summaryrefslogtreecommitdiffstats
path: root/ndiff
diff options
context:
space:
mode:
Diffstat (limited to 'ndiff')
-rw-r--r--ndiff/LICENSE5
-rw-r--r--ndiff/README63
-rw-r--r--ndiff/docs/ndiff.1437
-rw-r--r--ndiff/docs/ndiff.dtd139
-rw-r--r--ndiff/docs/ndiff.xml413
-rwxr-xr-xndiff/ndiff.py1532
-rwxr-xr-xndiff/ndifftest.py807
-rwxr-xr-xndiff/scripts/ndiff84
-rw-r--r--ndiff/setup.py314
-rwxr-xr-xndiff/test-scans/anonymize.py122
-rw-r--r--ndiff/test-scans/complex.xml38
-rw-r--r--ndiff/test-scans/down.xml11
-rw-r--r--ndiff/test-scans/empty.xml10
-rw-r--r--ndiff/test-scans/os.xml27
-rw-r--r--ndiff/test-scans/random-1.xml1638
-rw-r--r--ndiff/test-scans/random-2.xml1884
-rw-r--r--ndiff/test-scans/simple.xml19
-rw-r--r--ndiff/test-scans/single.xml25
18 files changed, 7568 insertions, 0 deletions
diff --git a/ndiff/LICENSE b/ndiff/LICENSE
new file mode 100644
index 0000000..6131469
--- /dev/null
+++ b/ndiff/LICENSE
@@ -0,0 +1,5 @@
+Copyright 2021 Nmap Software LLC
+Ndiff is distributed under the same license as Nmap. See the file
+LICENSE in the Nmap source distribution or
+https://nmap.org/book/man-legal.html for more details.
+
diff --git a/ndiff/README b/ndiff/README
new file mode 100644
index 0000000..a2277f3
--- /dev/null
+++ b/ndiff/README
@@ -0,0 +1,63 @@
+Ndiff
+
+Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it
+takes two Nmap XML output files and prints the differences between them.
+It is capable of showing changes in host states (up or down), port
+states (open, closed, etc.), script results, and changes in service and
+OS detection.
+
+To install, run (as root)
+ python setup.py install
+It's also possible to run the program from within the distribution
+without installing it.
+
+Use "ndiff --help" for usage instructions.
+
+Here is a sample of the output:
+
+$ ./ndiff test-scans/random-1.xml test-scans/random-2.xml
+-Nmap 4.85BETA4 at 2009-03-24 17:34
++Nmap 4.85BETA4 at 2009-03-25 16:35
+
+ 10.137.81.38:
+ OS details:
+ FreeBSD 6.2-RELEASE
+ Apple AirPort Extreme WAP v7.3.2
++ APC Network Management Card (AOS 3.3.5)
++ Apple iPod touch audio player (iPhone OS 2.1)
+
++10.181.218.66:
++Host is up.
++Not shown: 998 closed ports
++PORT STATE SERVICE VERSION
++222/tcp open rsh-spx
++8080/tcp filtered http-proxy
+
+-bpdygf-130.example.com (10.188.226.230):
+-Host is up.
+-Not shown: 1000 filtered ports
+
+ ysqxnovik-508.example.com (10.253.52.142):
+ PORT STATE SERVICE VERSION
++1503/tcp closed imtc-mcs
+-4567/tcp open tcpwrapped
+-OS details:
+- HP 4000M ProCurve switch (J4121A)
+- Nortel 5530 Ethernet Routing Switch
+- Nortel 5520 Ethernet Routing Switch
+- Sun StorageTek 6140 NAS device
+- FreeBSD 6.2-RELEASE
+
+
+Use -v or --verbose to see all hosts and ports, not just those that have
+changed.
+
+Ndiff started as a project by Michael Pattrick <mpattrick@rhinovirus.org>
+during the 2008 Google Summer of Code. Michael designed the program and
+led the discussion of its output formats. He wrote versions of the
+program in Perl and C++, but the summer ended shortly after it was
+decided to rewrite the program in Python for the sake of Windows
+compatibility. This Python version is written by David Fifield
+<david@bamsoftware.com>.
