
@@ -529,3 +724,20 @@ T6(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
 T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=3C%TG=3C%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=3C%TG=3C%TOSI=S%CD=S%SI=S%DLI=S)
+
+# Xerox WorkCentre Pro 265, v1 Multifunction System, System Software Version: 13.27.24.0, Net Controller Software Version: 40.010.50930
+Fingerprint Xerox WorkCentre Pro 265 multifunction printer
+Class Xerox | embedded || printer
+SEQ(SP=CB-CD%GCD=<7%ISR=D3-D5%TI=Z%II=I%TS=7)
+OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11)
+WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
+ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=)
+T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
diff --git a/nmap-os-fingerprints b/nmap-os-fingerprints
index 82784f9c0..9e90eb24a 100644
--- a/nmap-os-fingerprints
+++ b/nmap-os-fingerprints
@@ -19339,7 +19339,7 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint SGI IRIX 6.4 - 6.5.3m  # Lamont Granquist (again :)
+Fingerprint SGI IRIX 6.4 - 6.5.3m
 Class SGI | IRIX | 6.X | general purpose
 TSeq(Class=RI|TD%gcd=28|50|78|A0|C8|F0|140%SI=<3E8)
 T1(DF=N%W=C000%ACK=S++%Flags=AS%Ops=MNWNNT)
diff --git a/osscan.cc b/osscan.cc
index f7cb80b87..0b49a544e 100644
--- a/osscan.cc
+++ b/osscan.cc
@@ -1886,7 +1886,7 @@ FingerPrint *parse_single_fingerprint(char *fprint_orig) {
       p = thisline + 12;
       while(*p && isspace((int) *p)) p++;
 
-      q = strpbrk(p, "\n#");
+      q = strchr(p, '\n');
       if (!q) q = p + strlen(p);
       while(isspace(*(--q)))
 	;