diff --git a/CHANGELOG b/CHANGELOG
index 40b58471a..3dd326d45 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,15 +1,20 @@
 # Nmap Changelog ($Id$); -*-text-*-
+o Upgraded the included LibPCRE from version 6.4 to 6.7.  Thanks to
+  Jochen Voß (voss(a)seehuhn.de) for the suggestion (he found some bugs
+  in 6.4)
+
 4.20ALPHA11
 
 o Integrated all of your OS detection submissions, bringing the
   database up to 149 fingerprints.  This is an increase of 28% from
-  ALPHA10.  Notable new new additions include FreeBSD 6.1, a bunch of
-  HP LaserJet printers, and HP-UX 11.11.  We also got a bunch of more
+  ALPHA10.  Notable additions include FreeBSD 6.1, a bunch of HP
+  LaserJet printers, and HP-UX 11.11.  We also got a bunch of more
   obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for
-  programming EM2XX-family embedded devices".  I'm hoping that all the
-  obscure submissions mean that more of the mainstream systems are
-  being detected out of the box!  Please keep those submissions
-  (obscure or otherwise) coming!
+  programming EM2XX-family embedded devices".  Who doesn't have a few
+  of those laying around?  I'm hoping that all the obscure submissions
+  mean that more of the mainstream systems are being detected out of
+  the box!  Please keep those submissions (obscure or otherwise)
+  coming!
 
 4.20ALPHA10
 
diff --git a/MACLookup.cc b/MACLookup.cc
index 5336a5422..e23affdbe 100644
--- a/MACLookup.cc
+++ b/MACLookup.cc
@@ -182,7 +182,7 @@ static void mac_prefix_init() {
     ME->vendor = cp_strdup(p);
 
     if (MacTable.table_members > MacTable.table_capacity * 0.8)
-      error("WARNING:  nmap-mac-prefixes has grown to more than 80\% of our hash table size.  MacTable.table_capacity should be increased");
+      error("WARNING:  nmap-mac-prefixes has grown to more than 80%% of our hash table size.  MacTable.table_capacity should be increased");
 
     // Now insert it into the table
     if (MacTable.table_members >= MacTable.table_capacity)
diff --git a/docs/nmap.1 b/docs/nmap.1
index 78441a520..b7270df84 100644
--- a/docs/nmap.1
+++ b/docs/nmap.1
@@ -2,7 +2,7 @@
 .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
 .\" Instead of manually editing it, you probably should edit the DocBook XML
 .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "NMAP" "1" "11/02/2006" "" "Nmap Reference Guide"
+.TH "NMAP" "1" "11/03/2006" "" "Nmap Reference Guide"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -91,7 +91,7 @@ This options summary is printed when Nmap is run with no arguments, and the late
 \fI\%http://insecure.org/nmap/data/nmap.usage.txt\fR. It helps people remember the most common options, but is no substitute for the in\-depth documentation in the rest of this manual. Some obscure options aren't even included here.
 .PP
 .nf
-Nmap 4.20ALPHA10 ( http://insecure.org )
+Nmap 4.20ALPHA11 ( http://insecure.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc.
diff --git a/libpcre/COPYING b/libpcre/COPYING
new file mode 100644
index 000000000..daea2e48a
--- /dev/null
+++ b/libpcre/COPYING
@@ -0,0 +1,68 @@
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Release 6 of PCRE is distributed under the terms of the "BSD" licence, as
+specified below. The documentation for PCRE, supplied in the "doc"
+directory, is distributed under the same terms as the software itself.
+
+The basic library functions are written in C and are freestanding. Also
+included in the distribution is a set of C++ wrapper functions.
+
+
+THE BASIC LIBRARY FUNCTIONS
+---------------------------
+
+Written by:       Philip Hazel
+Email local part: ph10
+Email domain:     cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England. Phone: +44 1223 334714.
+
+Copyright (c) 1997-2006 University of Cambridge
+All rights reserved.
+
+
+THE C++ WRAPPER FUNCTIONS
+-------------------------
+
+Contributed by:   Google Inc.
+
+Copyright (c) 2006, Google Inc.
+All rights reserved.
+
+
+THE "BSD" LICENCE
+-----------------
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the name of Google
+      Inc. nor the names of their contributors may be used to endorse or
+      promote products derived from this software without specific prior
+      written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+End
diff --git a/libpcre/NMAP_MODIFICATIONS b/libpcre/NMAP_MODIFICATIONS
index 6405587ba..94b2b9650 100644
--- a/libpcre/NMAP_MODIFICATIONS
+++ b/libpcre/NMAP_MODIFICATIONS
@@ -1,4 +1,4 @@
-This directory conains a version of LibPCRE 4.3 that has been stripped
+This directory conains a version of LibPCRE 6.7 that has been stripped
 down to under half its original uncompressed size.  So if you want
 docs, tests and such, you should go to the PCRE website at
 http://www.pcre.org .  Here are the changes for the Nmap version:
@@ -104,3 +104,4 @@ intel:
  AC_SUBST(POSIX_OBJ)
  AC_SUBST(POSIX_LOBJ)
 