+
+Ndiff web site: https://nmap.org/ndiff/
diff --git a/ndiff/docs/ndiff.1 b/ndiff/docs/ndiff.1
new file mode 100644
index 0000000..7f636ab
--- /dev/null
+++ b/ndiff/docs/ndiff.1
@@ -0,0 +1,437 @@
+'\" t
+.\" Title: ndiff
+.\" Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 05/17/2023
+.\" Manual: User Commands
+.\" Source: Ndiff
+.\" Language: English
+.\"
+.TH "NDIFF" "1" "05/17/2023" "Ndiff" "User Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+ndiff \- Utility to compare the results of Nmap scans
+.SH "SYNOPSIS"
+.HP \w'\fBndiff\fR\ 'u
+\fBndiff\fR [\fIoptions\fR] {\fIa\&.xml\fR} {\fIb\&.xml\fR}
+.SH "DESCRIPTION"
+.PP
+Ndiff is a tool to aid in the comparison of Nmap scans\&. It takes two Nmap XML output files and prints the differences between them\&. The differences observed are:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Host states (e\&.g\&. up to down)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Port states (e\&.g\&. open to closed)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Service versions (from
+\fB\-sV\fR)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+OS matches (from
+\fB\-O\fR)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Script output
+.RE
+.PP
+Ndiff, like the standard
+\fBdiff\fR
+utility, compares two scans at a time\&.
+.SH "OPTIONS SUMMARY"
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Show a help message and exit\&.
+.RE
+.PP
+\fB\-v\fR, \fB\-\-verbose\fR
+.RS 4
+Include all hosts and ports in the output, not only those that have changed\&.
+.RE
+.PP
+\fB\-\-text\fR
+.RS 4
+Write output in human\-readable text format\&.
+.RE
+.PP
+\fB\-\-xml\fR
+.RS 4
+Write output in machine\-readable XML format\&. The document structure is defined in the file
+ndiff\&.dtd
+included in the distribution\&.
+.RE
+.PP
+Any other arguments are taken to be the names of Nmap XML output files\&. There must be exactly two\&.
+.SH "EXAMPLE"
+.PP
+Let\*(Aqs use Ndiff to compare the output of two Nmap scans that use different options\&. In the first, we\*(Aqll do a fast scan (\fB\-F\fR), which scans fewer ports for speed\&. In the second, we\*(Aqll scan the larger default set of ports, and run an NSE script\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# \fBnmap \-F scanme\&.nmap\&.org \-oX scanme\-1\&.xml\fR
+# \fBnmap \-\-script=html\-title scanme\&.nmap\&.org \-oX scanme\-2\&.xml\fR
+$ \fBndiff \-v scanme\-1\&.xml scanme\-2\&.xml\fR
+\-Nmap 5\&.35DC1 at 2010\-07\-16 12:09
++Nmap 5\&.35DC1 at 2010\-07\-16 12:13
+
+ scanme\&.nmap\&.org (64\&.13\&.134\&.52):
+ Host is up\&.
+\-Not shown: 95 filtered ports
++Not shown: 993 filtered ports
+ PORT STATE SERVICE VERSION
+ 22/tcp open ssh
+ 25/tcp closed smtp
+ 53/tcp open domain
++70/tcp closed gopher
+ 80/tcp open http
++|_ html\-title: Go ahead and ScanMe!
+ 113/tcp closed auth
++31337/tcp closed Elite
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Changes are marked by a
+\-
+or
++
+at the beginning of a line\&. We can see from the output that the scan without the
+\fB\-F\fR
+fast scan option found two additional ports: 70 and 31337\&. The
+html\-title
+script produced some additional output for port 80\&. From the port counts, we may infer that the fast scan scanned 100 ports (95 filtered, 3 open, and 2 closed), while the normal scan scanned 1000 (993 filtered, 3 open, and 4 closed)\&.
+.PP
+The
+\fB\-v\fR
+(or
+\fB\-\-verbose\fR) option to Ndiff made it show even the ports that didn\*(Aqt change, like 22 and 25\&. Without
+\fB\-v\fR, they would not have been shown\&.
+.SH "OUTPUT"
+.PP
+There are two output modes: text and XML\&. Text output is the default, and can also be selected with the
+\fB\-\-text\fR
+option\&. Text output resembles a unified diff of Nmap\*(Aqs normal terminal output\&. Each line is preceded by a character indicating whether and how it changed\&.
+\-
+means that the line was in the first scan but not in the second;
++
+means it was in the second but not the first\&. A line that changed is represented by a
+\-
+line followed by a
++
+line\&. Lines that did not change are preceded by a blank space\&.
+.PP
+Example\ \&1
+is an example of text output\&. Here, port 80 on the host photos\-cache\-snc1\&.facebook\&.com gained a service version (lighttpd 1\&.5\&.0)\&. The host at 69\&.63\&.179\&.25 changed its reverse DNS name\&. The host at 69\&.63\&.184\&.145 was completely absent in the first scan but came up in the second\&.
