diff --git a/nmap-os-fingerprints b/nmap-os-fingerprints
index db044eff3..0008b771a 100644
--- a/nmap-os-fingerprints
+++ b/nmap-os-fingerprints
@@ -54,6 +54,7 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+# 3Com 812 OfficeConnect ADSL Router Firmware version: 2.0.0
 Fingerprint 3Com OfficeConnect 812 aDSL router
 Class 3Com | embedded || broadband router
 TSeq(Class=TD%gcd=<C354%SI=<1E%IPID=I%TS=U)
@@ -64,7 +65,7 @@ T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E|F%UCK=E|F%ULEN=134%DAT=E)
 
 Fingerprint 3Com OfficeConnect Remote 812 aDSL Router
 Class 3Com | embedded || broadband router
@@ -78,6 +79,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+# 3com OfficeConnect Remote 812 ADSL Router (Firmware V1.1.7)
+Fingerprint 3com OfficeConnect Remote 812 ADSL Router
+Class 3Com | embedded || router
+TSeq(Class=TD%gcd=<C354%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=200%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=200%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # 3Com Sharkfin/Tailfin Cable Modem boot code 01.00.003a main image 1.17 hardware 2.00 web 604
 Fingerprint 3Com Sharkfin/Tailfin Cable Modem
 Class 3Com | embedded || broadband router
@@ -257,7 +271,7 @@ Fingerprint 3Com SuperStack II switch (OS v 2.0)
 Class 3Com | embedded || switch
 TSeq(Class=C)
 T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=APR%Ops=)
+T2(DF=N%W=0%ACK=S%Flags=APR%Ops=)
 T3(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
 T4(DF=N%W=0%ACK=S%Flags=APR%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=APR%Ops=)
@@ -265,6 +279,21 @@ T6(DF=N%W=0%ACK=S%Flags=APR%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=APR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# 3com Switch 7700 firmware v2.01
+# Huawei S6506R routing switch VRP 3.10 release 1009
+Fingerprint 3Com 7700/8800 Switch or Huawei S6506R routing switch VRP 3.10
+Class 3Com | embedded || switch
+Class Huawei | VRP || switch
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=1FC4%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint 3Com SuperStack II switch SW/NBSI-CF,11.1.0.00S38
 Class 3Com | embedded || switch
 TSeq(Class=TD%gcd=<68%SI=<3C)
@@ -354,6 +383,7 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# Actiontec wireless ready DSL Gateway - Model R1520SU
 # Actiontec 1520 DSL gateway with GlobespanVirata chipset hardware version RD6700 BSP v1.1 (ISOS 8.2) / He100/2xx CSP v2.3, firmware version 8.2.0.16
 Fingerprint Actiontec 1520 DSL gateway firmware 8.2.0.16
 Class Actiontec | embedded || broadband router
@@ -365,7 +395,7 @@ T4(DF=N%W=1194%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=O%Flags=R%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E|F%UCK=E|F%ULEN=134%DAT=E)
 
 Fingerprint Adtran Atlas 890 digital cross-connect device
 Class Adtran | embedded || telecom-misc
@@ -379,6 +409,20 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
+# Aethra Vega Star Gold (Videoconferencing appliance)
+# Aethra Video Conference System Vega Pro S running pSOSystem
+Fingerprint Aethra Vega Conference System
+Class Aethra | embedded || webcom
+TSeq(Class=RI%gcd=<6%SI=<2F97016&>79D33%IPID=I%TS=U)
+T1(DF=N%W=7FFF%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=7FFF%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 Fingerprint Aironet 630-2400 V3.3P Wireless LAN bridge
 Class Aironet | embedded || bridge
 TSeq(Class=C%Val=0)
@@ -491,6 +535,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# Alcatel telephone system called OmniPcx 4400 Chorus MiX V.3.2 r4.1.5 COMP-386
+Fingerprint Alcatel OmniPcx 4400 telephone system
+Class Alcatel | embedded || telecom-misc
+TSeq(Class=RI%gcd=<6%SI=<720CE&>AEE%IPID=I%TS=U)
+T1(DF=Y%W=1090%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=1090%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=1000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
 # Advanced Reflexes IP Phone, Version: E/AT400/46.8
 # IBM x450 remote management console (lets you switch machine on/off, check temp, etc)
 Fingerprint Alcatel Advanced Reflexes IP Phone or IBM x450 remote management console
@@ -782,11 +839,29 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint APC Network management Card AP9616
+Class APC | embedded || power-device
+TSeq(Class=TD%gcd=<3D094%SI=<14%IPID=I%TS=1000HZ)
+T1(DF=Y%W=10CD%ACK=S++%Flags=AS%Ops=MENWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=10CD%ACK=S++%Flags=AS%Ops=MENWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# American Power Conversion Smart-UPS 3000 RM firmware revision 666.5.I
 # APC AOS 2.2.7 (on APC AP7901 network management card)
+# APC UPS - Symmetra 16000 UPS_IDEN
+# APC AP9617 SmartSlot UPS network management card
+# APC Network Management Card EX 10/100BaseT (AP9617)
+# APC Network Management Card AOS v2.2.7 (Rack PDU APP v2.2.0)
+# APC network mgmt card AP9617
 Fingerprint APC UPS System network management card (runs AOS)
 Class APC | embedded || power-device
 TSeq(Class=TD%gcd=<7A124%SI=<1E%IPID=I%TS=1000HZ)
-T1(DF=N%W=10CD%ACK=S++%Flags=AS%Ops=MENWNNT)
+T1(DF=Y|N%W=10CD%ACK=S++%Flags=AS%Ops=MENWNNT)
 T2(Resp=N)
 T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -795,6 +870,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# APC UPS Network Management Card, Model AP9617
+Fingerprint APC UPS Network Management Card
+Class APC | embedded || power-device
+TSeq(Class=TD%gcd=<61AC%SI=<3C%IPID=I%TS=1000HZ)
+T1(DF=Y%W=10CD%ACK=S++%Flags=AS%Ops=MENWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=80%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# American Power Conversion / Network Management Card AOS v2.5.3 / Symmetra LX 16000 RM / This is a network management interface on a high end UPS
+Fingerprint APC UPS System network management card (runs AOS v2.5.3)
+Class APC | embedded || power-device
+TSeq(Class=TD%gcd=<3D094%SI=<1E%IPID=I%TS=1000HZ)
+T1(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=10CD%ACK=S++%Flags=AS%Ops=MENWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint APC Web/SNMP UPS management card
 Class APC | embedded || power-device
 TSeq(Class=RI%gcd=<6%SI=<52FB700&>D46DF)
@@ -868,6 +969,18 @@ T6(DF=N%W=800%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=800%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Apple LaserWriter 12/640 PS
+Class Apple | embedded || printer
+TSeq(Class=C%Val=85BD001%IPID=I%TS=U)
+T1(DF=Y%W=111C%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=O%Flags=R%Ops=)
+PU(Resp=N)
+
 Fingerprint Apple Color LaserWriter 600 Printer
 Class Apple | embedded || printer
 TSeq(Class=C)
@@ -907,10 +1020,16 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 PU(Resp=N)
 
+# Apple Airport Express (Wireless Router/Bridge) (Firmware v6.1)
 # Apple AirPort Express (Apple Base Station V6.0)
-Fingerprint Apple AirPort Express WAP or Dell Fiber Channel Bridge Module
+# OKI Phaser B6300N laser printer
+# Netgear 7000 Series Managed Switch (GSM7324) (strang ops)
+# Westel Versalink 327W, Wireless DSL Modem/Router
+Fingerprint Embedded device (Apple WAP, Dell bridge, OKI printer, Westel broadband router)
 Class Apple | embedded || WAP
 Class Dell | embedded || storage-misc
+Class Okidata | embedded || printer
+Class Westel | embedded || broadband router
 TSeq(Class=RI%gcd=<6%SI=<A9830&>1000%TS=2HZ)
 T1(DF=Y%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
@@ -922,8 +1041,9 @@ T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
 # Apple AirPort Extreme Base Station Firmware 5.1.1
-Fingerprint Apple Airport Extreme Base Station (WAP)
+Fingerprint Apple Airport Extreme Base Station (WAP) or ARRIS Cadant C3 CMTS Cable Modem
 Class Apple | embedded || WAP
+Class ARRIS | embedded || broadband router
 TSeq(Class=RI%gcd=<6%SI=<94160&>15CB%IPID=I%TS=2HZ)
 T1(DF=Y%W=2000|4000%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
@@ -934,6 +1054,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=Y|N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+Fingerprint Apple Mac OS 7.0-7.1 With MacTCP 1.1.1 - 2.0.6
+Class Apple | Mac OS | 7.X | general purpose
+TSeq(Class=C|TD)
+T1(DF=N%W=192F|2D25%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=400|800|C00|1000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|800|C00|1000%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Mac OS X 1.1-1.2
 Fingerprint Apple Mac OS X 1.1-1.2 (Rhapsody 5.5-5.6) on a G3
 Class Apple | Mac OS X | 10.0.X | general purpose
@@ -1058,16 +1190,17 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
-Fingerprint Apple Mac OS X 10.3.0 - 10.3.3
-Class Apple | Mac OS X | 10.3.X | general purpose
+# Mac OS X Server 10.2.8 Darwin Kernel 6.8 Macintosh powerpc
+Fingerprint Apple Mac OS X Server 10.2.8
+Class Apple | Mac OS X | 10.2.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
-T1(DF=Y%W=807A|C0B7|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T1(DF=Y%W=5B4%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
 T3(Resp=N)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
 Fingerprint Apple Mac OS X 10.3.3 (Panther)
@@ -1082,17 +1215,88 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
-Fingerprint Apple Mac OS 7.0-7.1 With MacTCP 1.1.1 - 2.0.6
-Class Apple | Mac OS | 7.X | general purpose
-TSeq(Class=C|TD)
-T1(DF=N%W=192F|2D25%ACK=S++%Flags=AS%Ops=M)
+# Apple Mac OS 10.3.5 (Darwin Kernel Version 7.5.0)
+# Mac OS 10.3.7 Server, Darwain, PPC. Kernel version 7.70. All relevant updates as of 2/2/05
+Fingerprint Apple Mac OS 10.3.5 or 10.3.7
+Class Apple | Mac OS X | 10.3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
-T3(Resp=Y%DF=N%W=0%ACK=O%Flags=A%Ops=)
-T4(DF=N%W=400|800|C00|1000%ACK=O%Flags=R%Ops=)
-T5(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=400|800|C00|1000%ACK=O%Flags=R%Ops=)
-T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# Darwin 7.7.0 Power Macintosh powerpc, OS X, version 10.3.7
+# Apple Mac OS X 10.3.6 (7R28) -  (Darwin 7.6.0)
+Fingerprint Apple Mac OS X 10.3.6 or 10.3.7
+Class Apple | Mac OS X | 10.3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=Y%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+Fingerprint Apple Mac OS X 10.3.9
+Class Apple | Mac OS X | 10.3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=Y%W=E34E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# Apple Mac OS X 10.3.8 (Panther); Darwin Kernel Version 7.8.0
+# Apple Mac OS X 10.4 (Build: 8A428); Kernel: Darwin 8.0.0
+Fingerprint Apple Mac OS X 10.3.8 or 10.4
+Class Apple | Mac OS X | 10.4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Apple Mac OS X 10.4.0 (Tiger) - Darwin Kernel Version 8.0.0
+# Apple Macintosh PowerBook G4 15" Titanium, Mac OS X 10.4.0 (Tiger) build 8A428
+# Mac OS X 10.4 Darwin 8.0.0 Darwin Kernel Version 8.0.0: Sat Mar 26 14:15:22 PST 2005;
+# Fingerprint Apple Mac OS X 10.4.0 Build 8a428 Darwin Kernel Version 8.0.0. Power Macintosh powerpc Hardware is PB G4
+# Darwin 8.1.0 Kernel Version 8.1.0 (Apple Mac OS 10.4.1 Tiger)
+Fingerprint Apple Mac OS X 10.4.0 - 10.4.1 (Tiger)
+Class Apple | Mac OS X | 10.3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
+Fingerprint Mac OSX 10.4.1
+Class Apple | Mac OS X | 10.3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=A%Ops=NNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
 # Not really constant -- just slow incrementation
 # This is an LCIII
@@ -1317,7 +1521,7 @@ T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=Y%TOS=40%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=Y%TOS=0|40%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 Fingerprint Apple Newton MessagePad 2100, Newton OS 2.1
 Class Apple | Newton OS || PDA
@@ -1571,13 +1775,14 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
-# Ascend Mac 6000 Terminal access server (dialup access server)   Running TAOS 9.0.9
+# Ascend Mac 6000 Terminal access server (dialup access server) Running TAOS 9.0.9
+# Lucent (Acend) DSLMAX 20 revision 8.0.7
 Fingerprint Ascend Mac 6000 Terminal access server
 Class Ascend | TAOS || terminal server
 TSeq(Class=RI%gcd=<6%SI=<919BA&>E5D%IPID=BI%TS=U)
-T1(DF=Y%W=111C%ACK=S++%Flags=AS%Ops=ME)
+T1(DF=Y|N%W=111C%ACK=S++%Flags=AS%Ops=ME)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=111C%ACK=S++%Flags=AS%Ops=ME)
+T3(Resp=Y%DF=Y|N%W=111C%ACK=S++%Flags=AS%Ops=ME)
 T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
@@ -1668,6 +1873,32 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Audio Codes MP-104 - VoIP Gateway FXO (version 4.0.282.350)
+Fingerprint AudioCodes MP-104 VoIP Gateway FXO
+Class AudioCodes | embedded || VOIP Gateway
+TSeq(Class=TD%gcd=<3D094%SI=<1E%IPID=I%TS=1000HZ)
+T1(DF=N%W=20F4%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=20F4%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+# AudioCodes MP-108 FXS (iptele gateway) version: 4.40.162.274
+Fingerprint AudioCodes MP-108 VoIP Gateway FXS
+Class AudioCodes | embedded || VOIP Gateway
+TSeq(Class=TD%gcd=<3D094%SI=<1E%IPID=I%TS=1000HZ)
+T1(DF=N%W=209D%ACK=S++%Flags=AS%Ops=MENWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=209D%ACK=S++%Flags=AS%Ops=MENWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Auspex Fileserver (AuspexOS 1.9.1/SunOS 4.1.4)
 Class Auspex | AuspexOS || fileserver
 TSeq(Class=64K)
@@ -1797,6 +2028,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# AXIS StorPoint CD E100 CD-ROM Server V5.20 Oct 27 1999
+Fingerprint AXIS StorPoint CD E100 CD-ROM Server V5.20
+Class AXIS | embedded || fileserver
+TSeq(Class=C%Val=4B80000%IPID=I%TS=U)
+T1(DF=N%W=5AC%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=5AC%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=5AC%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+# AXIS StorPoint CD E100 CD-ROM Server V5.38 Jan 12 2004
+Fingerprint AXIS StorPoint CD E100 CD-ROM Server V5.38
+Class AXIS | embedded || fileserver
+TSeq(Class=C%Val=30D40000%IPID=I%TS=U)
+T1(DF=N%W=5AC%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=5AC%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=5AC%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint AXIs 540 Ethernet print server ver 5.48
 Class AXIS | embedded || print server
 TSeq(Class=TD%gcd=<80004%SI=<1E%IPID=I%TS=U)
@@ -1867,6 +2124,31 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# AXIS 200+ Webcam running software version is 1.42
+Fingerprint AXIS Neteye 200+ Webcam running software version 1.42
+Class AXIS | embedded || webcam
+TSeq(Class=TD|C%gcd=<80004%SI=<1E%Val=DFB80000%IPID=RD|I%TS=U)
+T1(DF=N%W=200%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=200%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=200%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+Fingerprint Axis print server firmware 7.0.2
+Class AXIS | embedded || print server
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=100%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=100%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=100%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 # AXIS 540+/542+
 # AXIS 5400 print server
 Fingerprint AXIS Network Print Server
@@ -1930,6 +2212,18 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+Fingerprint Bay Networks Instant Internet router
+Class Bay Networks | embedded || router
+TSeq(Class=TR%gcd=<6%IPID=BI%TS=U)
+T1(Resp=N)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=R%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Baystack Instant Internet 400 SoHo Router
 Class Bay Networks | embedded || router
 TSeq(Class=RI%gcd=<24%SI=<4D33C&>C46)
@@ -1954,6 +2248,19 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Fingerprint BayStack 450-24T HW:RevL  FW:V1.47 SW:v3.1.0.22  ISVN:1
+Fingerprint BayStack 450-24T switch
+Class Bay Networks | embedded || switch
+TSeq(Class=TD%gcd=<1F8%SI=<50%IPID=I%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|800%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint BayStack 28115/ADV Fast Ethernet Switch
 Class Bay Networks | embedded || switch
 TSeq(Class=TD%gcd=<6%SI=<FF)
@@ -1966,6 +2273,20 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# BayTech RPC4 with Network Module (Data Switch Series - F3.03 (C)2000 DS72C808 Bay Technical Associates DS72)
+# BayTech rpc3-15NC Remote Power Control device
+Fingerprint BayTech Remote Power Control RPC3-15NC or RPC4
+Class BayTech | embedded || power-device
+TSeq(Class=TD|RI%gcd=<C%SI=<4272&>95%IPID=I|RD%TS=U)
+T1(Resp=N)
+T2(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S%Flags=ARF%Ops=)
+T3(Resp=N)
+T4(DF=N%W=800|1000%ACK=S%Flags=ARF%Ops=)
+T5(DF=N%W=C00|1000|400%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|800|1000%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=C00|1000%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Running on a BeBox 66Mhz
 Fingerprint BeOS 4 - 4.5
 Class Be | BeOS | 4.X | general purpose
@@ -2027,6 +2348,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+# IPC@CHIP (SC12) -@CHIP-RTOS version SC12 V1.10 Beta Test version MEDIUMBuild: Nov 26 2003
+Fingerprint IPC@CHIP CHIP-RTOS version SC12
+Class Beck-IPC | embedded || specialized
+TSeq(Class=TD%gcd=<C354%SI=<28%IPID=I%TS=1000HZ)
+T1(DF=N%W=209D%ACK=S++%Flags=AS%Ops=MENWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Belkin DSL/Cable Router running firmware v1.03.08
 Fingerprint Belkin DSL/Cable Router
 Class Belkin | embedded || broadband router
@@ -2040,6 +2374,8 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Plan9 x86 (2004.11.06)
+# Plan 9 4th edition on x86
 Fingerprint Bell Labs Plan9 Fourth Edition
 Class Bell Labs | Plan9 || general purpose
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
@@ -2050,7 +2386,7 @@ T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E|F%UCK=E|F%ULEN=134%DAT=E)
 
 Fingerprint Bell Labs Plan9 Fourth Edition (x86)
 Class Bell Labs | Plan9 || general purpose
@@ -2127,7 +2463,9 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint BinTec BingoDSL Router Firmware version 7.1 Rev.1 Patch 11
+# BINTEC-X4000 version V.7.1 Rev. 4 (Patch 3) IPSec
+# BinTec BingoDSL Router Firmware version 7.1 Rev.1 Patch 11
+Fingerprint BinTec BingoDSL/X4000 Router Firmware V. 7.1
 Class BinTec | embedded || broadband router
 TSeq(Class=RI%gcd=<8%SI=<240E&>1A%IPID=I%TS=U)
 T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=M)
@@ -2137,7 +2475,20 @@ T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-PU(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=F%UCK=E%ULEN=134%DAT=E)
+
+# VPN Access 25 version V.7.1 Rev. 12
+Fingerprint VPN Access 25 version V. 7.1
+Class BinTec | embedded || broadband router
+TSeq(Class=TD%gcd=<6%SI=<1E%TS=U)
+T1(DF=N%W=4000%ACK=O|S++%Flags=A|AS%Ops=|M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
 # XS SW Release 4.9.1 ISDN access router
 # BinTec BIANCA XM OS version 4.93
@@ -2192,6 +2543,17 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+Fingerprint BlueCoat SG4
+Class Blue Coat | SGOS || web proxy
+T1(DF=N%W=0|FFFF%ACK=S++%Flags=AR|AS%Ops=|MENWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Borderware 5.0 Firewall
 Class Borderware | embedded || firewall
 TSeq(Class=TR|RI%gcd=<204%SI=<14)
@@ -2265,6 +2627,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Brother Laser Printer HL 1230
+Fingerprint Brother HL-1230 Printer
+Class Brother | embedded || printer
+TSeq(Class=TD%gcd=<DC004%SI=<14%IPID=I%TS=U)
+T1(DF=N%W=B68%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=B68%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Brother HL-2070N Printer Firmware Ver.1.03 (04.11.18)
+Fingerprint Brother HL-2070N Printer
+Class Brother | embedded || printer
+TSeq(Class=RI%gcd=<6%SI=<1C67888&>48B5D%IPID=I%TS=U)
+T1(DF=N%W=111C%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=111C%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 Fingerprint BSDI BSD/OS 2.0 - 2.1
 Class BSDI | BSD/OS | 2.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=>FFF)
@@ -2472,6 +2860,44 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
 T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# Canon imageRunner iR2270 printer
+Fingerprint Canon iR2270 printer
+Class Canon | embedded || printer
+TSeq(Class=RI%gcd=<6%SI=<977D4&>5EC%IPID=I%TS=2HZ)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=4000%ACK=O%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
+# Canon Image Runner C3200
+Fingerprint Canon iR C3200 printer
+Class Canon | embedded || printer
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Canon inkjet printer iP4000R with wireless interface
+Fingerprint Canon Pixmar IP4000R printer
+Class Canon | embedded || printer
+TSeq(Class=TD%gcd=<20004%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2000%ACK=S++|O%Flags=AS|A%Ops=M|)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Canon iR6000 printer
 Class Canon | embedded || printer
 TSeq(Class=64K%IPID=I%TS=U)
@@ -2556,6 +2982,19 @@ T6(Resp=N)
 T7(Resp=N)
 PU(Resp=N)
 