+o rm pcre_printint.src
diff --git a/nmap-os-db b/nmap-os-db
index 1c9d68e89..7d9c7fa4a 100644
--- a/nmap-os-db
+++ b/nmap-os-db
@@ -1740,24 +1740,6 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
 
-# Microsoft Windows Vista English PRE-RC1 Build 5536
-# Vista Beta 2 Build 5472
-Fingerprint Microsoft Windows Vista Beta 2 (Build 5472)
-Class Microsoft | Windows | Vista | general purpose
-SEQ(SP=D2-11B%GCD=<7%ISR=107-113%TI=I%II=I%SS=S%TS=6|7)
-OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11)
-WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
-ECN(R=Y%DF=Y%T=80%TG=80%W=2000%O=M5B4NW8NNS%CC=N%Q=)
-T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
-T2(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
-T4(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T5(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-T6(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T7(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-U1(DF=N%T=80%TG=80%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
-IE(DFI=N%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
-
 # Windows 2000 Advanced Server with SP4 and latest Windows Update patches as of September 8, 2006
 Fingerprint Microsoft Windows 2000 AS SP4
 Class Microsoft | Windows | 2000 | general purpose
@@ -1791,6 +1773,23 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=40%TG=40%TOSI=Z%CD=Z%SI=S%DLI=S)
 
+# Microsoft Windows 2000 server with SP4 build 2195
+Fingerprint Microsoft Windows 2000 Server SP4
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=F8-102%GCD=<7%ISR=9C-10D%TI=I%II=I%SS=O|S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=FAF0|FFFF%W2=FAF0|FFFF%W3=FAF0|FFFF%W4=FAF0|FFFF%W5=FAF0|FFFF%W6=FAF0|FFFF)
+ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0|FFFF%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=FAF0|FFFF%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
 # Taken on an X86 SMP machine
 Fingerprint Microsoft Windows 2000 SP4
 Class Microsoft | Windows | 2000 | general purpose
@@ -1825,6 +1824,26 @@ T7(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=81%TG=81%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=81%TG=81%TOSI=Z%CD=Z%SI=S%DLI=S)
 
+# German Version of Microsoft Windows 2000 Server with SP4 [Version 5.00.2195]
+# MS Windows 2000 Server SP4
+# MS win2K SP4 running Citrix Metaframe
+# Microsoft Windows 2000 pro SP4 and latest Windows Update patches as of Aug 15, 2005
+Fingerprint Microsoft Windows 2000 SP4
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=D5-101%GCD=<7%ISR=103-11A%TI=I%II=I%SS=S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=4470|FC00%W2=41A0|FC00%W3=4100|FC00%W4=40E8|FC00%W5=40E8|FC00%W6=402E|FC00)
+ECN(R=Y%DF=Y%T=80%TG=80%W=4470|FC00%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=402E|FC00%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
 # Windows 2003 Server winver output: Version 5.2 (Build 3790.srv03_sp1_rtm.050324-1447 : Service Pack 1)
 # Windows Server 2003 - 3790.srv03_sp1_rtm.050324-1447, Service Pack 1
 # windows 2003 x64 5.2 build 3790.srv03_sp1_gdr.060315-1609
@@ -1896,43 +1915,6 @@ T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=80%TG=80%TOS=0%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
 