+.PP
+\fBExample\ \&1.\ \&Ndiff text output\fR
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+\-Nmap 4\&.85BETA3 at 2009\-03\-15 11:00
++Nmap 4\&.85BETA4 at 2009\-03\-18 11:00
+
+ photos\-cache\-snc1\&.facebook\&.com (69\&.63\&.178\&.41):
+ Host is up\&.
+ Not shown: 99 filtered ports
+ PORT STATE SERVICE VERSION
+\-80/tcp open http
++80/tcp open http lighttpd 1\&.5\&.0
+
+\-cm\&.out\&.snc1\&.tfbnw\&.net (69\&.63\&.179\&.25):
++mailout\-snc1\&.facebook\&.com (69\&.63\&.179\&.25):
+ Host is up\&.
+ Not shown: 100 filtered ports
+
++69\&.63\&.184\&.145:
++Host is up\&.
++Not shown: 98 filtered ports
++PORT STATE SERVICE VERSION
++80/tcp open http Apache httpd 1\&.3\&.41\&.fb1
++443/tcp open ssl/http Apache httpd 1\&.3\&.41\&.fb1
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+XML output, intended to be processed by other programs, is selected with the
+\fB\-\-xml\fR
+option\&. It is based on Nmap\*(Aqs XML output, with a few additional elements to indicate differences\&. The XML document is enclosed in
+\fInmapdiff\fR
+and
+\fIscandiff\fR
+elements\&. Host differences are enclosed in
+\fIhostdiff\fR
+tags and port differences are enclosed in
+\fIportdiff\fR
+tags\&. Inside a
+\fIhostdiff\fR
+or
+\fIportdiff\fR,
+\fIa\fR
+and
+\fIb\fR
+tags show the state of the host or port in the first scan (\fIa\fR) or the second scan (\fIb\fR)\&.
+.PP
+Example\ \&2
+shows the XML diff of the same scans shown above in
+Example\ \&1\&. Notice how port 80 of photos\-cache\-snc1\&.facebook\&.com is enclosed in
+\fIportdiff\fR
+tags\&. For 69\&.63\&.179\&.25, the old hostname is in
+\fIa\fR
+tags and the new is in
+\fIb\fR\&. For the new host 69\&.63\&.184\&.145, there is a
+\fIb\fR
+in the
+\fIhostdiff\fR
+without a corresponding
+\fIa\fR, indicating that there was no information for the host in the first scan\&.
+.PP
+\fBExample\ \&2.\ \&Ndiff XML output\fR
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+<?xml version="1\&.0" encoding="UTF\-8"?>
+<nmapdiff version="1">
+ <scandiff>
+ <hostdiff>
+ <host>
+ <status state="up"/>
+ <address addr="69\&.63\&.178\&.41" addrtype="ipv4"/>
+ <hostnames>
+ <hostname name="photos\-cache\-snc1\&.facebook\&.com"/>
+ </hostnames>
+ <ports>
+ <extraports count="99" state="filtered"/>
+ <portdiff>
+ <port portid="80" protocol="tcp">
+ <state state="open"/>
+ <a>
+ <service name="http"/>
+ </a>
+ <b>
+ <service name="http" product="lighttpd" version="1\&.5\&.0"/>
+ </b>
+ </port>
+ </portdiff>
+ </ports>
+ </host>
+ </hostdiff>
+ <hostdiff>
+ <host>
+ <status state="up"/>
+ <address addr="69\&.63\&.179\&.25" addrtype="ipv4"/>
+ <hostnames>
+ <a>
+ <hostname name="cm\&.out\&.snc1\&.tfbnw\&.net"/>
+ </a>
+ <b>
+ <hostname name="mailout\-snc1\&.facebook\&.com"/>
+ </b>
+ </hostnames>
+ <ports>
+ <extraports count="100" state="filtered"/>
+ </ports>
+ </host>
+ </hostdiff>
+ <hostdiff>
+ <b>
+ <host>
+ <status state="up"/>
+ <address addr="69\&.63\&.184\&.145" addrtype="ipv4"/>
+ <ports>
+ <extraports count="98" state="filtered"/>
+ <port portid="80" protocol="tcp">
+ <state state="open"/>
+ <service name="http" product="Apache httpd"
+ version="1\&.3\&.41\&.fb1"/>
+ </port>
+ <port portid="443" protocol="tcp">
+ <state state="open"/>
+ <service name="http" product="Apache httpd" tunnel="ssl"
+ version="1\&.3\&.41\&.fb1"/>
+ </port>
+ </ports>
+ </host>
+ </b>
+ </hostdiff>
+ </scandiff>
+</nmapdiff>
+.fi
+.if n \{\
+.RE
+.\}
+.SH "PERIODIC DIFFS"
+.PP
+Using Nmap, Ndiff, cron, and a shell script, it\*(Aqs possible to scan a network daily and get email reports of the state of the network and changes since the previous scan\&.