+# Netopia Cayman 3341-ENT firmware v8.3.1r0
+Fingerprint Netopia Cayman 3341-ENT ADSL Router
+Class Netopia | embedded || broadband router
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint Netopia Cayman 3346 DSL router
 Class Cayman | embedded || broadband router
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
@@ -2759,6 +3198,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Application and Content Networking System Software Release 5.3.1 (build b5 Mar 17 2005)
+Fingerprint Cisco Content Engine ACNSS V5.2.1 or V5.3.1
+Class Cisco | Content Networking System || web proxy
+TSeq(Class=RI%gcd=<6%SI=<1A91BDA&>44018%IPID=Z%TS=U)
+T1(DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Cisco Accesspoint 1200
 Class Cisco | embedded || bridge
 TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
@@ -2871,7 +3323,8 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
 # Cisco VPN 3005 running 4.1.2   
 # Cisco VPN Series 3000 Concentrator running OS version 4.1.2
-Fingerprint Cisco 3000-series VPN concentrator (OS ver 4.1.2)
+# Cisco VPN Concentrator running IOS 4.1.7
+Fingerprint Cisco 3000 Series VPN concentrator (OS ver 4.1.x)
 Class Cisco | embedded || encryption accelerator
 TSeq(Class=RI%gcd=<6%SI=<306F34E&>29F4D%IPID=I%TS=2HZ)
 T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -2938,6 +3391,30 @@ T6(DF=N%W=400|800|C00|1000%ACK=O%Flags=AR%Ops=)
 T7(DF=N%W=400|800|C00|1000%ACK=O%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint Cisco CSS 11501 Content Services Switch
+Class Cisco | embedded || load balancer
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=1000%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T6(DF=N%W=C00|800%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
+Fingerprint Cisco CSS 11501 Content Services Switch
+Class Cisco | embedded || load balancer
+TSeq(Class=RI%gcd=<6%SI=<159FA&>235%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=1000|800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|C00|800%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint Cisco X.25/TCP/LAT Protocol Translator ver 8.2(4)
 Class Cisco | embedded || router
 T1(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
@@ -3112,6 +3589,20 @@ T6(DF=N%W=578%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=578%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco IP Phone - Model NumberCP-7940G
+# Cisco IP Phone 7940 Series CP-7940G
+Fingerprint Cisco IP Phone 7940
+Class Cisco | embedded || VoIP phone
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=578%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=578%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=578%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=578%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=578%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=578%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Cisco IP Phone 7960
 Class Cisco | embedded || VoIP phone
 TSeq(Class=TD%gcd=<2A004%SI=<1E%IPID=I%TS=U)
@@ -3124,14 +3615,31 @@ T6(DF=N%W=578%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=578%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco IP Phone CP-7970G
+# Cisco IP Phone 7970G running firmware 6.0.3sr1
+Fingerprint Cisco IP Phone 7970G
+Class Cisco | embedded || VoIP phone
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=2000%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=2000%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=2000%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=2000%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Cisco ATA 186 (analog telephone adaptor (VoIP)) firmware Rev. B0
+# Cisco (Komodo) ATA-186 Version: v2.16 ata18x (Build 030401a)
 # Cisco ATA 186 or 7905 VoIP Phone
 # Cisco IP Phone 7905 Software Version 1.02.00
 # Cisco IP Phone 7912 - Software Version 1.02.02(031217B) - Product ID CP-7912G
 # Cisco VoIP Phone (commonly used by Vonage)
-Fingerprint Cisco VoIP Phone
+# Cisco CP-7912G IP Phone
+Fingerprint Cisco VoIP Phone 7905/7912 or ATA 186 Analog Telephone Adapter
 Class Cisco | embedded || VoIP phone
-TSeq(Class=TD%gcd=<F004%SI=<1E%IPID=I%TS=U)
+Class Cisco | embedded || VoIP adapter
+TSeq(Class=TD%gcd=<28004%SI=<1E%IPID=I%TS=U)
 T1(DF=N%W=578|3E80%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T3(Resp=Y%DF=N%W=578|3E80%ACK=S++%Flags=AS%Ops=M)
@@ -3306,6 +3814,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco 2611 router running IOS 12.0(7)T
+Fingerprint Cisco 2611 router running IOS 12.0(7)T
+Class Cisco | IOS | 12.X | router
+TSeq(Class=RI%gcd=<6%SI=<C8546&>49%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=C00|1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
+# IOS (tm) C800 Software (C800-Y6-MW), Version 12.0(7)T,  RELEASE SOFTWARE (fc2)
+Fingerprint Cisco 800 Series Broadband Routers running IOS 12.0(7)T
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TD|RI%gcd=<8%SI=<1399EE&>3219%IPID=Z%TS=U)
+T1(DF=Y%W=1020%ACK=S++%Flags=AS%Ops=MM)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=1020%ACK=S++%Flags=AS%Ops=MM)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint Cisco 827 ADSL router running IOS 112.2(11)
 Class Cisco | IOS | 12.X | broadband router
 TSeq(Class=RI%gcd=<6%SI=<1B1F2&>24E%IPID=Z%TS=U)
@@ -3354,6 +3888,44 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco 1721 Router running IOS 12.3(10)
+Fingerprint Cisco 1721 router running IOS 12.3(10)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=O|S++%Flags=A|AS%Ops=|ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
+Fingerprint Cisco Router C2600 running IOS 12.2(2)T
+Class Cisco | embedded || router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=400|C00|800%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|800|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400|800|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# CISCO 2610 router running IOS 12.2(21a)
+Fingerprint CISCO 2610 router running IOS 12.2(21a)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|400|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # Cisco 2611 router running IOS 12.2(7a)
 Fingerprint Cisco 2611 router running IOS 12.2(7a)
 Class Cisco | IOS | 12.X | router
@@ -3367,6 +3939,20 @@ T6(DF=N%W=C00%ACK=S++%Flags=AR%Ops=)
 T7(DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# IOS (tm) 1600 Software (C1600-K8OSY-M), Version 12.2(15)T9
+# Cisco 2620 Router /w IOS 12.2(15)T14
+Fingerprint Cisco 2620 router running IOS 12.2(15)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=RI%gcd=<6%SI=<1938568&>4088D%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Cisco 2620 running IOS 12.2(19a)
 Class Cisco | IOS | 12.X | router
 TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
@@ -3391,6 +3977,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# router Cisco 3640, IOS 12.2(23a)
+Fingerprint router Cisco 3640 running IOS 12.2(23a)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# cisco 3725 IOS (tm) 3700 Software (C3725-IS-M), Version 12.3(6c), RELEASE SOFTWARE (fc1)
+Fingerprint Cisco 3725 router running IOS 12.3(6c)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=109%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Cisco 4000 series, IOS 4500 Software (C4500-P-m), Version 12.0(10.3)S
 Fingerprint Cisco 4000 Series running IOS 12.0(10.3)
 Class Cisco | IOS | 12.X | router
@@ -3442,7 +4054,7 @@ T7(DF=N%W=400|1000|C00%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Cisco 7206 router running IOS Version 12.2(13)T8
-Fingerprint Cisco 7206 router running IOS Version 12.2(13)T8
+Fingerprint Cisco 7206 router running IOS 12.2(13)T8
 Class Cisco | IOS | 12.X | router
 TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
 T1(DF=N%W=109%ACK=S++%Flags=AS%Ops=ME)
@@ -3454,8 +4066,35 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco 2620 router running IK903S3-M ios ver 12.3(5)
+Fingerprint Cisco 2620 router running IOS 12.3(5)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=20%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Cisco 837 Router IOS version 12.3T(8)
+Fingerprint Cisco 837 router running IOS 12.3(8)T
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|400|800%ACK=S++%Flags=AR%Ops=)
+T7(DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Cisco 837 router running IOS 12.3(11)T
-Fingerprint Cisco 837 router running IOS 12.3(11)T
+# Cisco 2811 router running IOS 12.3(8r)T7
+Fingerprint Cisco 837 router running IOS 12.3(11)T or Cisco 2811 router running IOS 12.3(8r)T7
 Class Cisco | IOS | 12.X | router
 TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
 T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
@@ -3467,7 +4106,7 @@ T6(DF=N%W=0%ACK=O%Flags=R|BR%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint Cisco IOS 12.0(21) (On a 2514 router)
+Fingerprint Cisco 2514 router running IOS 12.0(21)
 Class Cisco | IOS | 12.X | router
 TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
 T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
@@ -3505,6 +4144,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco 3660, IOS 12.0(6r)T
+Fingerprint Cisco 3660 running IOS 12.0(6r)T
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=MEM)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Cisco 1700 running IOS 12.0(7)T
 Fingerprint Cisco IOS 12.0(7)T (on a 1700 router)
 Class Cisco | IOS | 12.X | router
@@ -3600,6 +4252,7 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Cisco 2620, IOS 12.2(6r)
 # Found on Cisco 1720/1750/2611/3640/AS5300 routers
 Fingerprint Cisco router running IOS 12.1.5-12.2.13a
 Class Cisco | IOS | 12.X | router
@@ -3611,7 +4264,33 @@ T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=20|C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Cisco AS5350, IOS 12.2(2)XB6
+Fingerprint Cisco AS5350 running IOS 12.2(2)XB6
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=1020%ACK=S++%Flags=AS%Ops=MEML|MEMWL)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=1020%ACK=S++%Flags=AS%Ops=MML|MMWL)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
+# CIsco 2600 router running IOS 12.2(3)
+Fingerprint CIsco 2600 router running IOS 12.2(3)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TD|RI%gcd=<8%SI=<F302&>249%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Cisco 2621 running IOS 12.2.8T
 # Cisco SOHO 77 running IOS 12.2(8)T
@@ -3627,13 +4306,29 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Cisco 3745 Router running IOS version 12.2(15)T13
+Fingerprint Cisco 3745 Router running IOS 12.2(15)T13
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=Y%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
 # Cisco Router (1760) - IOS (tm) C1700 Software, Version 12.3(6)
 # IOS (tm) 3700 Software (C3745-IS-M), Version 12.3(6), RELEASE SOFTWARE (fc3) 
-#  Cisco 837 router running IOS 12.3.8T3
+# Cisco 837 router running IOS 12.3.8T3
 # CISCO C827 (MPC855T) processor (revision 0x501) with 23552K/1024K bytes of memory.
 # Cisco 2611XM router running IOS 12.3(10)
+# Cisco 2921XM router running IOS 12.3(6a)
+# Cisco 7206VXR running IOS 12.3(6b)
 # Cisco 831 running IOS Version 12.3(8)T3
-Fingerprint Cisco router running IOS 12.3(6) - 12.3(10)
+# Cisco 3825 Router, IOS 12.3(11)T3 (C3825-ADVSECURITYK9-M, Version 12.3(11)T3, RELEASE SOFTWARE+(fc4))
+Fingerprint Cisco router running IOS 12.3(6) - 12.3(11)
 Class Cisco | IOS | 12.X | router
 TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
 T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
@@ -3645,6 +4340,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0|C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco IOS Software, C1700 Software (C1700-ADVSECURITYK9-M), Version 12.3(11)T3, RELEASE SOFTWARE (fc4)
+Fingerprint Cisco router running IOS 12.3(11)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR|BAR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # IOS (tm) SOHO91 Software (SOHO91-K9OY6-M), Version 12.3(2)XC, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) (Cisco SOHO 91 Secure router)
 Fingerprint Cisco SOHO 91 secure router running IOS 12.3
 Class Cisco | IOS | 12.X | router
@@ -3658,6 +4366,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Cisco catalyst 2924 running IOS 12.0(5)WC5
+Class Cisco | IOS | 12.X | switch
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=400|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
 # Cisco Lightstream 1010 ATM Switch running IOS (tm) LS1010 WA4-5 Software (LS1010-WP-M), Version 12.1(23)E, RELEASE SOFTWARE (fc2)
 # Cisco 6500 switch running IOS 12.1(23)E
 Fingerprint Cisco switch running IOS 12.1(23)E
@@ -3672,6 +4392,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco 7200 running IOS 12.4(1a)
+Fingerprint Cisco 7200 router running IOS 12.4(1a)
+Class Cisco | IOS | 12.X | router
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=B8%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Cisco Catalyst 2924XL-EN running IOS 12.0(5)WC8
 Fingerprint Cisco Catalyst 2924XL switch running IOS 12.0(5)
 Class Cisco | IOS | 12.X | switch
@@ -3709,6 +4442,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Cisco Catalyst 2950 switch,  IOS 12.1(9)EA1
+Fingerprint Cisco Catalyst 2950 switch running IOS 12.1(9)EA1 or IOS 12.1(22)EA2
+Class Cisco | IOS | 12.X | switch
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=Y|N%W=1020%ACK=S++%Flags=AS%Ops=MEM)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y|N%W=1020%ACK=S++%Flags=AS%Ops=MM)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Cisco 6509 Cisco Internetwork Operating System Software IOS Version 12.1(23)E
+Fingerprint Cisco Catalyst 6509 switch running IOS Version 12.1(23)E
+Class Cisco | embedded || switch
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=N%W=1020%ACK=S++%Flags=AS%Ops=MEL|MENN)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=MNW|MW|ML)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint Cisco 1200 access point (WAP) running IOS 12.2(8)
 Class Cisco | IOS | 12.X | WAP
 TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
@@ -3806,6 +4565,18 @@ T6(Resp=Y%DF=N%W=800%ACK=S%Flags=AR%Ops=WNMETL)
 T7(Resp=Y%DF=N%W=800%ACK=S%Flags=UPRF%Ops=WNMETL)
 PU(Resp=N)
 
+Fingerprint Cisco Pix Firewall running PIX 4.1.6
+Class Cisco | PIX | 4.X | firewall
+TSeq(Class=C%Val=71F60191%IPID=BI%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=C00|1000%ACK=S%Flags=R%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=800|1000%ACK=S%Flags=RS%Ops=WNMETL)
+T6(DF=N%W=C00|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=C00|400%ACK=S%Flags=UPRF%Ops=WNMETL)
+PU(Resp=N)
+
 Fingerprint Cisco PIX v4.2 Firewall
 Class Cisco | PIX | 4.X | firewall
 TSeq(Class=RI%gcd=<8%SI=<1E1D60&>4D03)
@@ -3951,7 +4722,7 @@ PU(Resp=N)
 # Brocade Fibre Switch, Firmware 2.6.0
 # Cisco Aironet 340 WAP running v 12.03T of the firmware (and VxWorks OS)
 Fingerprint Cisco Aironet WAP, Brocade Fibre Switch, or Sun Remote System Console
-Class Cisco | VxWorks || WAP
+Class Cisco | vxworks || WAP
 Class Brocade | embedded || switch
 Class Sun | embedded || remote management
 TSeq(Class=64K%IPID=I%TS=U)
@@ -3964,6 +4735,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# Clipcomm CP-100 v1.1.39 (040820)
+Fingerprint Clipcomm CP-100 VoIP phone
+Class Clipcomm | embedded || VoIP phone
+TSeq(Class=TD%gcd=<9B4%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=111C%ACK=S++%Flags=AS%Ops=MNNM)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=111C%ACK=S++%Flags=AS%Ops=MNNM)
+T4(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Cnet CNIG904B Internet Broadband Gateway firmware version 1.11
 Class Cnet | embedded || broadband router
 TSeq(Class=TD%gcd=<F4%SI=<1D6%IPID=Z%TS=U)
@@ -4190,6 +4974,19 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Compaq Tru64 UNIX V5.1B (Rev. 2650)
+Fingerprint Compaq Tru64 UNIX V5.1B
+Class Compaq | Tru64 UNIX | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RPI%TS=U)
+T1(DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint OSF1 5.0 Rev. 910 (AKA Compaq/DIGITAL Tru64 UNIX)
 Class Compaq | Tru64 UNIX | 5.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<E88&>11)
@@ -4303,9 +5100,24 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
+# Sphairon Turbolink ADSL Modem/Router (AR800C2-B01B) with Conexant-Hasbani CX82xxx_4.1.0.9 firmware running on VxWorks 5.4.2 OS
+Fingerprint Sphairon Turbolink ADSL Modem/Router (AR800C2-B01B)
+Class Conexant | embedded || broadband router
+TSeq(Class=64K%IPID=I%TS=2HZ)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=NNT)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 # Contiki 1.2-devel0 on Ethernut (Atmel AVR ATmega128 with RTL8019as Ethernet chip)
-Fingerprint Contiki 1.2-devel0 embedded OS on Ethernut card
+# uIP 0.9 running on a Atmel ATmega16 using a Packet Whacker for ethernet connectivity
+Fingerprint Contiki 1.2-devel0 embedded OS on Ethernut card or uIP 0.9 TCP/IP stack
 Class Contiki | Contiki || specialized
+Class uIP | uIP || specialized
 T1(DF=N%W=8000%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
 T3(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
@@ -4583,6 +5395,20 @@ T6(DF=N%W=C00%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=C00%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# D-Link DI-604 Ethernet Broadband Router with firmware V3.01
+# D-link 4 port Ethernet Broadband Router DI-604 H/W Ver.:D1 F/W Ver.:3.01
+Fingerprint D-Link DI-604 Ethernet Broadband Router
+Class D-Link | embedded || broadband router
+TSeq(Class=TD%gcd=<68%SI=<1E%IPID=BI%TS=U)
+T1(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint D-Link DI-701, Version 2.22
 Class D-Link | embedded || broadband router
 TSeq(Class=RI%gcd=<6%SI=<12E1C&>2F1)
@@ -4621,9 +5447,36 @@ T6(DF=N%W=0%ACK=O%Flags=AR%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# D-Link Systems DI-713P Wireless Gateway with firmware 2.60 build 6a
+Fingerprint D-Link Systems DI-713P Wireless Gateway
+Class D-Link | embedded || broadband router
+TSeq(Class=RI%gcd=<CC%SI=<9EC&>2%IPID=BI%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AR%Ops=)
+T2(Resp=Y%DF=N%W=400|1000|C00%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=400|1000%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=400|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|400|1000%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=400|C00|800%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# D-Link DI-714P+, Firmware V1.33
+# D-Link 4-port Broadband VPN Router DI-804HV
+Fingerprint D-Link VPN Router DI-714P+/DI-804HV
+Class D-Link | embedded || broadband router
+TSeq(Class=TD%gcd=<3EC%SI=<6E%IPID=I%TS=U)
+T1(DF=N%W=16D0%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # D-Link DI-804HV 4-Port Broadband VPN Router
 # US-Robotics Wireless Router : Revision Number : Model#8022, Version V4.2, CheckSum# B719
-Fingerprint D-Link DI-804HV VPN Router or US-Robotics 8022 WAP
+Fingerprint D-Link DI-804HV VPN Router or US-Robotics 8022 WAP or DI-714P+ Wireless router
 Class D-Link | embedded || broadband router
 Class US Robotics | embedded || WAP
 TSeq(Class=TD%gcd=<3EC%SI=<1E%IPID=I%TS=U)
@@ -4636,6 +5489,19 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# D-Link DI-704P Cable/DSL Residential Gateway firmware version 2.57 build 3
+Fingerprint D-Link DI-704P Cable/DSL Residential Gateway
+Class D-Link | embedded || broadband router
+TSeq(Class=RI%gcd=<68%SI=<1338&>13%IPID=I%TS=U)
+T1(DF=N%W=1000|800|C00%ACK=S++%Flags=AR%Ops=)
+T2(Resp=Y%DF=N%W=800|1000%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=400|800%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=800|1000|400%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=1000|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=400|C00%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # D-Link DSL-300G+ version 7.1.0.30 AnnexA  (Oct 18 2002) R2.05.b4t9uk
 Fingerprint D-Link DSL-300G+ DSL modem
 Class D-Link | embedded || broadband router
@@ -5176,6 +6042,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint DEC OpenVMS 7.1 ALPHA
+Class DEC | OpenVMS | 7.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<8A840&>1009%IPID=I%TS=U)
+T1(DF=N%W=7E4A%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=7E4A%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=7E00%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint DEC OpenVMS 7.1 using Process Software's TCPWare 5.3 TCP/IP package
 Class DEC | OpenVMS | 7.X | general purpose
 TSeq(Class=RI|TD%gcd=<6%SI=<BBBB)
@@ -5188,6 +6066,19 @@ T6(DF=N%W=6000%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=6000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Digital OpenVMS Alpha 7.2
+Fingerprint Digital OpenVMS 7.2 Alpha
+Class DEC | OpenVMS | 7.X | general purpose
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=C6C%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=C6C%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=BB8%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 # DIGITAL TCP/IP Services for OpenVMS Alpha Version V5.0A - ECO 1 on a AlphaServer DS20 500 MHz running OpenVMS V7.2-1
 Fingerprint DEC OpenVMS 7.2
 Class DEC | OpenVMS | 7.X | general purpose
@@ -5213,6 +6104,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint DEC OpenVMS Alpha 7.2-3
+Class DEC | OpenVMS | 7.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=C6C%ACK=S++|O%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=C6C%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # The OS was running on a GS1280 Alpha server
 Fingerprint DEC OpenVMS 7.3
 Class DEC | OpenVMS | 7.X | general purpose
@@ -5480,7 +6383,37 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N|Y%TOS=A0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
-Fingerprint Dell  Tape Library MSL6030
+# dell 5100 printer
+# Dell 3100cn printer, OEM of Xerox DocuPrint C525A
+Fingerprint Dell 3100cn/5100cn printer
+Class Dell | embedded || printer
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=3000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=3000%ACK=S++|O%Flags=AR|A%Ops=)
+T4(DF=N%W=3000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=4E4%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
+
+# Dell Remote Access Card III/XT
+# Dell Remote Access Card 4/I (DRAC4)
+# Drac III/XT Administation Card for Dell PowerEdge
+# Dell Remote Access Controller 4/I (DRAC 4/I) Version 1.20 (Build 03.15)
+Fingerprint Dell Remote Access Controller III/XT or 4/I
+Class Dell | embedded || remote management
+TSeq(Class=TR%gcd=<6%IPID=RPI|RD%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
+
+Fingerprint Dell Tape Library MSL6030
 Class Dell | embedded || storage-misc
 TSeq(Class=TD%gcd=<2004%SI=<1D6%IPID=I%TS=1000HZ)
 T1(DF=N%W=16D0%ACK=S++%Flags=AS%Ops=MTNN)
@@ -5517,8 +6450,10 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# Dell PowerConnect 3324 Switch
+# Dell PowerConnect 3348 Switch, Software Version 1.2.0.6 Boot Version 1.0.0.13
 # Dell 3324 PowerConnect Switch with firmware version 1.1.0.42
-Fingerprint Dell 3324 PowerConnect Switch
+Fingerprint Dell PowerConnect Switch 3324 or 3348
 Class Dell | embedded || switch
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
 T1(DF=N%W=200|800%ACK=S++%Flags=AS%Ops=)
@@ -5530,6 +6465,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Dell PowerConnect 5324 24 Port Gigabit Switch
+Fingerprint Dell PowerConnect Switch 5324
+Class Dell | embedded || switch
+TSeq(Class=TD%gcd=<2C%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=200%ACK=S++%Flags=AS%Ops=)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=200%ACK=S++%Flags=AS%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Dell PowerConnect Switch running SW V.1.0.0.52
+Fingerprint Dell PowerConnect Switch running SW V.1.0.0.52
+Class Dell | embedded || switch
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=100%ACK=S++%Flags=AS%Ops=)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=100%ACK=S++%Flags=AS%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Digital Link DL2001 CSU/DSU Management Access Processor
 Class Digital Link | embedded || CSUDSU
 TSeq(Class=TD%gcd=<2780%SI=<14)
@@ -5589,7 +6550,6 @@ T6(DF=N%W=0%ACK=O%Flags=AR%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
-# 
 Fingerprint Draytek Vigor 2200e DSL router v2.1a
 Class Draytek | embedded || broadband router
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
@@ -5650,6 +6610,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=O%Flags=R%Ops=)
 PU(Resp=N)
 