-# Microsoft Windows 2000 server with SP4 build 2195
-Fingerprint Microsoft Windows 2000 Server SP4
-Class Microsoft | Windows | 2000 | general purpose
-SEQ(SP=F8-102%GCD=<7%ISR=9C-10D%TI=I%II=I%SS=O|S%TS=0)
-OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
-WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
-ECN(R=Y%DF=Y%T=80%TG=80%W=FFFF%O=M5B4NW0NNS%CC=N%Q=)
-T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
-T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=80%TG=80%W=FFFF%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
-T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
-IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
-
-# German Version of Microsoft Windows 2000 Server with SP4 [Version 5.00.2195]
-# MS Windows 2000 Server SP4
-# MS win2K SP4 running Citrix Metaframe
-# Microsoft Windows 2000 pro SP4 and latest Windows Update patches as of Aug 15, 2005
-Fingerprint Microsoft Windows 2000 SP4
-Class Microsoft | Windows | 2000 | general purpose
-SEQ(SP=D5-101%GCD=<7%ISR=103-11A%TI=I%II=I%SS=S%TS=0)
-OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
-WIN(W1=4470|FC00%W2=41A0|FC00%W3=4100|FC00%W4=40E8|FC00%W5=40E8|FC00%W6=402E|FC00)
-ECN(R=Y%DF=Y%T=80%TG=80%W=4470|FC00%O=M5B4NW0NNS%CC=N%Q=)
-T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
-T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
-T3(R=Y%DF=Y%T=80%TG=80%W=402E|FC00%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
-T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
-T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
-U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
-IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
-
 # Windows 98 4.10.1998
 Fingerprint Microsoft Windows 98
 Class Microsoft | Windows | 98 | general purpose
@@ -1966,6 +1948,24 @@ T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S)
 
+# Microsoft Windows Vista English PRE-RC1 Build 5536
+# Vista Beta 2 Build 5472
+Fingerprint Microsoft Windows Vista Beta 2 (Build 5472)
+Class Microsoft | Windows | Vista | general purpose
+SEQ(SP=D2-11B%GCD=<7%ISR=107-113%TI=I%II=I%SS=S%TS=6|7)
+OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11)
+WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
+ECN(R=Y%DF=Y%T=80%TG=80%W=2000%O=M5B4NW8NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
+T4(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=N%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
 # Microsoft Windows XP Professional (all patches up to date 9/29/06) Winver: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2
 # Microsoft Windows XP version 5.1 (build 2600.xpsp_sp2_gdr.050301-1519: Service Pack 2)
 # Microsoft Windows XP Professional w/SP2 and latest Windows Update patches as of 27Oct06
@@ -2640,3 +2640,37 @@ T6(R=N)
 T7(R=N)
 U1(DF=N%T=FE%TG=FE%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
 IE(DFI=N%T=FE%TG=FE%TOSI=S%CD=S%SI=S%DLI=S)
+
+# These had latest windows updates until October '06
+Fingerprint Microsoft Windows 2000, SP0, SP1, or SP2
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=6A-8C%GCD=<7%ISR=95-9F%TI=I%II=I%SS=S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0)
+ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=FAF0%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
+
+# These had latest windows updates until October '06
+Fingerprint Microsoft Windows 2000 SP3
+Class Microsoft | Windows | 2000 | general purpose
+SEQ(SP=D4-E8%GCD=<7%ISR=FE-108%TI=I%II=I%SS=S%TS=0)
+OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
+WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0)
+ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0%O=M5B4NW0NNS%CC=N%Q=)
+T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
+T3(R=Y%DF=Y%T=80%TG=80%W=FAF0%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=)
+T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
+T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
+U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
+IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
diff --git a/output.cc b/output.cc
index 99f55e6b3..cbdb5cf8f 100644
--- a/output.cc
+++ b/output.cc
@@ -1167,7 +1167,7 @@ static void printosclassificationoutput(const struct OS_Classification_Results *
 	      strcat(familygenerations[familyno], "|");
 	    strncat(familygenerations[familyno], 
 		    OSR->OSC[classno]->OS_Generation, 
-		    sizeof(familygenerations[familyno]) - flen);
+		    sizeof(familygenerations[familyno]) - flen - 1);
 	  }
 	  break;
 	}
diff --git a/tcpip.cc b/tcpip.cc
index 0f8ea2645..b6f8736e5 100644
--- a/tcpip.cc
+++ b/tcpip.cc
@@ -500,7 +500,7 @@ static const char *ippackethdrinfo(const u8 *packet, u32 len) {
 	*p++ = 'A';
 	snprintf(buf, sizeof(buf), " ack=%lu", 
 		 (unsigned long) ntohl(tcp->th_ack));
-	strncat(tcpinfo, buf, sizeof(tcpinfo));
+	strncat(tcpinfo, buf, sizeof(tcpinfo) - 1);
       }
       if (tcp->th_flags & TH_URG) *p++ = 'U';
       if (tcp->th_flags & TH_ECE) *p++ = 'E'; /* rfc 2481/3168 */