+Fingerprint Edimax PS-1001 Print Server model
+Class Edimax | embedded || print server
+TSeq(Class=TD%gcd=<1C004%SI=<244%IPID=I%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=O%Flags=R%Ops=)
+PU(Resp=N)
+
 Fingerprint Efficient Networks/SpeedStream DSL router
 Class Efficient Networks | embedded || broadband router
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
@@ -5687,8 +6659,9 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=O%Flags=R%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
-#  Lancom (Elsa) DSL I-10 Office Firmware 3.2
-Fingerprint ELSA LANCOM DSL I-10 Office router
+# ELSA LANCOM Wireless L-11 3.42.0021 / 24.06.2004
+# Lancom (Elsa) DSL I-10 Office Firmware 3.2
+Fingerprint ELSA LANCOM DSL I-10 Office router or Wireless L-11
 Class Elsa | embedded || broadband router
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
 T1(DF=N%W=578%ACK=S++%Flags=BAS%Ops=)
@@ -5837,6 +6810,19 @@ T6(DF=N%W=200%ACK=S++%Flags=AR%Ops=)
 T7(DF=N%W=200%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Ericsson Congo router running software version 9.9.34
+Fingerprint Ericsson Congo router
+Class Ericsson | embedded || broadband router
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=1000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 Fingerprint Ericsson HM220dp ADSL modem/router
 Class Ericsson | embedded || broadband router
 TSeq(Class=TD%gcd=<50000%SI=<1E%IPID=I%TS=U)
@@ -5911,8 +6897,21 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=38%RIPTL=134%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
+# Extremeware Version 6.2.2 (Build 68) by Release_Master 01/15/03 16:58:48
+Fingerprint Extremeware 6.2.2
+Class Extreme Networks | Extremeware || switch
+TSeq(Class=RI%gcd=<6%SI=<2F062&>36C%IPID=I%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=1000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=Y%TOS=C0%IPLEN=38%RIPTL=134%RID=E|F%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint F5 Labs Big/IP HA TCP/IP Load Balancer (BSDI kernel/x86)
-Class F5 Labs | BSD/OS || load balancer
+Class F5 Labs | BSDI || load balancer
 TSeq(Class=RI%gcd=<8%SI=<75C74&>12C4)
 T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
@@ -6026,6 +7025,45 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# Fore ATM BX200 (S_ForeThought_ATM_8.3.0.N) GA-Update (1.133285)
+Fingerprint Fore ForeThought 8.3.0.N ATM BX200 switch
+Class Fore | embedded || switch
+TSeq(Class=RI%gcd=<3EC%SI=<2F9B8&>5BD%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
+# Fortigate-50A running FortiOS V2.80,build393,050405
+Fingerprint Fortinet firewall Fortigate 50A (FortiOS V2.80)
+Class Fortinet | embedded || firewall
+TSeq(Class=TR%gcd=<6%IPID=RPI%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=O|S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(DF=Y%W=16D0%ACK=O%Flags=AS%Ops=M)
+PU(Resp=N)
+
+# Fortinet Fortigate-60 firewall version 2.80,build430,050609
+Fingerprint Fortinet firewall Fortigate 60 
+Class Fortinet | embedded || firewall
+TSeq(Class=TR%gcd=<6%IPID=RPI%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=O|S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Foundry FastIron Edge Switch (load balancer) 2402
 Class Foundry | embedded || load balancer
 TSeq(Class=RI%gcd=<6%SI=<3E418&>988%IPID=RD%TS=U)
@@ -6199,17 +7237,6 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
-Fingerprint FreeBSD 4.10-STABLE
-Class FreeBSD | FreeBSD | 4.X | general purpose
-T1(DF=Y%W=2000%ACK=S++%Flags=AS%Ops=M)
-T2(Resp=N)
-T3(Resp=N)
-T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
-
 # FreeBSD 4.3-RC
 # FreeBSD 4.2-RELEASE i386
 Fingerprint FreeBSD 4.2 - 4.3-RC (X86)
@@ -6312,6 +7339,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
+# FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE #0 i386
+Fingerprint FreeBSD 4.6
+Class FreeBSD | FreeBSD | 4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=N%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint FreeBSD 4.6
 Class FreeBSD | FreeBSD | 4.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<8AAA2&>96A%IPID=I%TS=U)
@@ -6442,6 +7482,20 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
+# DragonFly 1.1-Stable #0: Sun Nov 14 17:22:45 CET 2004
+# DragonFly 1.1-CURRENT (i386) build on 2004/12/03
+Fingerprint DragonFly 1.1-Stable (FreeBSD-4 fork)
+Class FreeBSD | FreeBSD | 4.x | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=1000HZ)
+T1(DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 # FreeBSD 4.9-PRERELEASE alpha
 # FreeBSD 4.8-RELEASE on DEC Alpha
 # FreeBSD 4.9-STABLE (platform unspecified)
@@ -6494,6 +7548,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
+# FreeBSD 4.9-RELEASE-p1 #0 i386
+Fingerprint FreeBSD 4.9-RELEASE
+Class FreeBSD | FreeBSD | 4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=1000HZ)
+T1(DF=Y%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 # FreeBSD 5.0-RELEASE x86
 # sparc64 running FreeBSD 5.1-RELEASE
 # FreeBSD 4.9-STABLE FreeBSD 4.9-STABLE  i386
@@ -6510,6 +7577,44 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=Y|N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
+Fingerprint FreeBSD 4.9-STABLE
+Class FreeBSD | FreeBSD | 4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RPI%TS=100HZ)
+T1(DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# 4.9-RELEASE FreeBSD 4.9-RELEASE #0
+Fingerprint FreeBSD 4.9-RELEASE
+Class FreeBSD | FreeBSD | 4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=80%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# FreeBSD 4.10-STABLE  i386
+Fingerprint FreeBSD 4.10-STABLE
+Class FreeBSD | FreeBSD | 4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=100HZ)
+T1(DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=30%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 #  FreeBSD 5.0-CURRENT Sun Apr 14 12:41:40 EDT 2002
 Fingerprint FreeBSD 5.0-CURRENT (Apr 2002)
 Class FreeBSD | FreeBSD | 5.X | general purpose
@@ -6585,8 +7690,23 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
-Fingerprint FreeBSD 5.2-CURRENT (Jan 2004) on x86
+Fingerprint FreeBSD 5.2
 Class FreeBSD | FreeBSD | 5.X | general purpose
+T1(DF=Y%W=5B4%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=5B4|84%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# FreeBSD 5.2-CURRENT (Jan 2004) on x86
+# FreeBSD 5.2.1-RELEASE i386
+# FreeBSD 5.3-RELEASE #0
+Fingerprint FreeBSD 5.2 - 5.3
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
 T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
 T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -6598,7 +7718,8 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
 # FreeBSD 5.2-CURRENT (Jun 25, 2004) on x86 running pf as firewall with "scrub in all"
 # FreeBSD 5.3-Beta2 (x86)
-Fingerprint FreeBSD 5.2-CURRENT - 5.3-BETA2 (x86) with pf scrub all
+# FreeBSD 5.3-RELEASE (x86) Generic kernel
+Fingerprint FreeBSD 5.2-CURRENT - 5.3 (x86) with pf scrub all
 Class FreeBSD | FreeBSD | 5.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
 T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -6622,6 +7743,143 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
+# FreeBSD 5.3-STABLE #7 Tue Feb 8 17:55:23 WET 2005 i386
+Fingerprint FreeBSD 5.3-STABLE
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# FreeBSD 5.3-RELEASE i386
+Fingerprint FreeBSD 5.3-RELEASE
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=FFFF%ACK=S++|O%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++|O%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y|N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y|N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# FreeBSD 5.3-STABLE (x86) as of 2004.11.14
+# FreeBSD 5.3-RELEASE
+Fingerprint FreeBSD 5.3
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%TS=1000HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+Fingerprint FreeBSD 5.3-RELEASE
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# FreeBSD 5.3rc3 with pf scrub all
+Fingerprint FreeBSD 5.3
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=1000HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# FreeBSD 5.3-STABLE as of 2004-11-14, pf scrib in all random-id
+Fingerprint FreeBSD 5.3-STABLE
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=1000HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# FreeBSD 5.4-RC2 FreeBSD 5.4-RC2 #2 i386
+# FreeBSD 5.4-STABLE FreeBSD 5.4-STABLE #7 i386
+Fingerprint FreeBSD 5.4
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=1000HZ)
+T1(DF=Y%W=FFFF%ACK=O|S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=O%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# FreeBSD 5.3-RELEASE
+# FreeBSD 5.2-CURRENT i386
+# FreeBSD 5.4-RELEASE #4
+# FreeBSD 5.4-Stable
+# FreeBSD 5.4-STABLE #0
+# BummiOS 5.4-CURRENT i386 (based on FreeBSD 5.4-STABLE)
+Fingerprint FreeBSD 5.2 - 5.4
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=100HZ|U)
+T1(DF=Y%W=FFFF%ACK=S++|O%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# FreeBSD 5.4-RELEASE-p2 i386
+Fingerprint FreeBSD 5.4-RELEASE
+Class FreeBSD | FreeBSD | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%TS=100HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=80%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# FreeBSD 6.0-CURRENT #1 i386
+# FreeBSD 5.2.1-RELEASE
+Fingerprint FreeBSD 5.2.1-RELEASE or 6.0-CURRENT
+Class FreeBSD | FreeBSD | 6.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint FreeSCO 0.27 (Linux 2.0.38)
 Class FreeSCO | Linux | 2.0.X | router
 TSeq(Class=RI%gcd=<6%SI=<1F22A6E&>4E0A2%IPID=Z%TS=100HZ)
@@ -6756,6 +8014,46 @@ T6(DF=Y%W=C00|400%ACK=S++%Flags=AR%Ops=)
 T7(DF=Y%W=400%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# GrandStream 486 Voice over IP adapter
+Fingerprint GrandStream 486 VoIP adapter
+Class GrandStream | embedded || VoIP adapter
+TSeq(Class=C%Val=3883537A%IPID=I%TS=U)
+T1(DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=Y%W=C00|1000%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=800|C00%ACK=S++%Flags=AR%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# GrandStream BudgeTone-100 VoIP phone
+# GrandStream BudgeTone-100 1.0.5.16
+Fingerprint GrandStream VoIP Phone (BudgeTone-100)
+Class GrandStream | embedded || VoIP phone
+TSeq(Class=C%Val=4D86DFEA|F66461C1%IPID=I%TS=U)
+T1(DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=Y%W=1000|400%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=800|1000%ACK=S++%Flags=AR%Ops=)
+T5(DF=Y%W=400|800|1000%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=800|C00|1000%ACK=S++%Flags=AR%Ops=)
+T7(DF=Y%W=400|C00|1000%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Grandstream Budge Tone 101 VoIP phone, firmware 1.0.5.16
+Fingerprint Grandstream VoIP Phone (BudgeTone-101)
+Class GrandStream | embedded || VoIP phone
+TSeq(Class=C%Val=4F4264AA%IPID=I%TS=U)
+T1(DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=Y%W=400|800%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=800|C00%ACK=S++%Flags=AR%Ops=)
+T5(DF=Y%W=1000|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=400|C00%ACK=S++%Flags=AR%Ops=)
+T7(DF=Y%W=C00|400|1000%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Grandstream IP Phone
 Class GrandStream | embedded || VoIP phone
 TSeq(Class=C%IPID=I%TS=U)
@@ -6768,7 +8066,19 @@ T6(DF=Y%W=C00|1000|800%ACK=S++%Flags=AR%Ops=)
 T7(DF=Y%W=C00%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint GrandStream IP Phone (BudgeTone-100)
+Fingerprint Grandstream BT-100 IP Phone
+Class GrandStream | embedded || VoIP phone
+TSeq(Class=C%Val=FBD5528A%IPID=I%TS=U)
+T1(DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=Y%W=400|1000|800%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=400|1000|800%ACK=S++%Flags=AR%Ops=)
+T5(DF=Y%W=C00|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=400%ACK=S++%Flags=AR%Ops=)
+T7(DF=Y%W=1000|400|C00%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+Fingerprint GrandStream BT-100 IP Phone
 Class GrandStream | embedded || VoIP phone
 T1(DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=Y%DF=Y%W=400|800%ACK=S++%Flags=AR%Ops=)
@@ -6779,7 +8089,7 @@ T6(DF=Y%W=C00|1000%ACK=S++%Flags=AR%Ops=)
 T7(DF=Y%W=800|C00|400%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
-Fingerprint Grandstream.com BudgeTone 101 IP Phone
+Fingerprint Grandstream BudgeTone 101 IP Phone
 Class GrandStream | embedded || VoIP phone
 TSeq(Class=C%IPID=I%TS=U)
 T1(Resp=N)
@@ -6791,6 +8101,32 @@ T6(DF=Y%W=1000%ACK=S++%Flags=AR%Ops=)
 T7(DF=Y%W=C00|800|1000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Grandstream BudgeTone101 VOIP phone, firmware 1.0.4.50
+Fingerprint Grandstream BT-101 IP phone
+Class GrandStream | embedded || VoIP phone
+TSeq(Class=C%Val=75DFD55D%IPID=I%TS=U)
+T1(Resp=N)
+T2(Resp=Y%DF=Y%W=400|C00%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=C00|400|1000%ACK=S++%Flags=AR%Ops=)
+T5(DF=Y%W=C00|800|400%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=1000|C00|800%ACK=S++%Flags=AR%Ops=)
+T7(DF=Y%W=800|400|C00%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# GrandStream BT-101 with firmware 1.0.5.22
+Fingerprint GrandStream BT-101 IP phone
+Class GrandStream | embedded || VoIP phone
+TSeq(Class=C%Val=5CE04AC5%IPID=I%TS=U)
+T1(DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=Y%W=C00|800%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=109%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=1000|800|400%ACK=S++%Flags=AR%Ops=)
+T5(DF=Y%W=800|C00%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=800|400%ACK=S++%Flags=AR%Ops=)
+T7(DF=Y%W=800|400%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint PalmOS 5.2.1 on Handspring Treo
 Class Handspring | PalmOS | 5.X | PDA
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
@@ -6860,6 +8196,21 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# HP J4899A ProCurve Switch 2650, H.08.53, ROM H.08.02 - 24 port HP Switch with 2 Uplinks
+# HP ProCurve Switch 2626 - Firmware revision  : H.08.67
+# HP Procurve Switch 5304XL - Image stamp: /sw/code/build/alpmo(dex_v09_2)
+Fingerprint HP Procurve Switch 2600 series or 5304XL
+Class HP | embedded || load balancer
+TSeq(Class=64K%IPID=I%TS=2HZ)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint HP Procurve Routing Switch 9304M
 Class HP | embedded || load balancer
 TSeq(Class=C)
@@ -6885,12 +8236,15 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
-Fingerprint HP Deskjet 6127 printer
+# HP Buisiness InkJet 1200 internal print server
+# HP Deskjet 6127, firmware FD4R019A
+Fingerprint HP Deskjet 6127 printer or InkJet 1200 printer server
 Class HP | embedded || printer
+Class HP | embedded || printer server
 TSeq(Class=TD%gcd=<3D094%SI=<14%IPID=I%TS=1000HZ)
-T1(DF=N%W=8E5%ACK=S++%Flags=AS%Ops=MENWNNT)
+T1(DF=Y|N%W=8E5%ACK=S++%Flags=AS%Ops=MENWNNT)
 T2(Resp=N)
-T3(Resp=Y%DF=N%W=8E5%ACK=S++%Flags=AS%Ops=MENWNNT)
+T3(Resp=Y%DF=Y|N%W=8E5%ACK=S++%Flags=AS%Ops=MENWNNT)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -6899,6 +8253,7 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # HP JetDirect Card (J4169A) in an HP LaserJet 8150/8550
 # HP LaserJet 2200 with JetDirect (J6057A)
+# HP wireless JetDirect EIO card - 680n
 Fingerprint HP JetDirect Card in a LaserJet printer
 Class HP | embedded || printer
 TSeq(Class=64K%IPID=I%TS=U)
@@ -6909,7 +8264,7 @@ T4(DF=N%W=5B4%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N|Y%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+PU(DF=N|Y%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0|F%UCK=0%ULEN=134%DAT=E)
 
 Fingerprint HP LaserJet 4000N Printer
 Class HP | embedded || printer
@@ -6948,9 +8303,11 @@ T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
 
 # 2100 Series, 4000 TN, 4000 PS, 8000 DN
+# Hewlett-Packard Digital Sender 9100C (http://h10010.www1.hp.com/wwpc/us/en/sm/WF05a/15179-64175-64404-12126-64404-428008.html)
 Fingerprint HP LaserJet printer/print server
 Class HP | embedded || printer
 Class HP | embedded || print server
+Class HP | embedded || scanner
 TSeq(Class=TD%gcd=<6%SI=<100)
 T1(DF=N%W=16D0%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=N)
@@ -7028,6 +8385,9 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 # JetDirect J6057A, firmware R.24.06, connected to an HP 2200 printer
 # JetDirect 610n (Model J4169A) firmware L.24.06
 # HP Color LaserJet 4600 Model Number: J6057A Firmware Rev: R.25.09
+# HP Laserjet 4200 Network Printer
+# HP JetDirect J6057A, firmware R.24.08 (internal print server in a LaserJet 4050n)
+# HP Color Laserjet 4650 printer
 Fingerprint HP printer w/JetDirect card
 Class HP | embedded || printer
 TSeq(Class=RI%gcd=<6%SI=<AF762&>9E9%IPID=I%TS=2HZ)
@@ -7038,7 +8398,25 @@ T4(DF=N%W=5B4|16D0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N|Y%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+PU(DF=N|Y%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
+# HP Laserjet 4250, HP JetDirect J7949E
+# hp LaserJet 2420
+# hp LaserJet 4250 w/ embedded HP JetDirect J7949E; firmware V.28.43.FF w/ datecode 20040902 08.007.0
+# HP LaserJet 2420dn printer, JetDirect J7949E, firmware V.28.43
+# hp LaserJet 4250 with embedded HP JetDirect J7949E
+# HP LaserJet 2420 printer
+Fingerprint HP LaserJet 2420 or 4250 printer
+Class HP | embedded || printer
+TSeq(Class=64K%IPID=I%TS=2HZ)
+T1(DF=N%W=5B4|16D0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=5B4|16D0%ACK=O%Flags=A%Ops=NNT)
+T4(DF=N%W=5B4|16D0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
 # HP JetDirect J6057A Firmware Version R.22.09 in 4100mpf printer
 Fingerprint HP printer w/JetDirect card
@@ -7077,9 +8455,10 @@ T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
 
 # HP iLO (Integrated Lights Out) Firmware Version 1.20 (12/04/2002)
+# HP Integrated Lights Out (iLO) with firmware 1.41 08/19/2003
 Fingerprint HP Integrated Lights Out remote configuration Board
 Class HP | embedded || remote management
-TSeq(Class=TD%gcd=<A0%SI=<1E%IPID=I%TS=U)
+TSeq(Class=TD%gcd=<194%SI=<1E%IPID=I%TS=U)
 T1(DF=N%W=400|800|C00|1000%ACK=O%Flags=R%Ops=)
 T2(Resp=Y%DF=N%W=400|800|C00|1000%ACK=O%Flags=R%Ops=)
 T3(Resp=Y%DF=N%W=400|800|C00|1000%ACK=O%Flags=R%Ops=)
@@ -7267,6 +8646,18 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint HP-UX 11.11
+Class HP | HP-UX | 11.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MEWNNNT)
+T2(Resp=Y%DF=N%W=400|1000%ACK=S%Flags=R%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=400|C00%ACK=S%Flags=R%Ops=WNMETL)
+T4(DF=N%W=800|1000|C00%ACK=S%Flags=R%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800%ACK=S%Flags=R%Ops=WNMETL)
+T7(DF=N%W=1000|800|C00%ACK=S%Flags=R%Ops=WNMETL)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint HP-UX B.11.00 A 9000/785
 Class HP | HP-UX | 11.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<B108A&>630%IPID=I%TS=100HZ)
@@ -7370,9 +8761,9 @@ PU(Resp=N)
 Fingerprint HP MPE/iX 5.5 on HP 3000
 Class HP | MPE/iX || general purpose
 TSeq(Class=TD%gcd=<6%SI=<1E%TS=U)
-T1(DF=N%W=6000%ACK=S++%Flags=AS%Ops=M)
+T1(DF=N%W=C00|6000%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=N)
-T3(Resp=Y%DF=N%W=6000%ACK=S++%Flags=AS%Ops=M)
+T3(Resp=Y%DF=N%W=C00|6000%ACK=S++%Flags=AS%Ops=M)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
@@ -7391,6 +8782,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N|Y%TOS=0%IPLEN=38%RIPTL=15C%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# HP Entria II with Kernel B.09.11 and Boot Block B.08.02
+Fingerprint HP Entria II X station
+Class HP | embedded || X terminal
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=2017%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2017%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
 #  HPJ2600A Ethernet hub or HP ProCurve Switch 4000M
 # Bay Networks MicroAnnex XL running firmware 10.0B
 Fingerprint VxWorks 5.3.x bases system (usually an Ethernet hub or switch such as HP ProCurve) or Bay Networks MicroAnnex XL terminal server
@@ -7406,6 +8810,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+Fingerprint BBIagent v1.8.1 software router
+Class BBIagent | Linux | 2.4.X | software router
+TSeq(Class=RI%gcd=<6%SI=<18C54&>3B8%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Huawei Quidway R2621 router running VRP 1.5.6(1)
 Class Huawei | VRP || router
 TSeq(Class=TD%gcd=<1E804%SI=<1E%IPID=I%TS=2HZ)
@@ -7715,12 +9131,14 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
 # IBM AIX 5L 5.1
 # IBM AIX 5.1 ML00
-Fingerprint IBM AIX 5.1
+# AIX 5.1.4
+# IBM AIX 5L Version 5.2
+Fingerprint IBM AIX 5.1 - 5.2
 Class IBM | AIX | 5.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
 T1(DF=Y|N%W=402E%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=N)
-T3(Resp=Y%DF=Y|N%W=402E%ACK=S++%Flags=AS%Ops=M)
+T3(DF=Y|N%W=402E%ACK=S++%Flags=AS%Ops=M)
 T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -7765,6 +9183,20 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
+# IBM AIX 5.103 on
+Fingerprint IBM AIX 5.103
+Class IBM | AIX | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=Y%W=FFF7%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFF7%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
+# aix 5.1 Maintenance Level 6
 Fingerprint IBM AIX 5.1 on a p610-6C1
 Class IBM | AIX | 5.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
@@ -7774,7 +9206,7 @@ T3(Resp=Y%DF=N%W=3F40%ACK=S++%Flags=AS%Ops=MNWNNT)
 T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T7(Resp=N)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
 Fingerprint IBM AIX 5.1-5.2
@@ -7789,6 +9221,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N|Y%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
+# IBM AIX 5.2 on pSeries (Power4)
+Fingerprint IBM AIX 5.2
+Class IBM | AIX | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RPI%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
 # IBM AIX 5.2 (Maintenance Level 1) on RS/6000
 Fingerprint IBM AIX 5.2 (on RS/6000)
 Class IBM | AIX | 5.X | general purpose
@@ -7815,6 +9260,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
+# Fingerprint IBM AIX 5L V5.3 5765-G03 (2005/02) on IBM p5 (Power5 processor)
+# Fingerprint IBM AIX 5.3 ML 01 on RS/6000 43P150
+Fingerprint IBM AIX 5.3
+Class IBM | AIX | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=Y%W=402E|FFFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=402E|FFFF%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
+Fingerprint AIX 5.3 ML01
+Class IBM | AIX | 5.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RPI%TS=U)
+T1(DF=Y%W=5B4%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=5B4%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint IBM 8222 hub
 Class IBM | embedded || hub
 TSeq(Class=TD%gcd=<6%SI=<1A4%IPID=I%TS=U)
@@ -7866,6 +9337,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint IBM BladeCenter Remote Management Module
+Class IBM | embedded || remote management
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint IBM Remote Supervisor Adapter II
 Class IBM | embedded || remote management
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
@@ -8234,12 +9717,41 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# IBM OS/400 V5.2
 Fingerprint IBM OS/400 V5R2M0
 Class IBM | OS/400 | V5 | general purpose
 TSeq(Class=RI%gcd=<24%SI=<41D304&>7BC%IPID=I)
-T1(DF=N%W=FB80%ACK=S++%Flags=AS%Ops=MNWNNT)
+T1(DF=Y|N%W=FB80%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=N%W=FB80%ACK=S++%Flags=AS%Ops=MNWNNT)
+T3(Resp=Y%DF=Y|N%W=FB80%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+Fingerprint IBM OS/400 V5R2M0
+Class IBM | OS/400 | V5 | general purpose
+TSeq(Class=RI%gcd=<8%SI=<2871A2&>276C%IPID=I%TS=1000HZ)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# IBM iSeries OS/400 V5R2M0 L000
+# IBM AS/400 - Operating System: OS/400 V5R2M0 (Version 5, Revision 2)
+# IBM OS/400 V5R3M0 on iSeries
+# OS/400 V5R3
+Fingerprint OS/400 V5R2M0 or V5R3 or V5R3M0
+Class IBM | OS/400 | V5 | general purpose
+TSeq(Class=RI%gcd=<14%SI=<2EB440&>EF0%IPID=I%TS=1000HZ)
+T1(DF=Y%W=2000|8000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
 T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
@@ -8270,6 +9782,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
+# Infortrend EonStor A16U-G1410, firmware 3.42D.03
+Fingerprint Infortrend EonStor A16U-G1410
+Class Infortrend | embedded || storage-misc
+TSeq(Class=RI|TD%gcd=<6%SI=<17CA%IPID=RD|RPI%TS=U)
+T1(DF=N%W=5C8%ACK=S++%Flags=AS%Ops=MNNL)
+T2(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=O%Flags=R%Ops=)
+PU(Resp=N)
+
 # innovaphone 200 V4.00 sr4 IP200[02-4283], Bootcode[205], HW[202] 2048/8192
 # innovaphone IP400 V4.00 hotfix IP400[02-4253], Bootcode[315], HW[102] 2048/4096
 Fingerprint innovaphone IP200/IP400 VOIP phone/gateway
@@ -8358,6 +9883,19 @@ T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Fingerprint Intel ER8100ST Express 8100 Router running firmware 3.20n
+Fingerprint Intel ER8100ST Express Router 8100
+Class Intel | embedded || router
+TSeq(Class=TD%gcd=<E4%SI=<14%IPID=I%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Intel Corporation, ER9100 Express Router 9100
 # Fingerprint by Ron van Daal (ronvdaal@syntonic.net)
 Fingerprint Intel ER9100 Express Router 9100
@@ -8432,6 +9970,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Intergraph jetSpeed 520 ADSL Router
+Class Intracom | embedded || broadband router
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=ARF%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=18%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # IPCop 1.20 dedicated firewall Linux distro old Pentium 1 hardware + 3C509B cards http://ipcop.org/
 Fingerprint IPCop 1.20 Linux 2.2.2X-based firewall
 Class IPCop | Linux | 2.2.X | firewall
@@ -8445,6 +9995,41 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+# Linux kernel 2.4.27 (x86) ipcop 1.40
+# Linux ipcop 2.4.27 #1 Thu Sep 30 02:57:11 GMT 2004 i586 AuthenticAMD unknown GNU/Linux
+# IPcop v1.4.2 Linux 2.4.27
+# Linux fw.ioes.org 2.4.27 #1 Wed Sep 29 12:48:42 GMT 2004 i686 GenuineIntel unknown GNU/Linux (IPCOP+1.4)
+# Linux 2.4.27-29 (IPCop 1.4.2)
+# IPCop 1.4.2 (Kernel: 2.4.27) i486
+# Linux 2.4.27 i686 GNU/Linux IPCop 1.4.2 (Green Interface)
+# Linux 2.4.29 #1 i686 GenuineIntel+unknown GNU/Linux / IPCop 1.4.5
+# IPCop Linux  1.4.5  (Linux xxx 2.4.29 #1) Pentuim II
+# IPCOP 1.4.6 based on Debian/Linux 2.4.29
+Fingerprint IPCop 1.4 - 1.4.6 Linux 2.4.2x-based firewall
+Class IPCop | Linux | 2.4.X | firewall
+TSeq(Class=RI%gcd=<6%SI=<24E74F4&>49DD3%IPID=Z%TS=U)
+T1(DF=Y%W=16D0|400C%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# IPRoute V1.18, compiled at 08:26:02 on Jun 23 1998
+Fingerprint IPRoute (DOS based software router)
+Class IPRoute | DOS || software router
+TSeq(Class=TD%gcd=<6%SI=<82%IPID=I%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=E0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # IQinVison IQeye3 Version V2.1/1(030123)
 Fingerprint IQinVison IQeye3 webcam
 Class IQinVision | embedded || webcam
@@ -8545,6 +10130,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Juniper router M10i JUNOS ROUTER 7.2R1.7 #0 i386
+Fingerprint Juniper Networks router M10i running JUNOS 7.2R1.7
+Class Juniper | JUNOS || router
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=400|C00|800%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # KA9Q is a networking OS used mostly by amateur radio operators for radio to
 # internet gateways.
 Fingerprint KA9Q amateur radio OS
@@ -8575,6 +10173,31 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# UTStarcom F1000 wifi voip phone Phone OS: VxWorks (for Hornet VoWifi, ARM946ES (LE) Factory Firmware) version 5.5.1.: Kernel: WIND version 2.6. : Made on Apr  5 2005, 14:49:39.
+Fingerprint UTStarcom F1000 wifi voip phone
+Class UTStarcom | embedded || VoIP phone
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+Fingerprint KIRK Wireless Server 600
+Class KIRK | embedded || VoIP Gateway
+TSeq(Class=TD%gcd=<714%SI=<14%IPID=I%TS=U)
+T1(DF=N%W=2800%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=2800%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Konica-Minolta magicolor2300DL printer controller f/w 02.83S engine f/w 4131.50G1.0900
 Fingerprint Konica-Minolta magicolor2300DL printer controller
 Class Konica | embedded || printer
@@ -8624,6 +10247,26 @@ T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Kyocera FS-9100 DN printer, network firmware IB-21E 1.3.1
+# Kyocera FS-6020 laser printer, system firmware 90.06, engine firmware A005, network firmware IB-21E 1.3.1
+# Kyocera FS-5016N IB-21E Version 1.3.0
+# Kyocera-Mita 2050 printer/copier/scanner
+# Kyocera Printer FS-1900 (network firmware IB-21E 1.3.0)
+# Kyocera IB-21E network module version 1.3.1
+# KYOCERA Printer I/F IB-21E Ver 1.3.0
+# Kyocera-Mita IB-21E
+Fingerprint Kyocera Printer (network module IB-21E 1.3.x)
+Class Kyocera | embedded || printer
+TSeq(Class=TD%gcd=<20006%SI=<14%IPID=I%TS=U)
+T1(DF=N%W=5B4%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=5B4%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=5B4%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=5B4%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Kyocera SB-4e Printer-Interface in an Kyocera FS-800 laser printer
 Fingerprint Kyocera SB-4e printer NIC
 Class Kyocera | embedded || printer
@@ -8676,6 +10319,19 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Lantronix Consoleserver 800 (Technically, it is a Lightwave Consoleserver 800 prior to Lantronix purchase of the company.)
+Fingerprint Lantronix Consoleserver 800
+Class Lantronix | embedded || terminal server
+TSeq(Class=TD%gcd=<6%SI=<14%IPID=I%TS=100HZ)
+T1(DF=N%W=16D0%ACK=S++%Flags=AS%Ops=MTNN)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Lantronix ETS16 terminal server Version V3.4/5(961028)
 Class Lantronix | embedded || terminal server
 TSeq(Class=RI%gcd=<6%SI=<9D1C&>91%IPID=BI%TS=U)
@@ -8824,6 +10480,19 @@ T6(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Lexmark Optra N Laser Printer
+Fingerprint Lexmark Optra N Laser Printer
+Class Lexmark | embedded || printer
+TSeq(Class=TD%gcd=<272A%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=1C%RIPTL=0%RID=0%RIPCK=0%UCK=F%ULEN=134%DAT=E)
+
 # Lexmark Optra T612 (printer) running firmware 3.11.17
 # Lexmark Optra S 2420
 Fingerprint Lexmark Optra printer
@@ -8894,15 +10563,40 @@ PU(DF=Y%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 Fingerprint Lexmark T522/T622 printer
 Class Lexmark | embedded || printer
 TSeq(Class=RI%gcd=<8%SI=<2C2D254&>387BA%IPID=Z%TS=100HZ)
-T1(DF=Y%W=5A8%ACK=S++%Flags=AS%Ops=MNNTNW)
+T1(DF=Y%W=5A8|B50%ACK=S++%Flags=AS%Ops=MNNTNW)
 T2(Resp=N)
-T3(Resp=Y%DF=Y%W=5A8%ACK=S++%Flags=AS%Ops=MNNTNW)
+T3(Resp=Y%DF=Y%W=5A8|B50%ACK=S++%Flags=AS%Ops=MNNTNW)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# LevelOne wireless router WBR-3403TX
+Fingerprint LevelOne WBR-3403TX wireless broadband router
+Class Level One | embedded || broadband router
+TSeq(Class=RI%gcd=<6%SI=<102C870&>295B1%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|C00|1000%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(Resp=N)
+
+Fingerprint Fingerprint LevelOne WBR-3406TX wireless broadband router
+Class Level One | embedded || broadband router
+TSeq(Class=TD%gcd=<68%SI=<1E%IPID=BI%TS=U)
+T1(DF=N%W=1540|1638%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint LG Goldstream LR3001f router, software version 4.0
 Class LG GoldStream | embedded || router
 TSeq(Class=TD%gcd=<8004%SI=<1E%IPID=I%TS=U)
@@ -8992,6 +10686,19 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linksys BEFSR41 Broadband router and 4-port hub
+Fingerprint Linksys BEFSR41 Broadband router
+Class Linksys | embedded || broadband router
+TSeq(Class=RI%gcd=<6%SI=<2FF88AC&>7ACA0%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=C00|400%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|400%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=800|400%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Linksys/Cisco BEFSR41 V3 Etherfast Cable/DSL Router (Firmware 1.04.17)
 Fingerprint Linksys BEFSR41 V3 Etherfast cable/DSL router
 Class Linksys | embedded || broadband router
@@ -9017,6 +10724,31 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux kernel 2.4.20 (mips) on Linksys WRT54G Wireless Broadband Router with firmware Sveasoft +Alchemy-pre7a beta build version v3.37.6.8sv
+Fingerprint Linksys WRT54G Wireless Broadband Router (Linux kernel 2.4.20)
+Class Linksys | embedded || broadband router
+TSeq(Class=RI%gcd=<6%SI=<17B7D1A&>3BAFF%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+Fingerprint Linksys WAG54G Wireless Gateway
+Class Linksys | embedded || broadband router
+TSeq(Class=RI%gcd=<8%SI=<1CE6872&>24FCE%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=400|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|C00|800%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=400|C00%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint Linksys EtherFast print server
 Class Linksys | embedded || print server
 T1(DF=N%W=0|C80%ACK=S++%Flags=AR|APS%Ops=|M)
@@ -9064,9 +10796,15 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Linksys WRK54G Firmware Version: 1.56.01
 # Linksys Wireless-B router/switch/802.11b access point (device model BEFW11S4 V4)
+# Linksys BEFW11S4 firmware 1.50.14
+# Linksys BEFSR41 v2 Firmware Version:  1.46.02, Aug 03 2004
 # Linksys BEFSR81v2 Router with firmware 2.45.10
-Fingerprint Linksys BEFW11S4 or BEFSR81 WAP
+# Linksys EtherFast Cable/DSL Router (Model: BEFSR41 Ver 2)(Updated Firmware ver. 1.46.02, Aug 03+2004)
+# Linksys Wireless-B Broadband Router BEFW11S4 Firmware v.1.50.14
+# Linksys RT31P2  VOIP router (Vonage; firmware version 1.28.00; internal interface)
+Fingerprint Linksys BEFW11S4/BEFSR41/BEFSR81/WRK54G broadband router or RT31P2 VOIP router
 Class Linksys | embedded || WAP
 TSeq(Class=TD%gcd=<FF%SI=<1E%IPID=I%TS=U)
 T1(DF=N%W=16D0%ACK=S++%Flags=AS%Ops=M)
@@ -9078,10 +10816,24 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linksys WAG54G Wireless Broadband Router
+Fingerprint Linksys WAG54G Wireless Broadband Router
+Class Linksys | embedded || broadband router
+TSeq(Class=TD%gcd=<E0%SI=<1E%IPID=Z%TS=U)
+T1(DF=N%W=16D0%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=400%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=800|1000|400%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=C00|400%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=800|400|C00%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|800|1000%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# LinkSys WRT-54G running the SVEASOFT code
 # Linksys BEFW11S4 802.11B WAP
 # Linksys BEFSR41 firmware ver. 1.40.2
-Fingerprint Linksys BEFW11S4 WAP or BEFSR41 router
-Class Linksys | embedded || WAP
+# Linksys Router: BEFW11S4 v2/v3
+Fingerprint Linksys BEFW11S4/WRT-54G wireless broadband router or BEFSR41 Cable/DSL router
 Class Linksys | embedded || broadband router
 TSeq(Class=TD|RI%gcd=<400%SI=<62C%IPID=Z|RD%TS=U)
 T1(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
@@ -9093,6 +10845,32 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linksys BEFW11S4 DSL/Cable Router with Firmware 1.45z
+Fingerprint Linksys BEFW11S4 wireless DSL/Cable Router
+Class Linksys | embedded || broadband router
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=4009%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=800%ACK=S++%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=400|800|C00%ACK=S++%Flags=AR%Ops=)
+T5(DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=)
+T7(DF=N%W=400|800%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+# Linksys BEFW11S4 firmware revision 1.45.10
+Fingerprint Linksys BEFW11S4 wireless DSL/Cable Router
+Class Linksys | embedded || broadband router
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|1000%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=C00|1000|400%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Linksys WAP11 v2.6 firmware 1.06
 Fingerprint Linksys WAP11 Wireless AP
 Class Linksys | embedded || WAP
@@ -9602,6 +11380,32 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=Y%TOS=C0%IPLEN=178%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=F|E)
 
+# Linux 2.4.4-4GB #1 Wed May 16 00:37:55 GMT 2001 i586 unknown
+Fingerprint Linux 2.4.4
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<8%SI=<10F070C&>15ACF%IPID=Z%TS=100HZ)
+T1(DF=Y%W=1678%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=1678%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=Y%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.4.4-4GB (X86) from Red hat
+Fingerprint Linux 2.4.4
+Class Linux | Linux | 2.2.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<FC5E4&>19E%IPID=Z%TS=U)
+T1(DF=N%W=860%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=860%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S|O%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Linux 2.4.18
 # SuSE Linux 7.3 linux-2.4.10-4GB, running on amd k6-2
 Fingerprint Linux 2.4.10 - 2.4.18
@@ -9717,7 +11521,8 @@ PU(DF=N%TOS=30|60|D0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # linux 2.4.20 (i586) Preemptible
 # Linux 2.4.18
-Fingerprint Linux 2.4.18 - 2.4.20 (x86)
+# 2.4.21-20.ELsmp SMP RedHat AS3, REL3
+Fingerprint Linux 2.4.18 - 2.4.21 (x86)
 Class Linux | Linux | 2.4.X | general purpose
 TSeq(Class=RI%gcd=<8%SI=<25C5808&>30578%IPID=Z%TS=100HZ)
 T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -9743,11 +11548,38 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Debian/Gnu Linux 3.0 (Woody) Kernel 2.4.18-bf2.4
+Fingerprint Linux 2.4.18
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<293EE44&>69651%IPID=Z%TS=100HZ)
+T1(DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Linux RedHat 2.4.18-5 #1 Mon Jun 10 15:31:48 EDT 2002 i686 unknown
+Fingerprint Linux 2.4.9 - 2.4.18
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1C3AE82&>46383%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=1000|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|400|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
+
 # Linux 2.4.18 on Alpha EV4
 # Linux 2.5.70 (x86)
 # Linux 2.6.4 i686
 # Linux gentoo 2.6.7-gentoo-r11 i686
-Fingerprint Linux 2.4.18 - 2.6.7
+# Linux gentoo 2.6.11-gentoo-r9
+Fingerprint Linux 2.4.18 - 2.6.11
 Class Linux | Linux | 2.4.X | general purpose
 Class Linux | Linux | 2.5.X | general purpose
 Class Linux | Linux | 2.6.X | general purpose
@@ -9761,6 +11593,19 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux 4.19-4GB #1 Tue Sep 30 19:01:07 UTC 2003 i686 unknown / SuSe Linux OpenExchange Server
+Fingerprint Linux 2.4.19
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<13A36B6&>3244E%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=ARF%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=RF%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # Mandrake 9.1 SMP 2.4.19-16mdksmp #1 SMP Fri Sep 20 16:08:37 CEST 2002 i686 unknown unknown GNU/Linux
 Fingerprint Linux 2.4.19 (Mandrake, X86)
 Class Linux | Linux | 2.4.X | general purpose
@@ -9813,6 +11658,61 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux kernel 2.4.19C13_V (X86) Sun Cobalt RaQ550
+Fingerprint Linux 2.4.19
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<20DD6C4&>54211%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=O|S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=1000|C00|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|400%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.4.20-4GB (X86)
+Fingerprint Linux 2.4.20
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<8%SI=<1540758&>1B32B%IPID=I%TS=100HZ)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.4.20-wolk4.17s (X86)
+# Linux demeter 2.4.20-wolk4.17s #1 i686 unknown
+# "Devil Linux 1.2.2" 2.4.27-grsec #1 SMP i686 AuthenticAMD unknown+GNU/Linux
+# Gentoo 2.4.28-hardened-r5 (Up to date with Gentoo Hardened Patches) on a Proliant 1600R
+Fingerprint Linux 2.4.20 - 2.4.28
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=100HZ)
+T1(DF=Y%W=1690|16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.4.20-wolk4.16s
+Fingerprint Linux 2.4.20
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=100HZ)
+T1(DF=Y%W=7D74%ACK=S++%Flags=AS%Ops=MNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Linux 2.4.20
 Class Linux | Linux | 2.4.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<18D4252&>3F8B9%IPID=Z%TS=100HZ)
@@ -9851,8 +11751,10 @@ T6(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint Linux 2.4.20 (Itanium)
+# Red Hat Enterprise Linux AS release 3.90 (Nahant), Kernel 2.6.8-1.528.2.10smp on an i686
+Fingerprint Linux 2.4.20 or 2.6.8
 Class Linux | Linux | 2.4.X | general purpose
+Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<28E2CAC&>68A83%IPID=Z%TS=1000HZ)
 T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
 T2(Resp=N)
@@ -9876,6 +11778,32 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux kernel 2.4.20 from ALT Linux Master 2.2 (uname -r = 2.4.20-alt16-smp)
+Fingerprint Linux 2.4.20
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<25A8F50&>60659%IPID=Z%TS=U)
+T1(DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.4.20-8 #1 i686 i686 i386 GNU/Linux
+Fingerprint Linux 2.4.20
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1A82ACC&>43DBE%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=1000|800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|800%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # Linux localhost 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004 i686 i686 i386 GNU/Linux
 Fingerprint Linux 2.4.20 (X86, Redhat 7.3)
 Class Linux | Linux | 2.4.X | general purpose
@@ -9940,6 +11868,37 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+# base on msg 1058, 1776
+# Linux kernel 2.4.21-243(athlon) from SuSE 9.0
+# SuSE 9.0 with updates, kernel 2.4.21-280-default
+Fingerprint Linux 2.4.21 (Suse)
+Class Linux | Linux | 2.4.X | general purpose               
+TSeq(Class=RI%gcd=<8%SI=<243DCC4&>17466%IPID=I%TS=U)
+T1(DF=Y%W=16D0|7FFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0|C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.4.21-4.0.1.ELsmp x86 Dual Xeon RedHat EL3 AS3 (Red Hat Linux 3.2.3-20)
+# Linux Kernel 2.4.21-4.0.1 Red Hat Enterprise Linux ES release 3 (Taroon)
+# Linux sun 2.4.27 #3 SMP Mon Nov 1 21:24:45 GMT 2004 sparc unknown unknown GNU/Linux
+# Linux AthenA-server 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
+Fingerprint Linux 2.4.18 - 2.4.27
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=TR|RI%gcd=<6%SI=<2CA3968&>49B3D%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Linux 2.4.21-0.25mdk x86
 Fingerprint Linux 2.4.21 (x86)
 Class Linux | Linux | 2.4.X | general purpose
@@ -9953,18 +11912,63 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-# Linux 2.4.21-121-athlon; SuSE, x86
-Fingerprint Linux 2.4.21 (x86)
+# Red Hat Linux release 9 (Shrike), Kernel Version 2.4.20-31.9.progeny.5
+# Linux 2.4.21-27.0.2.EL i686 i386 (Red Hat Enterprise Linux ES release 3 (Taroon Update 4)) + APF 0.9.3
+# Linux 2.4.21-15.0.4.ELsmp #1 SMP i686 i686 i386 GNU/Linux
+# Linux 2.4.22-1.2115.nptlsmp
+# Linux 2.4.22-1.2199.nptlsmp #1 SMP i686 i686 +i386 GNU/Linux
+Fingerprint Linux 2.4.20 - 2.4.22
 Class Linux | Linux | 2.4.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<1C5FBC4&>48A1C%IPID=I%TS=1000HZ)
-T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+TSeq(Class=RI%gcd=<6%SI=<3089154&>7C37E%IPID=Z%TS=U)
+T1(DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=N)
 T3(Resp=N)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(Resp=N)
+
+# SuSE Linux 9.0 2.4.21-215-athlon
+# Linux 2.4.21-121-athlon; SuSE, x86
+# Linux 2.4.21-231-athlon from SuSE 9.0
+Fingerprint Linux 2.4.21 (x86 SuSE)
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1C5FBC4&>48A1C%IPID=I%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0|C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
+
+# RedHat Linux Enterprise 3 2.4.21-27.0.2.EL #1
+Fingerprint Linux 2.4.21 (RedHat)
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=400|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Linux Boobie 2.4.21-9.EL #1 RedHat
+Fingerprint Linux 2.4.21 (RedHat)
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2E5DABA&>58D55%IPID=Z%TS=100HZ)
+T1(DF=Y%W=564%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=C00|800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|400%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
 
 # Linux mail2 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux (Redhat Enterprise Linux AS 3)
 Fingerprint Linux 2.4.21 (x86, RedHat)
@@ -9994,12 +11998,39 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux 2.4.21-32.0.1.ELsmp #1 i686 i686 i386 GNU/Linux
+Fingerprint Linux 2.4.21
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<31EB9A2&>7FCA1%IPID=Z%TS=U)
+T1(DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux Kernel 2.6.10-ck (x86) Gentoo system
+Fingerprint Linux 2.4.22 or 2.6.10
+Class Linux | Linux | 2.4.X | general purpose
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<29CB48E&>6AF95%IPID=Z%TS=U)
+T1(DF=Y%W=3000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=3000%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Linux 2.4.22 (SPARC)
 Class Linux | Linux | 2.4.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<256B646&>5FC9A%IPID=Z%TS=100HZ)
-T1(DF=Y%W=1650%ACK=S++%Flags=AS%Ops=MNNTNW)
+T1(DF=Y%W=830|1650%ACK=S++%Flags=AS%Ops=MNNTNW)
 T2(Resp=N)
-T3(Resp=Y%DF=Y%W=1650%ACK=S++%Flags=AS%Ops=MNNTNW)
+T3(Resp=Y%DF=Y%W=830|1650%ACK=S++%Flags=AS%Ops=MNNTNW)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
@@ -10020,8 +12051,13 @@ T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Linux 2.4.22 (x86, Gentoo)
+# Linux 2.6.7-hardened-r16 #1 x86_64 AMD Athlon(tm) 64 Processor 3000+ AuthenticAMD GNU/Linux
+# Slackware 10 kernel 2.6.7
+# Fedora Core 2 With Kernel 2.6.8-1
 # Kernel 2.6.3 (X86); Gentoo Distro
-Fingerprint Linux 2.4.22 - 2.6.3 (x86, Gentoo)
+# Gentoo Base System version 1.4.16 Linux linuxbox 2.6.9 #2 SMP+Pentium III (Coppermine) GenuineIntel GNU/Linux
+# Linux kernel 2.6.10-1.760_FC3 from Fedora Core 3
+Fingerprint Linux 2.4.22 or 2.6.3 - 2.6.10
 Class Linux | Linux | 2.4.X | general purpose
 Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<11A9004&>2D341%IPID=Z%TS=1000HZ)
@@ -10036,8 +12072,10 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Linux 2.4.22 (x86, Gentoo)
 # Linux server 2.6.7-ck5 (x86)
-Fingerprint Linux 2.4.22 - 2.6.7
+# Linux lamaquina 2.6.8.1-10mdk #1 Wed Sep 8 17:00:52 CEST 2004 i686 AMD Athlon(tm) 64 Processor 3200+
+Fingerprint Linux 2.4.22 - 2.6.8
 Class Linux | Linux | 2.4.X | general purpose
+Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<8%SI=<132F658&>188E0%IPID=Z%TS=1000HZ)
 T1(DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
 T2(Resp=N)
@@ -10048,9 +12086,23 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Debian Linux feeshus 2.4.22-1-ipvs-686 #1
+Fingerprint Linux 2.4.22
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<180F182&>3D924%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C8%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Linux 2.4.22-gentoo-r7 (x86)
 # Linux 2.6.4-gentoo-grsec (x86) - manual patch on gentoo's kernel (gentoo-dev-sources) with grsecurity-2.0-test2-2.6.4.patch
-Fingerprint Linux 2.4.22 through 2.6.7 w/grsec (x86, Gentoo)
+# Linux 2.6.10 with grsecurity 2.6.10 i686
+Fingerprint Linux 2.4.22 or 2.6.4 - 2.6.10
 Class Linux | Linux | 2.4.X | general purpose
 Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=1000HZ)
@@ -10161,6 +12213,128 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux 2.4.26-gentoo-r6 #1 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
+Fingerprint Linux 2.4.26 
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<298F858&>6A637%IPID=I%TS=U)
+T1(DF=N%W=7FFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=7FFF%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.4.26-1.ll.rh90.ccrma from RedHat 9.0
+# Linux kernel 2.6.5-63255U10_3cl (i686(X86)) from Conectiva Linux 10
+Fingerprint Linux 2.4.26 or 2.6.5
+Class Linux | Linux | 2.4.X | general purpose
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<247BECA&>5659F%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# Linux 2.4.26-gentoo-r12 #5 i686 Pentium II
+# Linux 2.4.26-gentoo-r9 #14 i686 Celeron (Mendocino) GenuineIntel GNU/Linux
+Fingerprint Linux 2.4.26 (gentoo)
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<8%SI=<2E22EC4&>27AD8%IPID=I|RD%TS=100HZ)
+T1(DF=N|Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.4.26  from slackware linux 10
+Fingerprint Linux 2.4.26
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2961188&>6375E%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# Linux kernel 2.4.26 from Slackware 10.0
+Fingerprint Linux 2.4.26
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<8%SI=<3230066&>338AC%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=80%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.4.26 i686 GNU/Linux
+Fingerprint Linux 2.4.26
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2049F82&>52A3D%IPID=Z%TS=100HZ)
+T1(DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux live cd knoppix 2.4.27 (knoppix 2.6)
+Fingerprint Linux 2.4.18 - 2.4.27
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<8%SI=<3859E24&>47DBA%IPID=Z%TS=100HZ)
+T1(DF=N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
+
+# Linux 2.4.27-1-586tsc #1 Wed Dec 1 19:25:25 JST 2004 i586 GNU/Linux (Debian Sid)
+Fingerprint Linux 2.4.27 or D-Link DSL-500T (running linux 2.4)
+Class Linux | Linux | 2.4.X | general purpose
+Class D-Link | embedded || broadband router
+TSeq(Class=RI%gcd=<6%SI=<2031130&>5267C%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.4.27-grsec #1 SMP i686
+# Linux 2.4.27-grsec (x86) (grsecurity 2.0.1) w/ net.ipv4.tcp_timestamps = 0
+Fingerprint Linux 2.4.27 with grsec
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=U)
+T1(DF=Y%W=16D0|7FFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=M)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Linux 2.4.27 with grsec
 Class Linux | Linux | 2.4.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=1000HZ)
@@ -10173,6 +12347,19 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux kernel 2.4.29 from Slackware 10.1.0
+Fingerprint Linux 2.4.29
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2209F48&>571E7%IPID=Z%TS=100HZ)
+T1(DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=1000|C00|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=1000|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|400%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # Linux 2.4.3-2.10.1smp (RedHat 7.0.98 Wolverine)
 Fingerprint Linux 2.4.3 SMP (RedHat)
 Class Linux | Linux | 2.4.X | general purpose
@@ -10186,10 +12373,25 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint Linux 2.4.6 - 2.4.21
+# Linux kernel 2.4.30 (vanilla)
+Fingerprint Linux 2.4.30
+Class Linux | Linux | 2.4.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<293A11E&>6963B%IPID=Z%TS=100HZ)
+T1(DF=Y%W=1578%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=1578%ACK=S++|O%Flags=AS|A%Ops=MNNTNW|NNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.4.26 #6 i686 unknown unknown GNU/Linux
+# Linux kernel 2.6.9-1.681_FC3 from Fedora Core 3
+Fingerprint Linux 2.4.6 - 2.4.26 or 2.6.9
 Class Linux | Linux | 2.4.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<1E74A9A&>4DF5C%IPID=Z%TS=100HZ)
-T1(DF=Y%W=16A0|4000|7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
+T1(DF=Y%W=1680|16A0|4000|7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
 T2(Resp=N)
 T3(Resp=N)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
@@ -10238,8 +12440,9 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
 
+# Mandrake Communiry 10.1  (2.6.8.1-10mdk-i586-up-1GB)
 # Linux matrix 2.6.3-gentoo-r2 x86
-Fingerprint Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
+Fingerprint Linux 2.5.25 - 2.6.8 or Gentoo 1.2 Linux 2.4.19 rc1-rc7
 Class Linux | Linux | 2.4.X | general purpose
 Class Linux | Linux | 2.5.X | general purpose
 Class Linux | Linux | 2.6.X | general purpose
@@ -10339,7 +12542,8 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint Linux 2.6.0-test5-love3 (x86)
+Fingerprint Linux 2.4.20 or 2.6.0-test5-love3 (x86)
+Class Linux | Linux | 2.4.X | general purpose
 Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<DDDFF6&>23458%IPID=Z%TS=U)
 T1(DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=M)
@@ -10377,9 +12581,9 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Linux 2.6.3-gentoo-r1 #5 Wed Apr 7 13:48:31 EDT 2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
 # Gentoo 1.4.16; Kernel 2.6.7
-Fingerprint Linux 2.6.3 - 2.6.7
-Class Linux | Linux | 2.6.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<1420E68&>337A0%IPID=Z%TS=1000HZ)
+# Linux sarge 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
+Fingerprint Linux 2.6.3 - 2.6.8
+TSeq(Class=RI%gcd=<6%SI=<16883CC&>1CD61%IPID=Z%TS=1000HZ)
 T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
 T2(Resp=N)
 T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -10389,7 +12593,8 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
-Fingerprint Linux 2.6.3 - 2.6.8
+# Linux 2.6.10-1.741_FC3 i686 athlon i386 GNU/Linux
+Fingerprint Linux 2.6.3 - 2.6.10
 Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<3552DC&>8860%IPID=Z%TS=1000HZ)
 T1(DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -10401,6 +12606,20 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux 2.6.3-6mdksecure #1 SMP x86_64 from Mandrake 10
+# Linux 2.6.8-p4 #1 SMP i686 GNU/Linux
+Fingerprint Linux 2.6.3 or 2.6.8
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<8%SI=<24F1576&>1E7BD%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # LINUX Suse 9.1 Professional Kernel 2.6.4 i686
 Fingerprint Linux 2.6.4 (Suse)
 Class Linux | Linux | 2.6.X | general purpose
@@ -10414,6 +12633,19 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+# Linux 2.6.5-1.358 #1 Sat May 8 09:04:50 EDT 2004 i686 i686 i386 GNU/Linux
+Fingerprint Linux 2.6.5
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<265B754&>6225F%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Linux 2.6.6-rc2-bk3
 Fingerprint Linux 2.6.6
 Class Linux | Linux | 2.6.X | general purpose
@@ -10427,11 +12659,49 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-#  Linux 2.6.7-gentoo-r11 #2 Wed Jul 28 23:25:03 PDT 2004 i686 Pentium II (Deschutes)
+# Linux kernel 2.6.6-1-k7 (X86) from Debian Testing
+Fingerprint Linux 2.6.6-1-k7 (X86)
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<235C288&>5A817%IPID=Z%TS=1000HZ)
+T1(DF=N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.7-gentoo-r11 #2 Wed Jul 28 23:25:03 PDT 2004 i686 Pentium II (Deschutes)
 # Linux  2.6.8-rc3 #1 Sat Aug 7 07:19:34 EDT 2004 i686 GNU/Linux
-Fingerprint Linux 2.6.7 - 2.6.8
+# Debian Sarge GNU/Linux kernel 2.6.8-1 (i386)
+# Linux 2.6.7-hardened-r17 Gentoo
+# Linux 2.6.9-1.681_FC3smp #1 SMP i586 i586 i386 GNU/Linux (Fedora Core 3+kernel as supplied)
+# Linux 2.6.8-1-686 from Debian sid
+# SuSE Linux Prefessional 9.1, with kernel 2.6.10
+# Linux 2.6.8, PLD distribution, SMP
+# Linux 2.6.11.4-20a-default #1 i686 i686 i386 GNU/Linux from+Suse 9.3
+# Linux 2.6.8-24.11-default #1 Fri Jan 14 13:01:26 UTC 2005 i686 i686 i386 GNU/Linux
+# Linux 2.6.5-7.155.29-default #1 Thu Jun 2 12:07:05 UTC 2005 i686 i686 i386 GNU/Linux (SuSE+9.2 )
+# Linux Debian Sarge 2.6.11.7
+# Linux kernel 2.6.10-4GB (X86) with Debian GNU/Linux 3.1
+# Linux Kernel 2.6.7-1-686-smp from backports.org Debian Woody
+Fingerprint Linux 2.6.5 - 2.6.11
 Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<2BF6254&>70895%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=15E0|16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0|C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
+
+# Linux 2.6.7-tp #5 i686 GNU/Linux
+Fingerprint Linux 2.6.7
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<8%SI=<13C059A&>1B365%IPID=Z%TS=100HZ)
 T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
 T2(Resp=N)
 T3(Resp=N)
@@ -10439,6 +12709,19 @@ T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
+PU(DF=N%TOS=14%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.6.7 (X86) from Mepis
+Fingerprint Linux 2.6.7 (X86)
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<14E7284&>35813%IPID=Z%TS=U)
+T1(DF=Y%W=1800%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=1800%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 Fingerprint Linux 2.6.7 w/grsecurity.org patch
@@ -10453,22 +12736,22 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-# Debian Sarge Kernel 2.6.8
-Fingerprint Linux 2.6.8 (Debian)
+# Linux kernel 2.6.7 with grsecurity patches
+Fingerprint Linux 2.6.7
 Class Linux | Linux | 2.6.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<2C96D4E&>34B7A%IPID=Z%TS=100HZ)
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=1000HZ)
 T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T2(Resp=N)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 T3(Resp=N)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(Resp=N)
-PU(DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Linux Kernel 2.6.3 (X86)
-#  Linux 2.6.7 #3 Sat Jul 17 13:25:29 EEST 2004 i486
-Fingerprint Linux Kernel 2.6.3 - 2.6.7 (X86)
+# Linux 2.6.7 #3 Sat Jul 17 13:25:29 EEST 2004 i486
+Fingerprint Linux 2.6.3 - 2.6.7 (X86)
 Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<205C682&>528B7%IPID=Z%TS=1000HZ)
 T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -10504,8 +12787,23 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux 2.6.7-hardened-r16 (Gentoo hardened-dev-sources) x86
+# Linux 2.6.7-hardened-r16 #3 SMP i686  GNU/Linux (grsec+pax, gentoo hardened-dev-sources))
+Fingerprint Linux 2.6.7
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=1000HZ)
+T1(DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Linux 2.6.5 (Gentoo)
 # Linux 2.6.8 (Fedora Core 2)
+# Fingerprint Linux kernel 2.6.8-1.521 Fedora 2
 Fingerprint Linux kernel 2.6.5 - 2.6.8
 Class Linux | Linux | 2.6.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<17F9116&>3D580%IPID=Z%TS=1000HZ)
@@ -10518,6 +12816,344 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Linux ubuntu 2.6.8.1-5-386 #1 Sat Feb 12 00:19:31 UTC 2005 i686 GNU/Linux
+Fingerprint Linux 2.6.8 (ubuntu)
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<10F66C0&>2B6A6%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
+# Debian Sarge Kernel 2.6.8
+Fingerprint Linux 2.6.8 (Debian)
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2C96D4E&>34B7A%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.8-24.14-smp GNU/Linux Suse Linux 9.2 Professional
+Fingerprint Linux 2.6.8
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<C0DF46&>1ED0B%IPID=Z%TS=1000HZ)
+T1(DF=N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux Mandrake 10.1, i586, kernel 2.6.8.1-12mdk
+# Linux 2.6.8.1-12mdk #1 Fri Oct 1 12:53:41 CEST 2004 i686 AMD Athlon(tm) XP 3000+ unknown GNU/Linux
+Fingerprint Linux 2.6.8
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1E91DE8&>4E3D1%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=111C%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=111C%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.8-1.521 #1 i686 athlon i386 GNU/Linux
+Fingerprint Linux 2.6.8
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<C88D22&>20154%IPID=I%TS=1000HZ)
+T1(DF=N%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.9-gentoo-r13Hipcia #3 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
+# Linux 2.6.8-1-686-smp #1 SMP i686 GNU/Linux from Debian 3.1
+Fingerprint Linux 2.6.8 - 2.6.9
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<11DFD8E&>15CCF%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=400|800|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=400|800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00|400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Linux 2.6.8-2-k7 #1 Thu May 19 18:03:29 JST 2005 i686 GNU/Linux
+# Linux 2.6.8-2-386 #1 Mon Jan 24 03:01:58 EST 2005 i686 GNU/Linux, from Debian testing
+Fingerprint Linux 2.6.8
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<32035F2&>2A223%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=1000|400|800|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00|800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|800|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|800%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Linux 2.6.8.1-12mdk #1 i686 Intel(R) Xeon(TM) CPU 2.80GHz unknown GNU/Linux
+# Linux 2.6.8-1-k7 #1 i686 GNU/Linux
+Fingerprint Linux 2.6.8
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<18C0F36&>3F49D%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=14|30%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.6.8 on PLD Linux
+# Linux kernel 2.6.8.1-10mdk (x86) from Mandrake 10.1 Community
+# Linux kernel 2.6.8.1-10mdk (X86) from Mandrake 10.1 community
+# Linux kernel 2.6.7-SMP from Knoppix 3.6
+# Linux 2.6.8.1-4-k7 i686 GNU/Linux
+Fingerprint Linux 2.6.7 - 2.6.8
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1D19DA8&>4A672%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=830|159C|474C%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=830|159C|474C%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.6.8.1 from Debian sarge netinst
+# Linux kernel 2.6.11-1.27 from Fedora Core 3
+Fingerprint Linux 2.6.8 - 2.6.11
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<23C986A&>4BB91%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.9 #1 i686
+# Linux kernel 2.6.9 (PIII-80Mhz)
+Fingerprint Linux 2.6.9
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2AB93AA&>6D5A3%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=28|40%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Slackware current kernel 2.6.9
+# Fedora Core 3 Linux Kernel 2.6.9 x86 (i386)
+# Linux kernel 2.6.4-52 from (X86) SuSE Linux 9.1
+# Debian Sarge Linux 2.6.6-1, i686 (x86)
+Fingerprint Linux 2.6.4 - 2.6.9
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<28A04EC&>2F60A%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=1000|800|C00|400%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|1000|400|800%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=800|1000|C00%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# Linux 2.6.9-1.649 FC Rawhide
+# Linux kernel 2.6.9 (x86_64) from kernel.org
+Fingerprint Linux 2.6.9
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<13935EA&>32119%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=5AC|1540%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=5AC|1540%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.9-1.681_FC3 #1 i686 i686 i386 GNU/Linux Fedora Core 3
+Fingerprint Linux 2.6.9
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1BA9D60&>26DF4%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Gentoo Linux running on a UML client, Linux 2.6.10-linode12 #1 i686 UML User Mode
+Fingerprint Linux 2.6.10
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2CE05FC&>72AE6%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# Linux runerm 2.6.10-kanotix-8 #1 Wed Feb 2 16:49:31 GMT 2005 i686 GNU/Linux
+# Linux Kernel 2.6.11 With some Fixes from debian/kanotix
+# debian 3.1 kernel : 2.6.11-rc7
+Fingerprint Linux 2.6.10 - 2.6.11
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<249F172&>5DBEE%IPID=Z%TS=U)
+T1(DF=Y%W=16D0%ACK=O|S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.10 i686 on IBM Thinkpad T30
+# Linux barton 2.6.10-gentoo-r6 Gentoo
+# Linux 2.6.10-grsec #1 Fri Jan 28 00:37:15 CET 2005 i686 GNU/Linux
+Fingerprint Linux 2.6.10
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=TR|RI%gcd=<6%SI=<321C62E&>8044F%IPID=I|RD%TS=1000HZ)
+T1(DF=Y|N%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.6.10 X86 Slackware 10.0
+Fingerprint Linux 2.6.10
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1FB5BDE&>51299%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.10 #1 Wed Jan 5 12:36:35 CET 2005 i686 unknown  Debian 3.0r2
+# linux gentoo kernel 2.6.10
+# Linux kernel 2.6.10-custom (x86) from Debian GNU/Linux 3.1
+Fingerprint Linux 2.6.10
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1A5ABDA&>43761%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=38|A0|B8|C8%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Ubuntu Hoary Hedgehog - Linux ubuntu 2.6.10-5-386 #1 Tue Apr 5 12:12:40 UTC 2005 i686 GNU/Linux
+Fingerprint Linux 2.6.10
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<15962A2&>3740B%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# Linux 2.6.9 #1 i686 Intel(R) Pentium(R) 4 CPU 3.06GHz+GenuineIntel GNU/Linux
+# Linux kernel 2.6.10-rc3 from Gentoo on an Ultra 1 (sparc)
+# Linux 2.6.5 i686 P42.00GHz, Gentoo Base System version 1.6.6, Portage+2.0.51-r3
+# Gentoo Linux 2004.1 PPC (old blue and white G3)  Kernel 2.6.11.7
+Fingerprint Linux 2.6.5 - 2.6.11
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<360764E&>48D40%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=400|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0|C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Linux linux 2.6.11.9 #1 Sat May 14 00:49:06 CEST 2005 i686 unknown unknown GNU/Linux
+Fingerprint Linux 2.6.11
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=800|400|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=C00%ACK=S%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux kernel 2.6.8-1-k7-smp (X86) Debian GNU/Linux 3.1 (Sarge - testing)
+# Linux 2.6.11-gentoo-r2-ck1
+# Linux 2.6.11-gentoo-r4 #1 i686 P4CPU+2.40GHz GenuineIntel GNU/Linux Gentoo Base System version 1.4.16
+# Linux 2.6.11-gentoo-r9-nymph #1i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
+Fingerprint Linux 2.6.8 - 2.6.11
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1F96C34&>50AA5%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=16A0%ACK=O|S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=80%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Linux 2.6.11 (gentoo-dev-sources)
+Fingerprint Linux 2.6.11 (gentoo)
+Class Linux | Linux | 2.6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1F96C34&>50AA5%IPID=Z%TS=1000HZ)
+T1(DF=Y%W=7D0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=7D0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint ComOS based terminal server - Livingston PortMaster or U.S. Robotics/3Com Total Control
 Class Livingston | ComOS || terminal server
 Class 3Com | ComOS || terminal server
@@ -10566,6 +13202,47 @@ T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# M0n0wall 1.2b2 - Firewall based on FreeBSD 4.1
+# M0n0wall 1.2b2 FreeBSD-based firewall running on PC Engines WRAP board (Geode x86 architecture)
+# m0n0wall FreeBSD based firewall (http://m0n0.ch/wall/) version 1.2b3 (version 1.2 beta 3) generic PC
+# m0n0wall Router/Captive portal version 1.2b8 running on stripped down version of FreeBSD
+Fingerprint M0n0wall 1.2b2 - 1.2b8 FreeBSD 4.1 based firewall
+Class m0n0wall | FreeBSD | 4.X | firewall
+TSeq(Class=TR%gcd=<6%IPID=I%TS=1000HZ)
+T1(DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# m0n0wall or pfsense firewall distro based on FreeBSD 5.3
+# M0n0wall (FreeBSD 5.3 based) with firmware beta version 1.2b7
+Fingerprint M0n0wall 1.2b7 FreeBSD 5.3 based firewall
+Class m0n0wall | FreeBSD | 5.X | firewall
+TSeq(Class=TR%gcd=<6%TS=1000HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+Fingerprint Madge Smart Ringswitch
+Class Madge | embedded || switch
+T1(DF=N%W=1F4%ACK=S++%Flags=AS%Ops=)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=1F4%ACK=S++%Flags=AS%Ops=)
+T4(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Magna SG10 intranet router
 Class Magna | embedded || router
 TSeq(Class=RI%gcd=<6%SI=<31AD68E&>5F62F%TS=100HZ)
@@ -10727,10 +13404,13 @@ T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Microsoft xbox with hacked bios and xbmc running
-#  Evolution-X 2.X (unsure which evolution-x version is running, one from the 2.X series though...) on mod-chipped XBOX
+# Evolution-X 2.X (unsure which evolution-x version is running, one from the 2.X series though...) on mod-chipped XBOX
+# XBOX running Xbox Media center v1.0.0
+# Microsoft XBOX 1.0.5101.1, mod chip ALX2+, running Avalaunch v0.49.3 Xmas edition
+# XBox hardware version 1.5 running XBox Media Centre version 1.1.0
 Fingerprint Microsoft Xbox (modified)
 Class Microsoft | embedded || game console
-TSeq(Class=RI%gcd=<6%SI=<5C26&>74%IPID=I%TS=U)
+TSeq(Class=RI%gcd=<6%SI=<5C26%IPID=RPI|I%TS=U)
 T1(DF=N%W=FC00%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=N)
 T3(Resp=Y%DF=N%W=FC00%ACK=S++%Flags=AS%Ops=M)
@@ -10740,8 +13420,10 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# xbox v1.1 running EvoX bios
 # v1.5 XBOX running Evolution build 3935, fresh default install.
 # Microsoft XBOX with SmartXX modchip - running XBOX Media Center v1.0
+# Microsoft Xbox v1.6
 Fingerprint Microsoft Xbox (modified)
 Class Microsoft | embedded || game console
 TSeq(Class=RI%gcd=<6%SI=<AD02&>20%TS=U)
@@ -10754,7 +13436,9 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
-Fingerprint Microsoft Xbox (modified) running EvolutionX
+# Microsoft Xbox Console running Xbox Media Centre version 1.1.01
+# Microsoft Xbox (modified) running EvolutionX
+Fingerprint Microsoft Xbox (modified)
 Class Microsoft | embedded || game console
 TSeq(Class=TD%gcd=<6%SI=<2E4%IPID=I%TS=U)
 T1(DF=N%W=41A0|4238|FC00%ACK=S++%Flags=AS%Ops=M)
@@ -10791,9 +13475,24 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Microsoft Windows Longhorn Preview, Version 6.0 Build 4051.idx 02.031001-1340
+Fingerprint Microsoft Windows Longhorn Preview
+Class Microsoft | Windows Longhorn || general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows Server 2003, Enterprise Edition, Build 3790
 # Microsoft .NET Enterprise Server RC2 (Version 5.2 build 3718.dnsrv.021114-1947)
-Fingerprint Microsoft Windows .NET Enterprise Server RC2 (Version 5.2, build 3718.dnsrv.021114-1947)
+# Microsoft Windows .NET Enterprise Server RC2 (Version 5.2, build 3718.dnsrv.021114-1947)
+# Windows Server 2003 Standard Edition. no SP, all current hotfixes
+Fingerprint Microsoft Windows 2003 Server
 Class Microsoft | Windows | 2003/.NET | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I)
 T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -10803,10 +13502,18 @@ T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
 # Microsoft Windows Server 2003 Standard Edition
-Fingerprint Microsoft Windows 2003 Server
+# Microsoft Windows 2003 standard edition Version 5.2 (Build 3790.srv03_gdr.040410-1234)
+# Microsoft Windows 2003 Server with SP1
+# Windows server 2003 enterprise sp1 + hotfixes (build 3790.srv30_sp1_rtm.050324-1447 : Service Pack 1)
+# Windows 2003 Enterprise SP1 Version 5.2 (Build 3790.srv03_sp1_rc1.041202-1618 : +Service Pack 1, v.1)
+# Microsoft Windows XP Professional /w SP2 build 2600.xpsp_sp2_rtm.040803-2158
+# Microsoft Windows 2003 Standard Edition SP1 Updated through June 19th 2005
+# Windows Server 2003 Enterprise Edition (Version 5.2 Build 3790.srv03_sp1_rtm.050324-1447 : +Service Pack 1)
+Fingerprint Microsoft Windows 2003 Server, 2003 Server SP1 or XP Pro SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
 Class Microsoft | Windows | 2003/.NET | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I)
 T1(DF=N%W=4000|402E%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -10818,6 +13525,31 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows 2003 server edition, no service packs
+Fingerprint Microsoft Windows 2003 Server
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=C00|800|1000%ACK=S%Flags=R%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=1000|800%ACK=S%Flags=R%Ops=WNMETL)
+T4(DF=N%W=C00|400%ACK=S%Flags=R%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|800|1000%ACK=S%Flags=R%Ops=WNMETL)
+T7(DF=N%W=C00|1000|400%ACK=S%Flags=R%Ops=WNMETL)
+PU(Resp=N)
+
+Fingerprint Microsoft Windows 2003 Server
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=80%IPLEN=B0%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
 # Microsoft Windows 2003 Server (Version 5.2 build 3790.srv03_rtm.030324-2048)
 Fingerprint Microsoft Windows 2003 Server
 Class Microsoft | Windows | 2003/.NET | general purpose
@@ -10838,6 +13570,8 @@ PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 # Windows 2003 Standard Edition RTM
 # Window Server 2003 Enterprise Edition Swedish
 # Microsoft Windows XP Professional (English) w/ SP2 RC1 build 2600.xpsp_sp2_rc1.040311-2315 - WINDOWS FIREWALL DISABLED
+# Microsoft Windows 5.2 Build 3790.srv03_rtm.030324-2048
+# Microsoft Windows Version 5.1 (Build 2600.spdp_sp2_rtm.040803-2158 : Services Pack 2)
 Fingerprint Microsoft Windows 2003 Server or XP SP2
 Class Microsoft | Windows | 2003/.NET | general purpose
 Class Microsoft | Windows | NT/2K/XP | general purpose
@@ -10851,8 +13585,46 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E|F%UCK=E|F%ULEN=134%DAT=E)
 
+Fingerprint Microsoft Windows 2003 Server Standard Edition
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=20%IPLEN=B0%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows Server 2003 Enterprise Edition Version 5.2.3790
+Fingerprint Microsoft Windows Server 2003 Enterprise Edition
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=10%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows Server 2003, No Service Packs build 3790.srv03_gdr.040410-1234
 Fingerprint Microsoft Windows Server 2003
 Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=5B4%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=5B4%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+Fingerprint Microsoft Windows 2003 Server
+Class Microsoft | Windows | 2003/.NET | general purpose
 TSeq(Class=TR%gcd=<6)
 T1(DF=Y%W=FB8B%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
@@ -10863,21 +13635,41 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows XP pro (French) version:2002 sp2
+# Microsoft Windows Server 2003 version 5.2 (Build 3790.srv03_gdr.040410-1234)
 # Microsoft Windows Server 2003 Enterprise Edition (Trial Version downloaded from Microsoft as at 06/03
+# Microsoft Windows 2003 Server Enterprise Edition (German) build 3790.srv03_rtm.030324-2048
 # Microsoft Windows .NET Standard Server RC#2 (build 3718)
-Fingerprint Microsoft Windows Server 2003
+# Microsoft Windows XP Professional version 2002 service pack 2
+# Microsoft Windows XP Home (English) w/SP2 Version 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
+# Microsoft Windows XP Home /SP2 Polish Edition
+Fingerprint Microsoft Windows 2003 Server or XP SP2
 Class Microsoft | Windows | 2003/.NET | general purpose
+Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I)
-T1(DF=Y%W=402E|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T1(DF=Y|N%W=2017|402E|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
 T3(Resp=N)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
-PU(DF=N%TOS=0|20%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0|20%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E|F%UCK=E|F%ULEN=134%DAT=E)
 
-Fingerprint Microsoft Windows Server 2003
+# Microsoft Windows XP Pro Service Pack 2 Build 5 1 2600
+Fingerprint Microsoft Windows XP Pro SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=20%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+Fingerprint Microsoft Windows 2003 Server
 Class Microsoft | Windows | 2003/.NET | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
 T1(DF=Y%W=402E|FB8B%ACK=S++%Flags=AS%Ops=MNW)
@@ -10890,7 +13682,7 @@ T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Microsoft Windows Server 2003 Enterprise Edition (English) with latest Windows Update patches as of September 2, 2004
-Fingerprint Microsoft Windows Server 2003 Enterprise Edition
+Fingerprint Microsoft Windows 2003 Server Enterprise Edition
 Class Microsoft | Windows | 2003/.NET | general purpose
 T1(DF=Y%W=B630%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
@@ -10902,7 +13694,8 @@ T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Windows Server 2003, build 3790
-Fingerprint Microsoft Windows Server 2003 or XP SP2
+# Microsoft Windows XP Media Center Edition
+Fingerprint Microsoft Windows 2003 Server or XP SP2
 Class Microsoft | Windows | 2003/.NET | general purpose
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=TR%gcd=<6)
@@ -10913,9 +13706,9 @@ T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
-Fingerprint Microsoft Windows Server 2003 Standard Edition
+Fingerprint Microsoft Windows 2003 Server Standard Edition
 Class Microsoft | Windows | 2003/.NET | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I)
 T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -10927,8 +13720,36 @@ T6(DF=N%W=C00|800%ACK=S%Flags=AR%Ops=WNMETL)
 T7(DF=N%W=400|1000%ACK=S++%Flags=AR%Ops=WNMETL)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Microsoft Windows 2003 Server Enterprise Edition
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E|F%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
+# Microsoft Windows 2003 Server Standard Edition (Build 3790.srv03_gdr.040410-1234)
+Fingerprint Microsoft Windows 2003 Server Standard Edition
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Windows 2003 Standard build 3790
-Fingerprint Microsoft Windows Server 2003 Standard Edition
+# Microsoft Windows 2003/.NET Standard Edition
+# Windows 2000 Server with SP4 fully patched as of 10/8/04
+Fingerprint Microsoft Windows 2000 Server SP4 or 2003 Server Standard Edition
+Class Microsoft | Windows | NT/2K/XP | general purpose
 Class Microsoft | Windows | 2003/.NET | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I)
 T1(DF=Y%W=402E|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT|MNNT)
@@ -10940,6 +13761,63 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
 T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E|F%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
+# MS Windows 2000: v5.00.2195: SP4
+Fingerprint Microsoft Windows 2000 SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=400|1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=400|800|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|C00|800%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows 2000 server SP4 with all current patches april 9th 2005
+Fingerprint Windows 2000 server SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1C3B8&>157%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows 2003 Server with SP1 and latest Windows Update patches as of May, 2005
+# Windows Server 2003 w/ SP1, build 3790.srv03_sp1
+# Microsoft Windows 2003 Server, version SBS 2003 Premium, just after Windows Server SP1 installed
+# Windows Server 2003 Version 5.2 (Build 3790.srv03_sp1_rtm.050324-1447: Service Pack 1
+# Windows Server 2003 w/ SP1, build 3790.srv03_sp1
+Fingerprint Microsoft Windows 2003 Server SP1
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows server 2003 sp1 [Version 5.2.3790]
+# Windows 2003 Service Pack 1 32 Bit Running on Abit Mobo AMD64
+Fingerprint MIcrosoft Windows 2003 Server SP1
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=FC00%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=FC00%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Microsoft Windows 3.1 with Trumpet Winsock 2.0 revision B
 Class Microsoft | Windows | 3.X | general purpose
 TSeq(Class=TD%gcd=10000%SI=<FF)
@@ -10965,6 +13843,19 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Windows 95 Version 4.00.950 OEM HP Pavilion 5010
+Fingerprint Microsoft Windows 95 4.00.950
+Class Microsoft | Windows | 95/98/ME | general purpose
+TSeq(Class=TD%gcd=<E4%SI=<14%IPID=BI)
+T1(DF=N%W=2017%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=2017%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=S++%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S++%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Win95 4.00.950B  -  IE 5 5.50.4807.2300
 Fingerprint Microsoft Windows 95 4.00.950B
 Class Microsoft | Windows | 95/98/ME | general purpose
@@ -11015,6 +13906,20 @@ T6(DF=N%W=0%ACK=S++%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows 98 X86 No Service Pack
+# Microsoft Windows 98 4.10.1998
+Fingerprint Microsoft Windows 98 4.10.1998
+Class Microsoft | Windows | 95/98/ME | general purpose
+TSeq(Class=TD%gcd=<142%SI=<186%IPID=BI%TS=U)
+T1(DF=Y%W=2024|7D78%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=2024|7D78%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O|S++%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O|S++%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Microsoft Windows 98 4.10.1998
 Class Microsoft | Windows | 95/98/ME | general purpose
 TSeq(Class=TD%gcd=<6%SI=<78%IPID=BI%TS=U)
@@ -11027,6 +13932,18 @@ T6(DF=N%W=0%ACK=S|O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Microsoft Windows 98
+Class Microsoft | Windows | 95/98/ME | general purpose
+TSeq(Class=TD%gcd=<6%SI=<1E%IPID=BI%TS=U)
+T1(DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=S++%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S++%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # Windows 98SE 4.10.2222A
 # Windows 98 4.10.1998
 Fingerprint Microsoft Windows 98 or 98SE
@@ -11041,6 +13958,20 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Windows 98SE + unoffical service pack 1.6.1 (includes all cumulative patches and hotfixes)
+#                (http://exuberant.ms11.net/98sesp.html)
+Fingerprint Windows 98SE
+Class Microsoft | Windows | 95/98/ME | general purpose
+TSeq(Class=TD%gcd=<E2%SI=<1E%IPID=RPI%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Microsoft Windows 98 SP1
 Class Microsoft | Windows | 95/98/ME | general purpose
 TSeq(Class=TD%gcd=<5%SI=<20)
@@ -11056,9 +13987,9 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 Fingerprint Microsoft Windows 98 SP2
 Class Microsoft | Windows | 95/98/ME | general purpose
 TSeq(Class=TD%gcd=<6%SI=<32%IPID=BI%TS=U)
-T1(DF=Y%W=270F%ACK=S++%Flags=AS%Ops=M)
+T1(DF=Y%W=270F|5FA0%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=270F%ACK=S++%Flags=AS%Ops=M)
+T3(Resp=Y%DF=Y%W=270F|5FA0%ACK=S++%Flags=AS%Ops=M)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -11105,6 +14036,35 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Windows 98 SE, no service packs, on AMD Sempron 2.4 GHz
+Fingerprint Windows 98 SE
+Class Microsoft | Windows | 95/98/ME | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1AA4&>D%IPID=RPI%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Win 98 SE, 4.10.2222 A (fully WindowsUpdated)
+# Windows 98 Second Edition build 4.10.2222 A
+# Microsoft Windows 98SE, Version 4.10.2222
+# Windows 98SE 4.10.2222 A  Compaq OEM version Patched as of 1/2005
+Fingerprint Microsoft Windows 98SE 4.10.2222
+Class Microsoft | Windows | 95/98/ME | general purpose
+TSeq(Class=TD%gcd=<E4%SI=<14%IPID=BI|RPI%TS=U)
+T1(DF=Y%W=2017|2058|FAF0|FFFF%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=2017|2058|FAF0|FFFF%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows 98SE, no service packs
 Fingerprint Microsoft Windows 98SE
 Class Microsoft | Windows | 95/98/ME | general purpose
@@ -11129,20 +14089,6 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N|Y)
 
-# http://www.turtlebeach.com/site/products/audiotron/producthome.asp
-Fingerprint Microsoft Windows 98SE or Turtle Beach AudioTron 100 network MP3 player
-Class Microsoft | Windows | 95/98/ME | general purpose
-Class Turtle Beach | embedded || media device
-TSeq(Class=TD%gcd=<68%SI=<1E%IPID=BI%TS=U)
-T1(DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
-T4(DF=N%W=0%ACK=O|S++%Flags=R%Ops=)
-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-
 # Microsoft Windows 98SE, service pack 1 installed, litepc installed (www.litepc.com)
 Fingerprint Microsoft Windows 98SE SP1
 Class Microsoft | Windows | 95/98/ME | general purpose
@@ -11194,12 +14140,13 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows Millennium (German) 4.90.3000
 Fingerprint Microsoft Windows Millennium Edition (Me)
 Class Microsoft | Windows | 95/98/ME | general purpose
 TSeq(Class=RI%gcd=<6%SI=<249A0&>3B6%IPID=I)
-T1(DF=Y%W=E920%ACK=S++%Flags=AS%Ops=MNWNNT)
+T1(DF=Y%W=2180|E920%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=E920%ACK=S++%Flags=AS%Ops=MNWNNT)
+T3(Resp=Y%DF=Y%W=2180|E920%ACK=S++%Flags=AS%Ops=MNWNNT)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -11247,16 +14194,16 @@ T6(DF=N%W=0%ACK=S++|O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++|S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
-Fingerprint Microsoft Windows 2000 AD SP4
+Fingerprint Microsoft Windows 2000 Advanced Server SP2
 Class Microsoft | Windows | NT/2K/XP | general purpose
-TSeq(Class=TR%gcd=<6)
-T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
-T2(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
-T3(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
-T4(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+TSeq(Class=RI%gcd=<6%SI=<22FBA&>28B%IPID=I)
+T1(DF=Y%W=7530%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=7530%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
-T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 Fingerprint Microsoft Windows 2000 Advanced Server SP3
@@ -11297,6 +14244,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
+# Windows 2000 Advanced Server Version 5.0 (Build 2195: Service Pack 4)
+Fingerprint Windows 2000 AS SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|800|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 Fingerprint Microsoft Windows 2000 AS SP4
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<7CE98&>6B7)
@@ -11348,10 +14308,11 @@ T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # Microsoft Windows 2000 Pro SP2
-# Microsoft  Windows XP Pro SP1
-Fingerprint Microsoft Windows 2000 Pro SP2 or Windows XP SP1
+# Microsoft Windows XP Pro SP1
+# Microsoft Windows XP Professional, ver. 5.1 Build 2600.xpclnt_qfe.010827-1803
+Fingerprint Microsoft Windows 2000 SP2 or XP or XP SP1
 Class Microsoft | Windows | NT/2K/XP | general purpose
-TSeq(Class=RI%gcd=<6%SI=<270D8&>3E9%IPID=I)
+TSeq(Class=RI%gcd=<6%SI=<327F6C&>3E9%IPID=I)
 T1(DF=Y%W=FD80%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
 T3(Resp=Y%DF=Y%W=FD80%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -11374,14 +14335,30 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# base one msg 170, 666
+# Windows 2000 Professional SP4 fully patched as of 10/20/04
+# Microsoft Windows 2000 Pro SP4 and latest Windows Update as of December 8th, 2004
 # Microsoft Windows 2000 Pro Version: 5.0.2195 Service Pack 4 Build 2195
 # Microsoft 2000 Professional SP4  CPU AMD
 Fingerprint Microsoft Windows 2000 Pro SP4
 Class Microsoft | Windows | NT/2K/XP | general purpose
-TSeq(Class=RI%gcd=<6%SI=<2B0D4&>22E%IPID=I)
-T1(DF=Y%W=2238|8753|9FFF|FC94%ACK=S++%Flags=AS%Ops=MNWNNT)
+TSeq(Class=TR|RI%gcd=<6%SI=<2B0D4&>22E%IPID=I)
+T1(DF=Y%W=2238|7D78|8753|9FFF|FC94%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=2238|8753|9FFF|FC94%ACK=S++%Flags=AS%Ops=MNWNNT)
+T3(Resp=Y%DF=Y%W=2238|7D78|8753|9FFF|FC94%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows 2000 Server (Spanish) with SP4 build 2195
+Fingerprint Microsoft Windows 2000 Server SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<67DF4&>2FB%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=A%Ops=NNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -11462,45 +14439,6 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint Microsoft Windows 2000 Server SP4
-Class Microsoft | Windows | NT/2K/XP | general purpose
-TSeq(Class=RI%gcd=<6%SI=<E76A8&>110C)
-T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
-T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=N%W=0%ACK=S|S++%Flags=AR%Ops=)
-PU(DF=N%TOS=C0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
-
-# Windows 2000 Server Edition Version 5.0 (Build 2195: Service Pack 4)
-Fingerprint Microsoft Windows 2000 Server SP4
-Class Microsoft | Windows | NT/2K/XP | general purpose
-TSeq(Class=RI%gcd=<6%SI=<21E62&>256%IPID=I)
-T1(DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
-T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
-
-# Windows 2000 Server SP 4 + ALL patches at 25 Sep. 2003
-# Windows XP Pro SP1 and latest Windows Update patches as of Oct 04, 2004
-Fingerprint Microsoft Windows 2000 Server SP4 or XP SP1
-Class Microsoft | Windows | NT/2K/XP | general purpose
-TSeq(Class=RI%gcd=<6%SI=<2B430&>5AD%IPID=I)
-T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
-T2(Resp=Y%DF=N%W=C00|400|1000%ACK=S%Flags=AR%Ops=WNMETL)
-T3(Resp=Y%DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=WNMETL)
-T4(DF=N%W=400|1000%ACK=S%Flags=AR%Ops=WNMETL)
-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=C00|400%ACK=S%Flags=AR%Ops=WNMETL)
-T7(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=WNMETL)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=F%ULEN=134%DAT=E)
-
 Fingerprint Microsoft Windows 2000 SP1
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<1F216&>251%IPID=I)
@@ -11551,6 +14489,20 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows 2000 Pro (Russian) SP2 with some antiworm patches (MS04-011 etc.), firewalled with wipfw (http://wipfw.sourceforge.net) dropping TCP_SYNFIN
+# MS Windows 2000 Professional Rus with SP2 with only Sasser etc. patches
+Fingerprint Microsoft Windows 2000 Pro (Russian) SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<3073C&>393)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Microsoft Windows 2000 SP2
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<2FE90&>6F9%IPID=I%TS=U)
@@ -11575,6 +14527,20 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# base on msg 1039
+# Microsoft Windows 2000 SP2 with Hotfix Q300972, Q301625
+Fingerprint Microsoft Windows 2000 SP2 with Hotfix (Pre-SP3)
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<8%SI=<1E08C&>15A%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|1000|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|C00|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|1000|800%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows 2000 Pro with SP3 and latest Windows Update
 # patches as of August 22, 2003 - Laptop using G-Trans PCMCIA CDMA
 # Wireless card.
@@ -11652,6 +14618,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0|D0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint MS Windows 2000 Server SP3
+Class Microsoft | Windows || general purpose
+TSeq(Class=RI%gcd=<6%SI=<30714&>2A7%IPID=I)
+T1(DF=Y%W=2DA0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=2DA0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows 2000 SP3
 Fingerprint Microsoft Windows 2000 SP3
 Class Microsoft | Windows | NT/2K/XP | general purpose
@@ -11702,13 +14680,94 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=80%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+# Microsoft Windows 2000 server with SP4 and Windows Update patches as of January 14, 2005.
+# Microsoft Windows 2000 server with SP4 and latest Update Patches as of January 10 2005
+Fingerprint Microsoft Windows 2000 Server SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<E76A8&>110C)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S|S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C0|68%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
+
+# Fingerprint Windows 2000 build 5.00.2195 SP4
+Fingerprint Windows 2000 SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<8%SI=<78816&>95%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows 2000 Server Edition Version 5.0 (Build 2195: Service Pack 4)
+Fingerprint Microsoft Windows 2000 Server SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<21E62&>256%IPID=I)
+T1(DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# Microsoft Windows 2000 server with SP4 and no other updates
+# Windows 2000 Server SP 4 + ALL patches at 25 Sep. 2003
+# Windows XP Pro SP1 and latest Windows Update patches as of Oct 04, 2004
+Fingerprint Microsoft Windows 2000 Server SP4 or XP SP1
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2B430&>5AD%IPID=I)
+T1(DF=Y%W=FA00|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=C00|400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Microsoft Windows 2000 with SP4 ( version 5.0 (build 2195: sp 4) )
+Fingerprint Microsoft Windows 2000 SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<17D54&>2B4%IPID=I%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++|O%Flags=AS|A%Ops=MNW|)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+Fingerprint Microsoft Windows 2000 server SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<DDB08&>6AA%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows 2000 Pro 5.00.2195 SP4 incl. latest Hotfixes till 30.12.2004
 # Microsoft Windows 2000 build 2195 SP 4
 Fingerprint Microsoft Windows 2000 SP4
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<139354&>972%IPID=I%TS=U)
-T1(DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNW)
+T1(DF=Y%W=402E|FAF0%ACK=S++%Flags=AS%Ops=MNW)
 T2(Resp=N)
-T3(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNW)
+T3(Resp=Y%DF=Y%W=402E|FAF0%ACK=S++%Flags=AS%Ops=MNW)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -11740,6 +14799,76 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Microsoft Windows 2000 SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<51CB6&>2DF%IPID=I)
+T1(DF=Y%W=B547%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=B547%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# base on msg 2213(-2210), 2378, 2473, 2476, 2174, 2153, 1942, 1955
+# Microsoft Windows 2000 Pro (German) with SP4 build 2195 and latest Windows Update patches (2005.5.19)
+# Windows 2000 terminal version 5.0 build 2195 service pack 4
+# Microsoft Windows 2000 Pro SP4 and latest Windows Update patches (2005.6.11)
+# Microsoft Windows 2000 server with SP4 and latest Windows Update patches as of May 17, 2005
+# Windows XP Professional Version 2002 Service Pack 1
+# Microsoft Windows 2000 advanved server SP4
+Fingerprint Microsoft Windows 2000 SP4 or XP SP1
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=B547|FC00|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=B547|FC00|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# MS Windows 2000 Professional w/SP4 build 2195
+Fingerprint Microsoft Windows 2000 Pro SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<29B6C&>2EF%IPID=I%TS=U)
+T1(DF=Y%W=FB06|FF70%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FB06|FF70%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows 2000 Version 5.0 Build 2195 SP 4 X86
+Fingerprint Windows 2000 SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=4204|FFAF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=4204|FFAF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows Version 5.0 build 2195 SP 4
+Fingerprint Windows 2000 SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=7FFF|832C|FA00%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=7FFF|832C|FA00%ACK=S++|O%Flags=AS|A%Ops=MNWNNT|NNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows 2000 SP4 and latest Windows Update patches as of Sept 26, 2003 running BlackICE
 # Microsoft Windows XP Pro with SP1 and latest Windows Update patches as of September 01, 2003
 Fingerprint Microsoft Windows 2000 SP4 or Windows XP SP1
@@ -11829,6 +14958,18 @@ T6(DF=N%W=0%ACK=S++%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Microsoft Windows NT 4.0 SP5
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TD%gcd=<6%SI=<50%IPID=BI%TS=U)
+T1(DF=Y%W=C000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=C000%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Microsoft Windows NT 4.0 SP5-SP6
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<DA16&>21A)
@@ -11929,6 +15070,33 @@ T6(DF=N%W=C00|1000|400%ACK=S%Flags=AR%Ops=WNMETL)
 T7(DF=N%W=C00|400%ACK=S++%Flags=AR%Ops=WNMETL)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Windows NT 4.0 Service pack 6 w/exchange 5.5
+# Microsoft Windows NT 4.0 service pack 6 (English)
+Fingerprint Windows NT 4.0 SP6
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<8%SI=<1F9C8&>FA%IPID=BI|RPI|RD%TS=U)
+T1(DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows XP [Version 5.1.2600]
+Fingerprint Microsoft Windows XP
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2C09C&>2CB%IPID=I%TS=U)
+T1(DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=C00|400|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400|800%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint Microsoft Windows XP Home Edition
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<23C4E&>330%IPID=I%TS=U)
@@ -11941,7 +15109,7 @@ T6(DF=N%W=0%ACK=O%Flags=AR%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-#  Microsoft Windows XP Home (German) w/SP1
+# Microsoft Windows XP Home (German) w/SP1
 # ver 5.1 build 2600.xpsp2.030422-1633 : SP 1; German version
 # Microsoft Windows XP Home (German) w/SP1 
 Fingerprint Microsoft Windows XP Home Edition (German) SP1
@@ -11969,6 +15137,75 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows XP Home (Italian) w/SP1 build 2600.xpclnt_qfe.021108-2107
+# Windows XP Home w/SP2
+Fingerprint Microsoft Windows XP Home w/SP1 or w/SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2522E&>381%IPID=I%TS=U)
+T1(DF=Y%W=1FE0%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows XP Home (English) w/SP2 build 2600.xps_p2_gdr.050301:1519
+Fingerprint Microsoft Windows XP Home (English) w/SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=800|1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=F%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# bsed on msg 2236, 1304
+# Microsoft R Windows Version 5.1 (Build 2600.xpsp2.040919-1003 : Service Pack 1)
+# MS Windows XP version 5.1 (no. 2600 xpsp2.040919-1003: Service Pack 1)
+Fingerprint Microsoft Windows XP Pro SP1
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2553A&>42E%IPID=I)
+T1(DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNT)
+T2(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microaodr Windows XP Professional with SP! and latest Windows Update patches as of June 1, 2005
+Fingerprint Microaodr Windows XP Pro SP1
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows Version 5.1 Build 2600.xpsp2.030825-2117: Service Pack 1
+# Microsoft Windows XP Pro SP1 build 2600, latest windows updates (march 27, 2005)
+Fingerprint MS Windows XP Pro SP1
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1B1AC&>29E%IPID=I%TS=U)
+T1(DF=N%W=2000|4000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Windows XP Pro WITHOUT ANY service packs
 # Windows XP SP1
 Fingerprint Microsoft Windows XP Pro
@@ -12058,6 +15295,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Microsoft Windows XP Pro SP1
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=RI%gcd=<6%SI=<31812&>7D7%IPID=I)
+T1(DF=Y%W=7D00%ACK=O|S++%Flags=A|AS%Ops=NNT|MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows XP Pro Edition Version 5.1 Build (2600.xpsp2.030422-1633: Service Pack 1)
 # Microsoft Windows XP Pro w/SP1 and latest patches as of Jan 31,2004
 # Microsoft Windows XP Professional (Italian) w/SP1 build 2600.xpsp2.030422-1633# Microsoft Windows XP Pro (Spanish) w/SP1 (Build 2600.xpsp2.030422-1633 : Service Pack 1) Intel
@@ -12111,13 +15360,27 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint windows 2003 Server Standart Edition SP1
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=5C%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Windows XP Pro Version 5.1 (Build 2600.xpsp2.030422-1633: Service Pack1)
+# Windows XP SP1 running ZoneAlarm
+# Microsoft Windows XP Pro Version 5.1 (Build 2600.xpsp2_gdr.040517-1325: Service Pack 1)
 Fingerprint Microsoft Windows XP Pro SP1
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<63826&>D28%IPID=I%TS=U)
-T1(DF=Y%W=6270|8000|AE4C|E7B0|F990%ACK=S++%Flags=AS%Ops=MNW)
+T1(DF=Y%W=3BB8|6270|8000|9448|A1D3|AE4C|E7B0|F990%ACK=S++%Flags=AS%Ops=MNW)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=6270|8000|AE4C|E7B0|F990%ACK=S++%Flags=AS%Ops=MNW)
+T3(Resp=Y%DF=Y%W=3BB8|6270|8000|9448|A1D3|AE4C|E7B0|F990%ACK=S++%Flags=AS%Ops=MNW)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -12174,11 +15437,15 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Windows XP Professional 2002 - Service Pack 1 - Hotfixes
 # Windows XP Profesional build 2600.xpsp2.030422-1633: Service Pack 1
-Fingerprint Microsoft Windows XP Pro SP1
+# Windows XP Professional w/SP1 build 2600.xpsp1.030422-166: Service Pack 1
+# Windows XP Pro (Italian) build 2600 with SP1 and latest Windows Update patches as of middle Sept. 2004 circa
+# Microsoft Windows 2000 SP4 all updates as of Apr 17 2004
+Fingerprint Microsoft Windows XP Pro SP1 or 2000 SP4
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=RI%gcd=<6%SI=<209B8&>33C%IPID=I)
-T1(DF=Y%W=FC00%ACK=S++%Flags=AS%Ops=MNWNNT)
+T1(DF=Y%W=6270|FC00%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
 T3(Resp=N)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -12266,6 +15533,32 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0|40%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows XP Pro w/ SP1 V5.1.2600 and most WU patches as of 4/20/05
+# Microsoft Windows XP Professional 5.1.2600 Service Pack 1 Build 2600
+# Microsoft Windows XP Home (English) with Service Pack 2
+# Windows XP Pro (Version 5.1 - Build 2600.xpsp2.050301-1526: Service Pack 1)
+# version 5.1 build 2600 xpsp2 040919-1003 service pack 1
+# Windows 2000 SP4 Version 5.0 (Build 2195: Service Pack 4) on a 2 GHz Pentium 4
+# Microsoft Windows 2000 s/SP4 build 5.00.2195
+# Microsoft Windows 2000 Pro 5.00.2195 SP4 - all patches as of 02 Jun 2005 (OEM)
+# Windows 2000 Advanced Server SP4 and patches as of June 17 2004
+# Microsoft Windows 2000 Professional (v5.0, Build 2195, SP4), all current hotfixes applied 7th June
+# Microsoft Windows 2000 Professional with SP4 and latest Windows Update patches as of June 21, 2005
+# Microsoft Windows 2000 Advanced SP4 running Sphinx a-Wall
+# Microsoft Windows XP Pro w/SP1a build 2600.xpsp2.050301-1526
+# Microsoft Windows XP Professional (German) w/SP1 build 2600.xpsp1.050301-1526
+Fingerprint Microsoft Windows XP Pro SP1/SP2 or 2000 SP4
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E|FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=402E|FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows XP Version 5.1 (Build 2600.xpsp 1.020828-1920: Service Pack 1) > latest Windows Update patch too (1/31/03)
 # Windows 2000 with Service Pack 3
 Fingerprint Microsoft Windows XP SP1 or Windows 2000 SP3
@@ -12280,6 +15573,47 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows Server 2003, Enterprise Edition, no service packs, (build 3790.srv03_rtm.030324-2048)
+# Microsoft Windows XP Professional (English) w/SP2 with latest updates through Nov. 24, 2004
+Fingerprint Microsoft Windows 2003 Server Enterprise Edition or XP Pro SP2
+Class Microsoft | Windows | 2003/.NET | general purpose
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=6360%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=6360%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows 2003 standard edition version 5.2 build 3790.srv03_rtm.030324-2048 and lastest windows updates patches as november 9, 2004
+Fingerprint Microsoft Windows 2003 standard edition
+Class Microsoft | Windows | 2003/.NET | general purpose
+T1(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows 5.2 (Build 3790.srv03_sp1_rtm.050324-1447 : Service Pack 1)
+# Windows Server 2003 SP1 all patches as of June-23-05
+Fingerprint Windows 2003 Server SP1
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows XP SP1 (Build 2600.XP SP2.030422-1633:Service Pack 1)
 # Microsoft Windows XP Pro with SP1 and latest Windows Update patches as of Oct 12, 2003 except Q817778
 # Windows 2000 Pro with SP4 and latest Windows Update patches as of november 25th, 2003
@@ -12295,35 +15629,274 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
+# Microsoft Windows XP [Version 5.1.2600] (XP Professional SP1)
+Fingerprint Microsoft Windows XP Pro SP1
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=C00|800%ACK=S%Flags=R%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|1000|C00%ACK=S%Flags=R%Ops=WNMETL)
+T4(DF=N%W=1000|800%ACK=S%Flags=R%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|400|800%ACK=S%Flags=R%Ops=WNMETL)
+T7(DF=N%W=1000|800%ACK=S%Flags=R%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows XP2 - version 5.1 (Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2)
+Fingerprint Microsoft Windows XP SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=F0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows Version 5.1 (Build 2600.xpsp_sp2_trm.040803-2158 : Service Paxk 2) (XP Pro +SP2 + Hotfix)
+Fingerprint Microsoft Windows XP Pro SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Microsoft Windows XP Version 5.1 Home German SP2 (Build 2600.xpsp_sp2_rtm.040803-2158 : SP2), latest Updates as of Oct 27, 2004
+Fingerprint Microsoft Windows XP Home (German) SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=805C%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows xp Pro SP2 German (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2) with Agnitum Outpost Firewall Pro ver.+2.1.303.4009 (314)
+# Microsoft Windows XP Professional Version 2002 w/SP2 build 5.1.2600 latest MS patches as of Feb 9, 2005
+Fingerprint Microsoft Windows XP Pro SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=FB8B|FC00%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows XP Professionnel (5.1) Service Pack 2
+Fingerprint Windows XP Pro SP 2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=C00|800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|800|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T6(DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|800%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
+# MS Windows XP SP2 (English) Build 2600.xpsp2_rtm.040803-2158
+# Microsoft Windows XP Professional Version 5.1 (Build 2600.xpsp2_gdr.050301-1519 : Service Pack 2)
+# Microsoft Windows XP Pro (Spanizh) with SP2 and latest Windows Update patches as June 5,+2005
 Fingerprint Microsoft Windows XP SP2
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I)
-T1(DF=Y%W=6360|805C|FFAF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T1(DF=Y%W=C6C|4000|7D41%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=6360|805C|FFAF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T3(Resp=Y%DF=Y%W=C6C|4000|7D41%ACK=S++%Flags=AS%Ops=MNWNNT)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-# Microsoft Windows XP Professional (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
-Fingerprint Microsoft Windows XP SP2
+# Fingerprint Microsoft Windows XP Professional w/SP2 and latest updates
+Fingerprint Microsoft Windows XP Pro SP2
 Class Microsoft | Windows | NT/2K/XP | general purpose
-TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
-T1(DF=Y%W=5A0|FFFF%ACK=S++%Flags=AS%Ops=MNW)
-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=5A0|FFFF%ACK=S++%Flags=AS%Ops=MNW)
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=400|C00%ACK=S%Flags=R%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|1000%ACK=S%Flags=R%Ops=WNMETL)
+T4(DF=N%W=800|1000%ACK=S%Flags=R%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00%ACK=S%Flags=R%Ops=WNMETL)
+T7(DF=N%W=800%ACK=S%Flags=R%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Microsoft Windows XP Pro Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2
+# Microsoft Windows XP Professional w/SP2 build 2600.xpsp_sp2_rtm.040803-2158
+# Microsoft Windows XP Professional w/SP2 and latest Windows Updates patches as of Dec 15, 2004
+# Windows Version 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
+# Microsoft Windows XP Professional (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
+# Microsoft Windows XP Professional (Spanish) w/SP2 build 2600.xpsp_sp2_trm.040803-2158
+# Windows Server 2003 Standard edition, Microsoft windows vers.5.2 build 3790.srv03_rtm.030324-2048
+# Microsoft Windows XP Professional Version 2002 Service Pack 2
+# Windows 2003 Server Standard Edition germany
+# Microsoft Windows Server 2003 EE Version 5.2 (Build 3790.srv03_gdr.040410-1234)
+# Microsoft Windows XP home (hebrew) with SP2
+Fingerprint Microsoft Windows XP SP2 or 2003 Server
+Class Microsoft | Windows | NT/2K/XP | general purpose
+Class Microsoft | Windows | 2003/.NET | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# bsed on msg 1079
+# Fingerprint Microsoft Windows XP Proffesional (Polish) with SP2 and all patches available on January 19, 2005
+Fingerprint Microsoft Windows XP Pro SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=805C%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=805C%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Micrososoft Windows Version 5.1 (Build 2600.XPSP_SP2_GDR.050301-1519 : Service Pack 2)
+Fingerprint Micrososoft Windows XP SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Fingerprint Microsoft Windows XP Pro (Spanish) w/SP2
+Fingerprint Microsoft Windows XP Pro (Spanish) SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6)
+T1(DF=Y%W=805C%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=805C%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+# Microsoft Windows XP Professional (English) w/ SP2 (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
+# Widows XP Professional (English UK) w/SP2 - latest patches as of 20 Dec 2004 - build 2600.xpsp_sp2_rtm.040803-2158
+# Microsoft Windows XP Home (French) w/SP2 build 2600.xpsp_sp2_rtm.040803-2158
+# Microsoft Windows XP Profesional (English) w/SP2 Ver 5.1 build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2
+Fingerprint Microsoft Widows XP SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=Y%W=805C|88A4|FC94|FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=805C|88A4|FC94|FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows XP PRO CORP. ED. Version 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
+# Microsoft Windows 2003 Enterprize Edition (version 5.2 (build 3790.srv03_gdr.040410-1234))
+# Microsoft Windows XP Pro SP2 5.1.2600 SP2 Build 2600, Athlon x86, no firewall
+# Windows 2003 Enterprise Server 5.2 build 3790, srv03_gdr.040410-1234  as of Feb 22, 2003
+# Mircosoft Windows Server 2003 Enterprise w/sp1 build 3790.srv03_sp1_rtm.050324-1447
+Fingerprint Microsoft Windows XP Pro SP2 or 2003 Server Enterprise Edition
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# windows XP Pro SP2 and latest updates as of 3/7/05
+# Microsoft Windows XP version 5.1 600.xpsp_sp2_rtm.040803-2158 : service pack 2
+Fingerprint Microsoft Windows XP SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%TS=U)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNW)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# base on msg 570, 1033
+# Windows XP SP2 (firewall off).  Version 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
+# Microsoft Windows Windows XP Corporate (French) w/SP2 build 2600.xpsp_sp2_rtm.040803-2158 on Intel Pentium 4 1.2 GHz
+Fingerprint Microsoft Windows XP SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=7E4A%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=7E4A%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows 2003 Enterprise Server patches as of 3 May 2003  - NO SP1
+# Microsoft windows Server 2003 Standard Edition (Corp. build) - Version 5.2 (Build+3790.srv03_gdr.040410-1234)
+Fingerprint Microsoft Windows XP SP2 or 2003 Server
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Microsoft Windows XP Professional SP2 ( Build 2600.xpsp_sp2_rtm.040803-2158)
+# Microsoft WIndows XP Proffesional Version 2002 Service Pack 2
+Fingerprint Microsoft Windows XP Pro SP2
+Class Microsoft | Windows | NT/2K/XP | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=N%W=FFFF%ACK=S++|O%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=FFFF%ACK=S++|O%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Microsoft Windows XP Home (English) w/SP2 build 2600.xpsp_sp2_rtm.040803-2158
 # Microsoft Windows XP Home (English) w/SP2 build 2600.xpsp_sp2_rtm.040803-2158
 # Microsoft Windows XP Pro with SP2 (Version 5.1 Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2)
-Fingerprint Microsoft Windows XP SP2 (firewall enabled)
+# Microsoft Windows XP Professional SP2 (Build 2600.xpsp_sp2_rtm.040803-2158)
+# Microsoft Windows XP Pro w/SP2
+# Windows XP sp2 (build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2)
+Fingerprint Microsoft Windows XP SP2
 Class Microsoft | Windows | NT/2K/XP | general purpose
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U|0)
 T1(DF=Y%W=6360|FC94|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT|MNW)
@@ -12333,7 +15906,21 @@ T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
-PU(Resp=N)
+PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Windows XP Pro SP2: Version 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158: Service Pack 2 (firewall disabled)
+Fingerprint Microsoft Windows XP Pro SP2 (firewall disabled)
+Class Microsoft | Windows | NT/2K/XP | general purpose
+SInfo(V=3.75%P=i386-unknown-openbsd3.6%D=11/16%Tm=419AC185%O=135%C=1%M=0080C6)
+TSeq(Class=TR%IPID=I%TS=0)
+T1(Resp=Y%DF=Y%W=FC94%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(Resp=Y%DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # HP Jornada running Windows CE 2.11 (Handheld/PC Pro 3.0) running on StrongARM 1100
 Fingerprint HP Jornada running Microsoft Windows CE 2.11 (Handheld/PC Pro 3.0 PDA)
@@ -12360,6 +15947,19 @@ T6(DF=N%W=0%ACK=S++%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=40%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Microsoft Windows CE 3.0 build 126 on StrongARM
+Fingerprint Microsoft Windows CE 3.0
+Class Microsoft | Windows | PocketPC/CE | specialized
+TSeq(Class=TD%gcd=<E4%SI=<14%IPID=RPI|BI)
+T1(DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Windows Pocket PC 2003 second edition vanilla on a Dell Axim x30 via 802.11
 # HP t5300 running `Microsoft Windows CE 4.2
 # ADAM-6500 controller with Windows CE .NET 4.10 build 908
@@ -12375,19 +15975,6 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-# Microsoft Windows Longhorn Preview, Version 6.0 Build 4051.idx 02.031001-1340
-Fingerprint Microsoft Windows Longhorn Preview
-Class Microsoft | Windows | Windows Longhorn | general purpose
-TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
-T1(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T2(Resp=N)
-T3(Resp=N)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(Resp=N)
-PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-
 # Windows 2000 Pro, Build 2195 SP4
 Fingerprint Microsoft Windows 2000 Pro SP4
 Class Microsoft | Windows || general purpose
@@ -12425,6 +16012,18 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint MikroTik RouterOS 2.7.20
+Class MikroTik | RouterOS || software router
+TSeq(Class=RI%gcd=<6%SI=<1B9B36E&>46A4A%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=400|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
 Fingerprint Minix 32-bit/Intel 2.0.0
 Class Minix | Minix || general purpose
 TSeq(Class=RI|TD%gcd=1|2|3|457%SI=<FFF)
@@ -12472,6 +16071,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+Fingerprint Konica-Minolta Di3010 photocopier/printer/scanner
+Class Minolta | embedded || printer
+TSeq(Class=64K%IPID=I%TS=2HZ)
+T1(DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=FFFF%ACK=O%Flags=A%Ops=NNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
 # VxWorks (for Destiny D8405 Pass 2 (Firmware build for Pass 1)) version 5.4.2.
 Fingerprint Minolta QMS Printer running VxWorks 5.4.2
 Class Minolta | VxWorks || printer
@@ -12521,10 +16132,26 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Motorola BSR 1000R(tm) version 1.1.19.PRR
+Fingerprint Motorola BSR 1000R
+Class Motorola | BSD-misc || general purpose
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=O%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=134%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
 # Motorola Surfboard SB5100e VxWorks Version: 5.4
 # Motorola CG4500E Communication Gateway (cable modem)
 # Thomson TCM390 cable modem; Software Version:  ST33.07.00; Software Model:   A801; Bootloader:  2.1.4c
-Fingerprint Cable Modem: Motorola Surfboard/CG4500E or Thomson TCM390
+# Motorola Surfboard Cable modem Software Version: SB5100-2.3.1.3-SCM00-NOSHHardware Version: 3MIB+Version: IIGUI Version: 1.0VxWorks Version: 5.4
+# Motorola Cable Modem SB5100E SW_REV: SB5100E-2.3.1.3-SCM01-NOSH
+# Motorola SB5100 Surfboard 5100 Cable Modem vSB5100-2.3.1.6-SCM01-NOSH
+Fingerprint Motorola Cable Modem SB5100/CG4500E or Thomson Cable Modem TCM390
 Class Motorola | VxWorks || broadband router
 TSeq(Class=64K%IPID=I%TS=U)
 T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
@@ -12536,6 +16163,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
 
+# Motorola Surfboard SB5100 running Software version SB5100-2.3.1.6-SCM01-NOSH
+Fingerprint Motorola Surfboard SB5100 cable modem
+Class Motorola | VxWorks || broadband router
+TSeq(Class=RI%gcd=<6%SI=<FCB886&>286BF%IPID=I%TS=U)
+T1(DF=N%W=16D0%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N|Y%W=16D0%ACK=S++|O%Flags=AS|A%Ops=MNW|)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
 # Motorola SurfBoard 4401 provided by adelphia
 Fingerprint Motorola SurfBoard 4401 cable modem
 Class Motorola | VxWorks || broadband router
@@ -12622,6 +16262,19 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+# Multi-Tech Voice over IP Box. Model number (MultiVoip 2410)
+Fingerprint MultiTech MultiVoip 2410
+Class MultiTech | embedded || VOIP Gateway
+TSeq(Class=TD%gcd=<1F502%SI=<1E%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=400|800%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=C00%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
 Fingerprint NAT LANB/290 router Console Program V4.00
 Class NAT | embedded || router
 TSeq(Class=TD%gcd=<80004%SI=<14)
@@ -12822,6 +16475,25 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# NetApp Release 6.5.2R1: Wed Sep  8 17:00:29 PDT 2004
+# NetApp Filer F820 running Ontap Release 6.5.2R1
+# NetApp NetCache 5.6
+# Network Appliance DataOnTap v6.5.2 "NetApp Release 6.5.2: Sun Jul 25 10:56:02 PDT 2004"
+# NetApp NetCache Release 5.6.2
+# NetCache OS 6.0.1
+Fingerprint NetApp Filer (Data OnTap 6.5.2) or NetCache (NetApp 5.6 - 6.0.1)
+Class NetApp | Data ONTAP || fileserver
+Class NetApp | embedded || web proxy
+TSeq(Class=TR%gcd=<6%IPID=BI%TS=100HZ)
+T1(DF=Y%W=2017%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # NetCache 5.1D4 on a NetApp C1100 Box
 Fingerprint NetApp NetCache C1100 (NetApp 5.1D4)
 Class NetApp | embedded || web proxy
@@ -13074,7 +16746,7 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=4801%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint NetBSD 1.6.1 (Alpha)
+Fingerprint NetBSD 1.6 - 1.6.1 (Alpha)
 Class NetBSD | NetBSD || general purpose
 TSeq(Class=RI|TR%gcd=<6%SI=<656F846%IPID=I)
 T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -13086,11 +16758,24 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# 1262
+# NetBSD 1.6.2 (GENERIC) #0: Wed Feb 11 08:05:11 UTC 2004 sparc
 Fingerprint NetBSD 1.6.2 (X86)
 Class NetBSD | NetBSD || general purpose
-T1(DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T1(DF=N%W=4000|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=N%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T3(Resp=Y%DF=N%W=4000|FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+Fingerprint NetBSD 1.6.2 (alpha)
+Class NetBSD | NetBSD || general purpose
+T1(DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=N)
 T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
@@ -13139,8 +16824,13 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # netbsd 1.6ZH GENERIC
 # NetBSD 1.6ZK NetBSD 1.6ZK #1: Thu Feb 19 18:05:56 EST 2004
-# NetBSD 2.0 
-Fingerprint netbsd 1.6ZH - 2.0RC4
+# NetBSD 2.0
+# NetBSD alpha1 2.0_RC4
+# NetBSD 2.0.1
+# NetBSD 2.0.2 (GENERIC_LAPTOP) #0: Wed Mar 23 08:59:09 UTC 2005 i386
+# NetBSD 2.0.2 i386
+# NetBSD 2.0.2 on sparc64
+Fingerprint NetBSD 1.6ZH or 2.0 - 2.0.2
 Class NetBSD | NetBSD || general purpose
 TSeq(Class=RI%gcd=<6%SI=<714D5B4&>50BA4%IPID=I)
 T1(DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -13152,7 +16842,7 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint NetBSD/Alpha 1.5.2 on a DEC 3000/300 LX
+Fingerprint NetBSD/Alpha 1.5.2 on a DEC 000/300 LX
 Class NetBSD | NetBSD || general purpose
 TSeq(Class=RI%gcd=<6%SI=<736B300&>106DED%IPID=I%TS=2HZ)
 T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -13164,6 +16854,44 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
 
+# NetBSD 2.0 (GENERIC) i386
+Fingerprint NetBSD 2.0
+Class NetBSD | NetBSD || general purpose
+TSeq(Class=RI%gcd=<6%SI=<71C334A&>9705A%IPID=I%TS=U)
+T1(DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# NetBSD 2.0 (GENERIC) IP Filter: v4.1.3 (396) Dsl Router x86
+Fingerprint NetBSD 2.0
+Class NetBSD | NetBSD || general purpose
+TSeq(Class=RI%gcd=<6%SI=<73607AC&>AC1A6%IPID=RD)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+Fingerprint Netburner Model 5282 Embedded Ethernet Microcontroller
+Class Netburner | embedded || specialized
+TSeq(Class=RI|TD%gcd=<6%SI=<45498%IPID=I%TS=U)
+T1(DF=N%W=0%ACK=S++%Flags=AS%Ops=MNNNL)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AS%Ops=MNNNL)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=R%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Netgear DG824M Wireless (WAP) & 4-Port ADSL Router  - Version 1.4 Release 05
 Fingerprint Netgear DG824M WAP
 Class Netgear | embedded || broadband router
@@ -13178,10 +16906,11 @@ T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
 # Netgear FM114P ProSafe Wireless Firewall with Print Server
+# netgear wgr614 v4 wireless router
 # REPOTEC IP515H Cable Router / Print Server
-Fingerprint Netgear FM114P/REPOTEC IP515H Router & Print Server
+Fingerprint Netgear wireless router or Netgear FM114P/REPOTEC IP515H Router & Print Server
 Class Netgear | embedded || broadband router
-TSeq(Class=TD%gcd=<104%SI=<1E%IPID=I%TS=U)
+TSeq(Class=TD%gcd=<404%SI=<1E%IPID=I%TS=U)
 T1(DF=N%W=C00%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
 T3(Resp=Y%DF=N%W=C00%ACK=S++%Flags=AS%Ops=M)
@@ -13191,6 +16920,18 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint Netgear WGR614 wireless router
+Class Netgear | embedded || broadband router
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 Fingerprint Netgear FVL328 vpn/firewall/router
 Class Netgear | embedded || broadband router
 T1(DF=N%W=C00%ACK=S++%Flags=AS%Ops=M)
@@ -13202,6 +16943,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(Resp=N)
 
+# NETGEAR FVL238 Firmware Version  Version 1.5 Release 09
+Fingerprint Netgear FVL238 vpn/firewall/router
+Class Netgear | embedded || broadband router
+TSeq(Class=RI%gcd=<6%SI=<2E7205A&>76E53%IPID=I%TS=U)
+T1(DF=N%W=C00%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=C00%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Netgear PS101 print server with firmware 6026
 Fingerprint Netgear PS101 print server
 Class Netgear | embedded || print server
@@ -13227,6 +16981,18 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint Netgear GS724T Gigabit Smart Switch
+Class Netgear | embedded || switch
+TSeq(Class=TD%gcd=<18%SI=<14%IPID=I%TS=U)
+T1(DF=Y%W=C00|1000%ACK=S++%Flags=AR%Ops=)
+T2(Resp=Y%DF=Y%W=800|1000%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=C00|400%ACK=S++%Flags=AR%Ops=)
+T4(DF=Y%W=1000%ACK=S++%Flags=AR%Ops=)
+T5(DF=Y%W=C00|1000|800%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=1000|800%ACK=S++%Flags=AR%Ops=)
+T7(DF=Y%W=1000%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint NetJet Version 3.0 - 4.0 Printer
 Class NetJet | embedded || printer
 TSeq(Class=TD%gcd=<4%SI=<4)
@@ -13306,11 +17072,10 @@ T6(Resp=N)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-# Netopia R7100-C v4.11
-# Netopia R5300 router; firmware v4.11
-Fingerprint Netopia DSL router
+# Netopia R9100 v4.8.2
+Fingerprint Netopia R9100 DSL Router
 Class Netopia | embedded || broadband router
-TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+TSeq(Class=TD%gcd=<FDEC%SI=<1E%IPID=I%TS=U)
 T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=N)
 T3(Resp=N)
@@ -13318,7 +17083,23 @@ T4(Resp=N)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(Resp=N)
 T7(Resp=N)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# Netopia R7100-C v4.11
+# Netopia R5300 router; firmware v4.11
+# Netopia R9171 v4.10
+# Netopia R910 v8.2r1
+Fingerprint Netopia DSL router
+Class Netopia | embedded || broadband router
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=400|2260%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
 # Netopia R5300 Router; firmware v4.6
 Fingerprint Netopia R5300 Router
@@ -13336,7 +17117,8 @@ PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 # Netopia Cayman 3341 DSL router
 # Radware Web Server Director NP with SynApps v8.10.02
 # Cayman Model 3347W Wireless DSL Ethernet Switch
-Fingerprint Netopia Cayman 3300-series router/WAP or Radware Web Server Director load balancer
+# Netopia Cayman 3347W DSL Modem and NAT Router
+Fingerprint Netopia Cayman 334x router/WAP or Radware Web Server Director load balancer
 Class Netopia | embedded || WAP
 Class Radware | embedded || load balancer
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
@@ -13397,6 +17179,19 @@ T6(DF=N%W=1000%ACK=S%Flags=AR%Ops=)
 T7(Resp=N)
 PU(Resp=N)
 
+# NetScreen NS-204 Firewall (Version: 5.2.0r1.0)
+Fingerprint NetScreen NS-204 Firewall
+Class NetScreen | ScreenOS || firewall
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint NetSilicon NetARM running ThreadX 2.0
 Class NetSilicon | ThreadX || specialized
 TSeq(Class=TD%gcd=<1F502%SI=<14%IPID=I%TS=U)
@@ -13543,6 +17338,20 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0|E0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
+# Nokia IPSO 3.8 Build039 (IPSO 3.8-BUILD039 releng 1404 07.23.2004-193500+i386)
+# Nokia IPSO 3.8.1-BUILD028 releng 1518  12.02.2004-222502 i386
+Fingerprint Nokia IPSO 3.8.x
+Class Nokia | IPSO || firewall
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=E0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 # Symbian OS 6.1 on Nokia N-Gage v 4.03
 Fingerprint Symbian OS 6.1 on Nokia N-Gage v 4.03 phone
 Class Nokia | Symbian || phone
@@ -13556,6 +17365,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Northern Telecom Supernode - Nortel Micronode telephone switch running OS version GSM15
+Fingerprint Nortel Micronode telephone switch running OS version GSM15
+Class Nortel | embedded || telecom-misc
+TSeq(Class=TD%gcd=<120004%SI=<14%IPID=Z%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Nortel Networks BayStack 450-24T Versions: HW:RevL  FW:V1.48 SW:v4.2.0.16 ISVN:2
 Fingerprint Nortel Networks BayStack switch
 Class Nortel | embedded || switch
@@ -13667,6 +17489,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint novell netware 4.11
+Class Novell | NetWare | 4.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RPI%TS=U)
+T1(DF=Y%W=1800%ACK=S++%Flags=AS%Ops=MWN)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint NetWare 4.11 SP7- 5 SP3A BorderManager 3.5
 Class Novell | NetWare | 4.X | general purpose
 TSeq(Class=RI%gcd=<6%SI=<1843D74&>3E1D0)
@@ -13829,6 +17663,18 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+Fingerprint Novell Netware 6 (no service packs)
+Class Novell | NetWare | 6.X | general purpose
+TSeq(Class=RI%gcd=<6%SI=<3B034FE&>24038%IPID=BI%TS=U)
+T1(DF=Y%W=1800%ACK=S++%Flags=AS%Ops=MEWN)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # NetWare 6.5 SP2 (running on a Compaq Proliant ML370)
 Fingerprint NetWare 6.5 SP2
 Class Novell | NetWare | 6.X | general purpose
@@ -13891,16 +17737,48 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint NSG 500 router. OS version 7.6.1 (http://www.nsg.ru)
+Fingerprint Novell Netware 6.5 SP2
+Class Novell | NetWare | 6.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=U)
+T1(DF=Y%W=1800%ACK=S++%Flags=AS%Ops=MWN)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Novell NetWare 5.1 SP8
+# Novell NetWare 6.5 SP3
+# Novell Open Enterprise Server, NetWare 6.5 Support Pack Revision 03
+# Novell NetWare Open Enterprise Server (OES) (English, First Customer Shipping version) installed with everything on it, X86
+Fingerprint Novell NetWare 5.1 SP8 or 6.5 SP3
+Class Novell | NetWare | 5.X | general purpose
+Class Novell | NetWare | 6.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=BI|RPI%TS=U)
+T1(DF=N|Y%W=17FF%ACK=S++%Flags=AS%Ops=MEWN)
+T2(Resp=Y%DF=N|Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N|Y%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N|Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N|Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N|Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N|Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# NSG 500 router. OS version 7.6.1 (http://www.nsg.ru)
+# NSG-520/Network Systems Group, running Version 7.6.1
+# NX-300/3wl/1e1/Network Systems Group running Version 7.6.3
+Fingerprint NSG-300/500 series router running Version 7.6.x
 Class NSG | embedded || router
-TSeq(Class=TD%gcd=<14004%SI=<28%IPID=I%TS=U)
+TSeq(Class=TD%gcd=<50004%SI=<3C%IPID=I%TS=U)
 T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
 T3(Resp=Y%DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
 T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
-T7(Resp=N)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # OkiData 20nx printer with OkiLAN 6100e TCP/IP Ethernet module
@@ -14218,30 +18096,19 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0|20%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
+# OpenBSD 3.4 GENERIC#18 i386
 Fingerprint OpenBSD 3.4 (X86)
 Class OpenBSD | OpenBSD | 3.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
 T1(DF=N%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
 T2(Resp=N)
-T3(Resp=Y%DF=N%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T3(DF=N%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
 T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
-Fingerprint OpenBSD 3.4 - 3.7
-Class OpenBSD | OpenBSD | 3.X | general purpose
-TSeq(Class=TR%gcd=<6%IPID=RD|RPI%TS=2HZ)
-T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
-T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-
 Fingerprint OpenBSD 3.4 x86
 Class OpenBSD | OpenBSD | 3.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
@@ -14254,6 +18121,7 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
+# OpenBSD 3.4, custom kernel, pf firewall enabled
 Fingerprint OpenBSD 3.4 x86 with pf "scrub in all"
 Class OpenBSD | OpenBSD | 3.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
@@ -14264,7 +18132,7 @@ T4(DF=Y%W=4000%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E|F%UCK=E%ULEN=134%DAT=E)
 
 Fingerprint OpenBSD 3.4 x86 with pf "scrub in all"
 Class OpenBSD | OpenBSD | 3.X | general purpose
@@ -14290,7 +18158,43 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint OpenBSD 3.5 (SPARC)
+# OpenBSD 3.4 GENERIC#18 i386
+Fingerprint OpenBSD 3.4
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# OpenBSD 3.5 (GENERIC#34 i386)
+# OpenBSD 3.5 GENERIC#34 i386
+# OpenBSD 3.6 GENERIC#59 i386
+# OpenBSD 3.5 GENERIC#20 mac68k
+# OpenBSD 3.6 GENERIC#203 sparc
+# OpenBSD 3.6-stable on SPARC
+# OpenBSD 3.6 GENERIC#304 sparc64
+# OpenBSD 3.7 GENERIC#50 i386
+Fingerprint OpenBSD 3.5 - 3.7
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# OpenBSD 3.5 GENERIC#34 i386
+# Fingerprint OpenBSD 3.5 (SPARC)
+# OpenBSD 3.6 GENERIC#59 i386
+Fingerprint OpenBSD 3.5 or 3.6
 Class OpenBSD | OpenBSD | 3.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
 T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -14302,7 +18206,10 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint OpenBSD 3.5 with pf "scrub in all"
+# Open BSD 3.6 on Soekris net 4801
+# Openbsd 3.6 SPARC Generic#203
+# OpenBSD 3.6 i386, default kernel
+Fingerprint OpenBSD 3.5 or 3.6
 Class OpenBSD | OpenBSD | 3.X | general purpose
 TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
 T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -14314,6 +18221,60 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# OpenBSD 3.6 GENERIC#1 i386
+# OpenBSD 3.5 GENERIC#72 amd64
+# OpenBSD 3.6 GENERIC#59 i386
+Fingerprint OpenBSD 3.5 or 3.6
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y|N%W=4000%ACK=O|S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# OpenBSD convex.tohveli.net 3.6 GENERIC#3 i386, applied binpatches #1 to #10
+Fingerprint OpenBSD 3.6
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=20|38%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# OpenBSD 3.6 GENERIC.MP#173 i386
+Fingerprint OpenBSD 3.6
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# OpenBSD 3.6 i386
+Fingerprint OpenBSD 3.6
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # OpenBSD fwall.xxx.xx 3.6 GENERIC#42 i386
 Fingerprint OpenBSD 3.6 x86 with pf "scrub in all"
 Class OpenBSD | OpenBSD | 3.X | general purpose
@@ -14326,6 +18287,81 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint OpenBSD 3.6 (i386)
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# OpenBSD 3.6 on a Sparc 20
+Fingerprint OpenBSD 3.6
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# OpenBSD 3.6-current i386 AMD-K6(tm) 3D processor ("AuthenticAMD" 586-class)
+Fingerprint OpenBSD 3.6
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# OpenBSD 3.6 GENERIC i386
+Fingerprint OpenBSD 3.6
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=2HZ)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=60%IPLEN=38%RIPTL=148%RID=F%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+Fingerprint OpenBSD 3.7
+Class OpenBSD | OpenBSD | 3.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=RD)
+T1(DF=Y%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+Fingerprint Open Network 501r or 531r (ADSL Router)
+Class Open Networks | embedded || broadband router
+TSeq(Class=TD%gcd=<2C%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=800%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=800%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Pace digital cable TV receiver
 Class Pace | embedded || media device
 TSeq(Class=RI%gcd=<6%SI=<2C3AB3E&>62A0A%IPID=Z%TS=100HZ)
@@ -14362,6 +18398,8 @@ T6(DF=N%W=578%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=578%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=148%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=F)
 
+# Packet8 DTA-310 (DTA version 1.0 US (8x8 001239))
+# Packet 8 DTA310 broadband phone adapter
 Fingerprint Packet8 DTA310 VoIP/POTS gateway
 Class Packet8 | embedded || VoIP adapter
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
@@ -14374,6 +18412,19 @@ T6(DF=Y%W=578%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=578%ACK=S++%Flags=AR%Ops=)
 PU(DF=Y%TOS=0%IPLEN=148%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=F)
 
+# Packet8 BPA410 Broadband Phone Adapter
+Fingerprint Packet8 BPA410 Broadband Phone Adapter
+Class Packet8 | embedded || VoIP adapter
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=Y%W=578%ACK=S++%Flags=AS%Ops=)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=578%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=578%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=578%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=Y%TOS=0%IPLEN=148%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=F)
+
 Fingerprint Packeteer PacketShaper 4000 v4.1.3b2 2000-04-05
 Class Packeteer | pSOS || load balancer
 TSeq(Class=64K)
@@ -14448,6 +18499,31 @@ T6(DF=N%W=400%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=400%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Panasonic WJ-NT104 Network Interface Unit w/firmware version : V1.01G 010323A
+Fingerprint Panasonic WJ-NT104 Network video device
+Class Panasonic | embedded || webcam
+TSeq(Class=RI%gcd=<6%SI=<3183A&>7C8%IPID=I%TS=U)
+T1(DF=N%W=2DA0%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2DA0%ACK=O%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+Fingerprint Parks Altavia 671R router
+Class Parks | embedded || broadband router
+TSeq(Class=TD%gcd=<F404%SI=<1E%IPID=I%TS=2HZ)
+T1(DF=N%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=403D%ACK=O%Flags=A%Ops=NNT)
+T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
 # PCS Intus 3100 running TCL Version 5 with Firmware version 4.54
 Fingerprint PCS Intus 3100 time management device
 Class PCS | embedded || specialized
@@ -14485,6 +18561,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# Perle 594e Network Controller
+Fingerprint Perle 594e Network Controller
+Class Perle | embedded || remote management
+T1(DF=Y%W=C39%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=Y%W=100%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=C39%ACK=O%Flags=AS%Ops=M)
+T4(DF=Y%W=100%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=100%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=100%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=100%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Phillips ReplayTV 5000 DVR
 Class Phillips | embedded || media device
 TSeq(Class=64K%IPID=I%TS=2HZ)
@@ -14548,6 +18636,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# switch planet-fgsw-2620vs http://www.planet.com.tw/news/productnews/FGSW-2620VS.htm
+Fingerprint Planet FGSW-2620VS switch
+Class Planet | embedded || switch
+TSeq(Class=TD%gcd=<14%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AR%Ops=)
+T2(Resp=Y%DF=N%W=400%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=400%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=400%ACK=S++%Flags=AR%Ops=)
+T5(DF=N%W=400%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=400%ACK=S++%Flags=AR%Ops=)
+T7(DF=N%W=400%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint Polycom ViewStation
 Class Polycom | embedded || webcam
 TSeq(Class=C)
@@ -14584,6 +18685,18 @@ T6(Resp=N)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+Fingerprint Polycom Video Conference node
+Class Polycom | embedded || webcam
+TSeq(Class=C%Val=8B6A000%IPID=I%TS=U)
+T1(DF=N%W=5B40%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint PowerShow NetworKam webcam
 Class PowerShow | embedded || webcam
 TSeq(Class=TD%gcd=<194%SI=<14%IPID=I%TS=U)
@@ -14669,6 +18782,19 @@ T6(DF=N%W=C00%ACK=S++%Flags=AR%Ops=WNMETL)
 T7(DF=N%W=C00%ACK=S++%Flags=AR%Ops=WNMETL)
 PU(Resp=N)
 
+# QNX 6.00 2000/10/17-14:59:25edt x86pc x86
+Fingerprint QNX 6.00 realtime embedded OS (x86) 
+Class QNX | QNX || general purpose
+TSeq(Class=TD%gcd=<4AB54%SI=<82%IPID=I%TS=U)
+T1(DF=N%W=1000|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=C00|400|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T6(DF=N%W=C00|1000|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
 # Quanterra OS/9 V2.4 on 68K (Quanterra Q4124 - 68030)
 Fingerprint Quanterra seismic data acquisition system running OS/9 V2.4 on 68K
 Class Quanterra | OS/9 || specialized
@@ -14808,7 +18934,8 @@ T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
 # Redback SMS500 Redback Networks AOS Release 5.0.4.0 PRODUCTION RELEASE
-Fingerprint Redback SMS500 Redback Networks router AOS Release 5.0.4.0
+# Redback Networks AOS Release 5.0.3.8 PRODUCTION MAINTENANCE RELEASE
+Fingerprint Redback SMS500 Redback Networks router AOS Release 5.0.3.8 - 5.0.4.0
 Class Redback | AOS || router
 TSeq(Class=RI%gcd=<6%SI=<56DF6&>337%IPID=I%TS=U)
 T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
@@ -14818,7 +18945,7 @@ T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E|F%UCK=0|F%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0|E|F%UCK=0|F%ULEN=134%DAT=E)
 
 Fingerprint Redback SMS 1000-2000 DSL Router
 Class Redback | embedded || broadband router
@@ -14868,6 +18995,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=3401%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# RiverStone RS3000 System Software version 9.1.2.5
+Fingerprint RiverStone RS3000 router
+Class RiverStone | embedded || router
+TSeq(Class=RI%gcd=<6%SI=<60158&>7CD%IPID=I%TS=2HZ)
+T1(DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=400|1000|800%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=800|400|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|400|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=134%RID=E|F%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint RoadLanner broadband router BRL-04FW 6.15.02r Build 0091 L:01
 Class RoadLanner | embedded || broadband router
 TSeq(Class=TD%gcd=<6E004%SI=<14%IPID=I%TS=1000HZ)
@@ -14892,8 +19032,10 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
-Fingerprint Savin 9927 Copier
+# Ricoh Aficio 270 copier Ver. 1.4.9, Network Interface Board Ver. 4.0.7 (ELAND__99)
+Fingerprint Savin 9927 Copier or Ricoh Aficio 270 copier
 Class Savin | embedded || printer
+Class Ricoh | embedded || printer
 TSeq(Class=i800%IPID=I%TS=U)
 T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=ME)
 T2(Resp=N)
@@ -14902,7 +19044,33 @@ T4(DF=N%W=2000%ACK=O%Flags=UR%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=1C%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
+PU(DF=Y|N%TOS=0%IPLEN=38%RIPTL=1C%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
+
+# Scientific Atlanta Explorer 4200 - Digital Cable Box
+Fingerprint Scientific Atlanta Explorer 4200 Digital Cable Box
+Class Scientific-Atlanta | embedded || media device
+TSeq(Class=64K%IPID=I%TS=2HZ)
+T1(DF=N%W=209D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=209D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T4(DF=N%W=2000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=68%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
+# Scientific Atlanta PowerVu Program Receiver Model D9850/9010, Version: 1.51 2004-02-06 14:45:06
+Fingerprint Scientific Atlanta PowerVu Program Receiver Model D9850/9010
+Class Scientific-Atlanta | embedded || media device
+TSeq(Class=TD%gcd=<3D094%SI=<1E%IPID=I%TS=1000HZ)
+T1(DF=N%W=209D%ACK=S++%Flags=AS%Ops=MENWNNT)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 Fingerprint SCO OpenServer 5.0.5
 Class SCO | OpenServer || general purpose
@@ -15001,6 +19169,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=E%ULEN=134%DAT=E)
 
+# SCO UnixWare 2.1 LiveScan Fingerprint Server
+Fingerprint SCO UnixWare 2.1
+Class SCO | UnixWare || general purpose
+TSeq(Class=RI%gcd=<6%SI=<6D77C0&>B174%IPID=I%TS=U)
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint SCO UnixWare 2.1.2
 Class SCO | UnixWare || general purpose
 TSeq(Class=RI%gcd=<6%SI=>FFFF)
@@ -15157,6 +19338,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E)
 
+# SGI Iris Indigo R4000 running IRIX 4.0.5F
+Fingerprint SGI IRIX 4.0.5F
+Class SGI | IRIX | 4.X | general purpose
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=EF1F%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=EF1F%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=F000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint SGI IRIX 5.2
 Class SGI | IRIX | 5.X | general purpose
 TSeq(Class=64K)
@@ -15305,6 +19499,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint SGI IRIX 6.5.16m
+Class SGI | IRIX | 6.X | general purpose
+TSeq(Class=RI|i800%gcd=<144%SI=<712%IPID=RPI%TS=2HZ)
+T1(DF=N%W=C000%ACK=S++%Flags=AS%Ops=MNWNNTNNM)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=C000%ACK=O%Flags=A%Ops=NNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # IRIX 6.5 6.5.20m IP32
 Fingerprint SGI IRIX 6.5.20m
 Class SGI | IRIX | 6.X | general purpose
@@ -15331,6 +19537,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint SGI IRIX 6.5.25
+Class SGI | IRIX | 6.X | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=N%W=C000%ACK=S++%Flags=AS%Ops=MNWNNTNNM)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=C000%ACK=O%Flags=A%Ops=NNT)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint SGI IRIX 6.5.7f-6.5.8f
 Class SGI | IRIX | 6.X | general purpose
 TSeq(Class=64K)
@@ -15405,6 +19623,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=0%UCK=E%ULEN=134%DAT=E)
 
+# Siemens 5940 T1E1 [COMBO] Router (5940-001) v6.1.020-1
+Fingerprint Siemens Broadband Router 5940 T1/E1
+Class Siemens | embedded || broadband router
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=F%UCK=0%ULEN=134%DAT=E)
+
 # Siemens Santis 50 wireless adsl router / Firmware version: 5.0.0.11 CPU: Helium 210-80
 # A wireless router which functions as a gateway to the internet.
 Fingerprint Siemens Santis 50 wireless adsl router
@@ -15456,6 +19686,18 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Siemens HiPATH3500 VoIP PBX
+Class Siemens | embedded || PBX
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=4000%ACK=S++|O%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=4000%ACK=S++|O%Flags=AS%Ops=M)
+T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
 # Siemens S7-400 PLC CPU-416-2
 Fingerprint Siemens S7-400 programmable logic controller
 Class Siemens | embedded || specialized
@@ -15566,9 +19808,13 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)
 
+# Sipura SPA-2000 VOIP Firmware version 2.09d
+# SPA-841 VOIP Phone (SIP) with firmware 0.9.5
 # Sipura SPA SPA-1000 Software Version: 1.0.33 Hardware Version: 2.0.1
+# Sipura SPA-2000 VoIP Adapter
 # Sipura SPA-2000  Software Version: 2.0.10(d)   IP Phone Adaptor
-Fingerprint Sipura SPA-1000 or SPA-2000 POTS<->VOIP gateway
+# Sipura SPA-3000, firmware 2.0.13(GWg)
+Fingerprint Sipura SPA-841/1000/2000/3000 POTS<->VOIP gateway
 Class Sipura | embedded || VoIP adapter
 TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
 T1(DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
@@ -15714,6 +19960,35 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)
 
+# base on msg 2615
+# PRO 3060 Standard SonicOS Standard 3.1.0.1-60s
+Fingerprint SonicWall PRO 3060 firewall
+Class SonicWall | SonicOS || firewall
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
+# SonicWALL TZ170 Firewall with SonicOS
+# SonicWall FZ170 Unrestricted (firewall/VPN appliances)  with SonicOS 2.6
+# SonicOS 3.0.0.4-41s on SonicWALL TZ 170
+Fingerprint SonicWALL TZ170 Firewall
+Class SonicWall | SonicOS || firewall
+TSeq(Class=64K%IPID=I%TS=2HZ)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=4000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
 Fingerprint SonicWall SOHO-3 firewall
 Class SonicWall | SonicOS || firewall
 T1(DF=N%W=1000%ACK=S++%Flags=AR%Ops=)
@@ -15774,6 +20049,43 @@ T6(Resp=Y%DF=N%W=400%ACK=S++%Flags=AR%Ops=)
 T7(Resp=Y%DF=N%W=400%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint SonicWall TZ 170 Firewall
+Class SonicWall | SonicOS || firewall
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=100HZ)
+T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
+T2(Resp=Y%DF=N%W=C00|400|1000%ACK=S++%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=1000|800%ACK=S++%Flags=AR%Ops=)
+T5(DF=N%W=1000|800|400%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|800%ACK=S++%Flags=AR%Ops=)
+T7(DF=N%W=1000|C00%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+# SonicWall TZ 170 SonicOS 2.5.0.2 Enhanced
+Fingerprint SonicWall TZ 170
+Class SonicWall | SonicOS || firewall
+TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
+T1(DF=N%W=4000%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=Y%DF=N%W=C00|400%ACK=S++%Flags=AR%Ops=)
+T3(Resp=N)
+T4(DF=N%W=400|C00%ACK=S++%Flags=AR%Ops=)
+T5(DF=N%W=800|1000|C00%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|1000|C00%ACK=S++%Flags=AR%Ops=)
+T7(DF=N%W=1000|800|C00%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)
+
+Fingerprint SONY AIBO ERS-7 running AIBO MInd 2
+Class Sony | embedded || robotic pet
+TSeq(Class=TR|TD%gcd=<186A4%SI=<64%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=R%Ops=)
+T3(Resp=Y%DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=R%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint PS2 Linux 1.0 on Sony PS2 game console
 Class Sony | Linux || game console
 TSeq(Class=RI%gcd=<6%SI=<20E2FE8&>5428C%IPID=I%TS=100HZ)
@@ -15822,6 +20134,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint Soyo G668 VoIP phone
+Class Soyo | embedded || VoIP phone
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=514%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=O%Flags=R%Ops=)
+PU(Resp=N)
+
 # speedstream router 5871 v4.0.1
 Fingerprint Speedstream 5871 DSL router
 Class SpeedStream | embedded || broadband router
@@ -15859,6 +20183,18 @@ T6(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=A8%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint StackTos 2.1
+Class StackTools | StackTos || general purpose
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=5AC%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
+T3(Resp=Y%DF=N%W=5AC%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0|20%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Stratus VOS Release 14.3.1ae
 Class Stratus | VOS || general purpose
 T1(DF=N%W=C00%ACK=S++%Flags=BAR%Ops=WNMETL)
@@ -15997,10 +20333,36 @@ T6(DF=Y|N%W=0%ACK=O|S%Flags=AR|R%Ops=|WNMETL)
 T7(DF=Y|N%W=0%ACK=S|O%Flags=AR|R%Ops=|WNMETL)
 PU(DF=Y|N%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E|F%UCK=F|E%ULEN=134%DAT=E)
 
+# SunOS 5.10 Generic sun4u sparc SUNW,Sun-Fire-V250
+Fingerprint SunOS 5.10 (sparc)
+Class Sun | Solaris | 10 | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=C0B7%ACK=S++%Flags=AS%Ops=NNTMNW)
+T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=Y%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+Fingerprint Sun Solaris 5.10.1
+Class Sun | Solaris | 10 | general purpose
+TSeq(Class=RI%gcd=<6%SI=<1C36BAC&>4838E%IPID=RPI%TS=U)
+T1(DF=Y%W=C0B7%ACK=O|S++%Flags=A|AS%Ops=NNT|NNTMNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# Sun Solaris 8 // Sun Fire 80080
 Fingerprint Sun Solaris 8
 Class Sun | Solaris | 8 | general purpose
 TSeq(Class=RI|TR%gcd=<8%SI=<FEC86&>E0F%IPID=I%TS=100HZ)
-T1(DF=Y%W=5B4|60DA|807A|B68%ACK=S++%Flags=AS%Ops=NNTNWM|NNTM)
+T1(DF=Y%W=5B4|60DA|801B|807A|B68%ACK=S++%Flags=AS%Ops=NNTNWM|NNTM)
 T2(Resp=N)
 T3(Resp=N)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
@@ -16033,6 +20395,47 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=Y%TOS=20%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Sun Netra T1 - SunOS 5.8 Generic_108528-24 sun4u sparc SUNW,UltraAX-i2
+# SunOS 5.8 Generic 117000-03, sun4u+sparc SUNW,UltraAX-i2
+Fingerprint Sun Solaris 8
+Class Sun | Solaris | 8 | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=60DA%ACK=S++%Flags=AS|A%Ops=NNTNWM|NNT)
+T2(Resp=Y%DF=N%W=400|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=400|800%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=800|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|400|C00|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=400|800|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# SunOS 5.8 Generic_108528-05 sun4u sparc SUNW,Ultra-5_10
+# SunOS fenix 5.8 Generic_117350-22 sun4u sparc SUNW,Sun-Fire-880
+Fingerprint Sun Solaris 8
+Class Sun | Solaris | 8 | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=60DA%ACK=S++%Flags=AS%Ops=NNTNWM)
+T2(Resp=Y%DF=N%W=800|1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=C00|400|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=800|1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|400|800%ACK=S%Flags=AR%Ops=WNMETL)
+PU(Resp=N)
+
+# SunOS 5.8 Generic_108528-16 sun4u sparc SUNW,Ultra-5_10
+Fingerprint Sun Solaris 8
+Class Sun | Solaris | 8 | general purpose
+TSeq(Class=RI%gcd=<6%SI=<A4254&>10B4%IPID=I%TS=100HZ)
+T1(DF=Y%W=60DA%ACK=S++%Flags=AS%Ops=NNTNWM)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=C00|400|800%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(Resp=N)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
 # Trusted Solaris 8 - SunOS SunRayServer 5.8 TS8 sun4u sparc SUNW,Ultra-60
 Fingerprint Sun Trusted Solaris 8
 Class Sun | Solaris | 8 | general purpose
@@ -16054,14 +20457,67 @@ Fingerprint Sun Solaris 9 or 10
 Class Sun | Solaris | 9 | general purpose
 Class Sun | Solaris | 10 | general purpose
 TSeq(Class=RI%gcd=<6%SI=<A927C&>116A%IPID=I%TS=100HZ)
-T1(DF=Y%W=5B4|C0B7|807A%ACK=S++%Flags=AS%Ops=NNTMNW)
+T1(DF=Y%W=5B4|C0B7|801B|807A%ACK=S++%Flags=AS%Ops=NNTMNW)
 T2(Resp=N)
 T3(Resp=N)
 T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E|F%UCK=E|F%ULEN=134%DAT=E)
+
+# SunOS webbox 5.10 Generic i86pc i386 i86pc
+Fingerprint SunOS webbox 5.10 Generic
+Class Sun | Solaris | 10 | general purpose
+TSeq(Class=RI%gcd=<6%SI=<BE528&>D98%IPID=I%TS=100HZ)
+T1(DF=Y%W=C0B7%ACK=S++%Flags=AS%Ops=NNTMNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=C%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# SunOS 5.9 Generic_117171-11 sun4u sparc SUNW,Sun-Fire-480R
+Fingerprint Sun Solaris 9
+Class Sun | Solaris | 9 | general purpose
+TSeq(Class=TR%gcd=<6%IPID=I)
+T1(DF=Y%W=C0B7%ACK=S++%Flags=AS%Ops=NNTMNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=1000|800|400%ACK=S%Flags=R%Ops=WNMETL)
+T4(Resp=N)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
+
+# SunOS 5.9 Generic_117171-02 sun4u sparc SUNW,Sun-Fire-V440 SPARC
+# SunOS 5.9 Generic_117171-17 sun4u sparc SUNW,Sun-Fire-V440
+Fingerprint Sun Solaris 9
+Class Sun | Solaris | 9 | general purpose
+TSeq(Class=RI%gcd=<6%SI=<2B77E4&>160F%IPID=I%TS=100HZ)
+T1(DF=Y%W=C0B7%ACK=S++%Flags=AS%Ops=NNTMNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=400|1000|C00%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=C00|1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=800|1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=1000|800|400%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
+
+# Solaris 9 on a V120
+Fingerprint Sun Solaris 9
+Class Sun | Solaris | 9 | general purpose
+TSeq(Class=RI%gcd=<8%SI=<9501A&>68E%IPID=I%TS=100HZ)
+T1(DF=Y%W=C0B7%ACK=S++%Flags=AS%Ops=NNTMNW)
+T2(Resp=Y%DF=N%W=800|1000%ACK=S%Flags=AR%Ops=WNMETL)
+T3(Resp=Y%DF=N%W=1000|400%ACK=S++%Flags=AR%Ops=WNMETL)
+T4(DF=N%W=800|1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|400%ACK=S%Flags=AR%Ops=WNMETL)
+T7(DF=N%W=800|C00|1000%ACK=S++%Flags=AR%Ops=WNMETL)
+PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
 Fingerprint Sun Solaris 9 with TCP_STRONG_ISS set to 2
 Class Sun | Solaris | 9 | general purpose
@@ -16125,6 +20581,44 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=0%ULEN=134%DAT=E)
 
+Fingerprint Swissvoice IP 10S VoIP phone
+Class Swissvoice | embedded || VoIP phone
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# Symantec SGS 5310 Firewall
+Fingerprint Symantec Gateway Security 5310 Firewall
+Class Symantec | embedded || firewall
+TSeq(Class=TR%gcd=<6%TS=U)
+T1(DF=Y%W=7F53%ACK=S++%Flags=AS%Ops=MENW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(Resp=N)
+
+# Symantec Gateway Security model 5420 (Iwill mobo)
+Fingerprint Symantec Gateway Security 5420 firewall
+Class Symantec | embedded || firewall
+TSeq(Class=TR%gcd=<6%IPID=Z%TS=U)
+T1(DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=MNW)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Symantec Enterprise Firewall v7.0.4 (on Solaris 8)
 Class Symantec | Solaris | 8 | firewall
 TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
@@ -16155,9 +20649,9 @@ T1(Resp=N)
 T2(Resp=N)
 T3(Resp=N)
 T4(Resp=N)
-T5(DF=N%W=C00|800%ACK=S++%Flags=AR%Ops=)
-T6(DF=N%W=C00%ACK=S%Flags=AR%Ops=)
-T7(DF=N%W=800|1000|C00%ACK=S++%Flags=AR%Ops=)
+T5(DF=N%W=400|800|C00%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=C00|1000%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=800|C00|1000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
 # http://www.systech.com/catalog/RCS3000Entry.html
@@ -16223,6 +20717,18 @@ T6(DF=N%W=0%ACK=S%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint Tallycom+ printserver
+Class Tally | embedded || printer
+TSeq(Class=i800%IPID=I%TS=U)
+T1(DF=N%W=1C20%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=60%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Tandberg X-terminal
 Class Tandberg | embedded || X terminal
 TSeq(Class=64K)
@@ -16362,12 +20868,13 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Telindus 1124  ADSL router
 Fingerprint Telindus 11xx ADSL Router
 Class Telindus | embedded || broadband router
 TSeq(Class=TD%gcd=<30004%SI=<14%IPID=I%TS=U)
-T1(DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T1(DF=N%W=1F40|3E80%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=Y%DF=N%W=0%ACK=S%Flags=ARF%Ops=)
-T3(Resp=Y%DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T3(Resp=Y%DF=N%W=1F40|3E80%ACK=S++%Flags=AS%Ops=M)
 T4(DF=N%W=0%ACK=O%Flags=RF%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=ARF%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=RF%Ops=)
@@ -16397,8 +20904,10 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
-Fingerprint CPV Telsey broadband + voip residential gateway
+# Signal Network Technology Co, Ltd, VoIP appliance model sp100x running firmware version SP100X3.0.1
+Fingerprint CPV Telsey broadband + voip residential gateway or Signal SP100x VoIP appliance
 Class Telsey | embedded || broadband router
+Class Signal | embedded || VoIP Gateway
 TSeq(Class=TD%gcd=<138C%SI=<1E%IPID=I%TS=U)
 T1(DF=N%W=578%ACK=S++%Flags=AS%Ops=M)
 T2(Resp=N)
@@ -16445,8 +20954,25 @@ T6(DF=N%W=0%ACK=O%Flags=RF%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=ARF%Ops=)
 PU(Resp=N)
 
+Fingerprint Thomson THG 520 Cable Modem
+Class Thomson | embedded || broadband router
+TSeq(Class=TR%gcd=<6%IPID=I%TS=100HZ)
+T1(DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
+T2(Resp=N)
+T3(Resp=N)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
+
+# Speed touch 500 Series ADSL Router(Linux embeded)
+# Thomson SpeedTouch 510 Broadband Router, with firmware 4.2.7.16.0
+# Thomson SpeedTouch 510 DSL Router: 0344EGGNP  4.2.3.0.0  LLT6AA4.230
+# Thompson SpeedTouch 510 dsl router - software version  4.2.3.0.
 # Firmware 4.2.3.0.0 on Thomson (ex-Alcatel) SpeedTouch 510v4/530 DSL modem.
-Fingerprint Thomson Speed Touch 510 or 610i *DSL modem
+# Thomson Speedtouch 530 ADSL modem/router, firmware 4.2.7.16.0, board ADNT-Q
+Fingerprint Thomson Speed Touch 500 Series or 610i *DSL modem
 Class Thomson | embedded || broadband router
 TSeq(Class=TR%gcd=<6%IPID=I%TS=2HZ)
 T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -16456,7 +20982,20 @@ T4(DF=N%W=1000%ACK=O%Flags=R%Ops=)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E|F%UCK=E|F%ULEN=134%DAT=E)
+
+# Toshiba DOCSIS Cable Modem: HW_REV: 7.1; SW_REV: 1.8.017
+Fingerprint Toshiba DOCSIS Cable Modem
+Class Toshiba | embedded || broadband router
+TSeq(Class=TD%gcd=<138C%SI=<1E%IPID=I%TS=U)
+T1(DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
 Fingerprint Toshiba TR650 ISDN Router
 Class Toshiba | embedded || broadband router
@@ -16482,6 +21021,33 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
 
+# Treck Inc. TCP/IP stack (v2.1) on Orbacom T5 System Manager card (CPC-CAD)
+Fingerprint Treck TCP/IP stack v2.1
+Class Treck | Treck || general purpose
+TSeq(Class=TD%gcd=<3D094%SI=<DC%IPID=I%TS=U)
+T1(DF=N%W=2017%ACK=S++%Flags=AS%Ops=ME)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=2017%ACK=S++%Flags=AS%Ops=ME)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E)
+
+# http://www.turtlebeach.com/site/products/audiotron/producthome.asp
+Fingerprint Turtle Beach AudioTron 100 network MP3 player or Microsoft Windows 98SE
+Class Turtle Beach | embedded || media device
+Class Microsoft | Windows | 95/98/ME | general purpose
+TSeq(Class=TD%gcd=<68%SI=<1E%IPID=BI%TS=U)
+T1(DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O|S++%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Turtle Beach AudioTron with firmware 3.0.0
 Fingerprint Turtle Beach AudioTron network MP3 player
 Class Turtle Beach | embedded || media device
@@ -16533,6 +21099,19 @@ T6(DF=N%W=800%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=800%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# US Robotics USR8000 Broadband router, firmware 1.27 patched
+Fingerprint US Robotics USR8000 Broadband router
+Class 3Com | embedded || broadband router
+TSeq(Class=RI%gcd=<68%SI=<726%IPID=BI%TS=U)
+T1(DF=N%W=800|C00%ACK=S++%Flags=AR%Ops=)
+T2(Resp=Y%DF=N%W=400|1000%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1000|400%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=800|C00|400%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=400|800|1000%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|400|800%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=C00|1000%ACK=S++%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint US Robotics USR8022 broadband wireless router (WAP)
 Class US Robotics | embedded || WAP
 TSeq(Class=TD|RI%gcd=<68%SI=<636%IPID=I%TS=U)
@@ -16569,6 +21148,19 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 PU(Resp=N)
 
+# Vega 400 SIP Version: 10.02.07.1
+Fingerprint Vega 50/400
+Class VegaStream | embedded || VoIP gateway
+TSeq(Class=TR%gcd=<6%IPID=I%TS=U)
+T1(DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint VersaNet ISP-Accelerator(TM) Remote Access Server
 Class VersaNet | embedded || terminal server
 TSeq(Class=TD%gcd=<2004%SI=<14)
@@ -16617,7 +21209,7 @@ T4(Resp=N)
 T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(Resp=N)
 T7(Resp=N)
-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
 
 # Watchguard SoHo 6 TC Firewall (inside)
 Fingerprint WatchGuard Firebox SOHO V.5-V.6 firewall
@@ -16632,6 +21224,19 @@ T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Watchguard SOHO 6tc, Firewall 6.3.2 Feb 27 2004 build 1, Boot ROM 5.6
+Fingerprint Watchguard Firebox SOHO 6tc firewall
+Class WatchGuard | embedded || firewall
+TSeq(Class=TR%gcd=<6%IPID=RD%TS=U)
+T1(DF=N%W=1540%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=1000|400|C00%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=800|1000%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=800|1000%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=1000|800%ACK=S%Flags=AR%Ops=)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E|F%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Watchguard Firebox X700
 Class WatchGuard | embedded || firewall
 TSeq(Class=RI|TR%gcd=<6%SI=<2FFF7A6%IPID=Z|I%TS=100HZ|U)
@@ -16692,6 +21297,18 @@ T6(DF=N%W=800%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=800%ACK=S%Flags=AR%Ops=)
 PU(Resp=N)
 
+Fingerprint Winterm WYSE System Version 4.2.077
+Class WYSE | WYSE OS || terminal server
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=F000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=F000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=F000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)
+
 # WYSE OS Firmware V4.2.137
 Fingerprint WYSE Winterm terminal server
 Class WYSE | WYSE OS || terminal server
@@ -16765,6 +21382,18 @@ T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
 PU(Resp=N)
 
+Fingerprint Dell Laser Printer 5100cn
+Class Xerox | embedded || printer
+TSeq(Class=64K%IPID=I%TS=U)
+T1(DF=N%W=3000%ACK=S++%Flags=AS%Ops=)
+T2(Resp=N)
+T3(Resp=Y%DF=N%W=3000%ACK=O%Flags=A%Ops=)
+T4(DF=N%W=3000%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=4E4%RID=E%RIPCK=F%UCK=E%ULEN=134%DAT=E)
+
 Fingerprint Xerox Docuprint N2125 network printer
 Class Xerox | embedded || printer
 TSeq(Class=64K%IPID=I%TS=U)
@@ -16924,6 +21553,19 @@ T6(DF=N%W=400|1000%ACK=S%Flags=AR%Ops=)
 T7(DF=N%W=800|400%ACK=S++%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Zebra Technologies ZTC TLP2844-Z-200dpi
+Fingerprint Zebra Technologies TLP2844-Z printer
+Class Zebra | embedded || printer
+TSeq(Class=C%Val=14001%IPID=I%TS=U)
+T1(DF=N%W=5B4%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(Resp=N)
+
 Fingerprint ZoomAir IG-4165 wireless gateway (WAP)
 Class ZoomAir | embedded || WAP
 TSeq(Class=TD%gcd=<68%SI=<1E%IPID=I%TS=U)
@@ -17024,6 +21666,18 @@ T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
 T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+Fingerprint ZyXEL Prestige 791R
+Class Zyxel | ZyNOS || broadband router
+TSeq(Class=i800%IPID=I%TS=U)
+T1(DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # Zyxel ZyWALL 1 running ZyNOS Version V3.60(WD.3) | 05/24/2004
 Fingerprint Zyxel ZyWALL 1 firewall
 Class Zyxel | ZyNOS || firewall
@@ -17037,6 +21691,19 @@ T6(Resp=N)
 T7(Resp=N)
 PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
 
+# Zyxel Zywall 10W (Firmware V3.62(WH.7))
+Fingerprint Zyxel Zywall 10W firewall
+Class Zyxel | ZyNOS || firewall
+TSeq(Class=TD%gcd=<2004%SI=<3C%IPID=I%TS=U)
+T1(DF=N%W=5780%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=N)
+T3(Resp=N)
+T4(Resp=N)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(Resp=N)
+T7(Resp=N)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
 # ZyXEL ZyWALL 50 running ZyNOS V3.52(WC.2)C0 | 05/02/2003
 Fingerprint Zyxel ZyWALL 50 (ZyNOS 3.52)
 Class Zyxel | ZyNOS || firewall
@@ -17049,3 +21716,28 @@ T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
 T6(Resp=N)
 T7(Resp=N)
 PU(Resp=N)
+
+# ZyNOS version: V3.50(DT.5) | 07/06/2004 on a Zyxel ES-3024 switch
+Fingerprint Zyxel switch ES-3024 ZyNOS V3.50
+Class Zyxel | ZyNOS || switch
+TSeq(Class=i800%IPID=I%TS=U)
+T1(DF=N%W=5780%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T4(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T6(DF=N%W=0%ACK=O%Flags=R%Ops=)
+T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)
+PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
+
+# ZyXel ZyAir B-4000 wireless Lan Access Point with 4 port switch running ZyNOS
+Fingerprint ZyXel ZyAir B-4000 wireless Lan Access Point
+Class Zyxel | ZyNOS || WAP
+T1(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T2(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+T3(Resp=Y%DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T4(DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T5(DF=N%W=1000%ACK=S++%Flags=AS%Ops=M)
+T6(DF=N%W=0%ACK=O%Flags=AR%Ops=)
+T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
+PU(Resp=N)