+Example\ \&3
+shows the script that ties it together\&.
+.PP
+\fBExample\ \&3.\ \&Scanning a network periodically with Ndiff and cron\fR
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+#!/bin/sh
+TARGETS="\fItargets\fR"
+OPTIONS="\-v \-T4 \-F \-sV"
+date=`date +%F`
+cd /root/scans
+nmap $OPTIONS $TARGETS \-oA scan\-$date > /dev/null
+if [ \-e scan\-prev\&.xml ]; then
+ ndiff scan\-prev\&.xml scan\-$date\&.xml > diff\-$date
+ echo "*** NDIFF RESULTS ***"
+ cat diff\-$date
+ echo
+fi
+echo "*** NMAP RESULTS ***"
+cat scan\-$date\&.nmap
+ln \-sf scan\-$date\&.xml scan\-prev\&.xml
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+If the script is saved as
+/root/scan\-ndiff\&.sh, add the following line to root\*(Aqs crontab:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+0 12 * * * /root/scan\-ndiff\&.sh
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.SH "EXIT CODE"
+.PP
+The exit code indicates whether the scans are equal\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+0 means that the scans are the same in all the aspects Ndiff knows about\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+1 means that the scans differ\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+2 indicates a runtime error, such as the failure to open a file\&.
+.RE
+.sp
+.SH "BUGS"
+.PP
+Report bugs to the
+nmap\-dev
+mailing list at
+<dev@nmap\&.org>\&.
+.SH "HISTORY"
+.PP
+Ndiff started as a project by Michael Pattrick during the 2008 Google Summer of Code\&. Michael designed the program and led the discussion of its output formats\&. He wrote versions of the program in Perl and C++, but the summer ended shortly after it was decided to rewrite the program in Python for the sake of Windows (and Zenmap) compatibility\&. This Python version was written by David Fifield\&. James Levine
+\m[blue]\fBreleased\fR\m[]\&\s-2\u[1]\d\s+2
+a Perl script named Ndiff with similar functionality in 2000\&.
+.SH "AUTHORS"
+.PP
+David Fifield
+<david@bamsoftware\&.com>
+.PP
+Michael Pattrick
+<mpattrick@rhinovirus\&.org>
+.SH "WEB SITE"
+.PP
+\m[blue]\fB\%https://nmap.org/ndiff/\fR\m[]
+.SH "NOTES"
+.IP " 1." 4
+released
+.RS 4
+\%https://seclists.org/nmap-hackers/2000/315
+.RE
diff --git a/ndiff/docs/ndiff.dtd b/ndiff/docs/ndiff.dtd
new file mode 100644
index 0000000..087ab33
--- /dev/null
+++ b/ndiff/docs/ndiff.dtd
@@ -0,0 +1,139 @@
+<!--
+DTD for the Ndiff XML output format.
+David Fifield <david@bamsoftware.com>
+
+Ndiff XML output is similar to Nmap XML output. Inside of the root
+nmapdiff element, the scandiff element represents a single diff of two
+scans. Inside scandiff, host differences are within hostdiff elements
+and port differences are within portdiff elements. These may appear
+anywhere where host and port elements would appear, respectively.
+
+Within a hostdiff or portdiff, differences are shown with a and b
+elements, which show the state of things in the A and B
+scan, respectively. These elements can appear most places in the output.
+
+The output may contain hosts and ports that haven't changed. These are
+stored in normal host and port elements.
+
+Examples:
+A host in the A scan but not in the B scan.
+ <hostdiff>
+ <a>
+ <host>...</host>
+ </a>
+ </hostdiff>
+A host in the B scan but not in the A scan.
+ <hostdiff>
+ <b>
+ <host>...</host>
+ </b>
+ </hostdiff>
+A host that gained a hostname and had a port change state. Port 22 is
+unchanged.
+ <hostdiff>
+ <host>
+ <hostnames>
+ <hostname name="abc.example.com/>
+ <b>
+ <hostname name="xyz.example.com/>
+ </b>
+ </hostnames>
+ <ports>
+ <portdiff>
+ <a>
+ <port portid="10" protocol="tcp">
+ <state state="open"/>
+ </port>
+ </a>
+ <b>
+ <port portid="10" protocol="tcp">
+ <state state="closed"/>
+ </port>
+ </b>
+ <port portid="22" protocol="tcp">
+ <state state="open"/>
+ </port>
+ </portdiff>
+ </ports>
+ </host>
+ </hostdiff>
+-->
+
+<!-- Parameter entities defining "data types" used in the rest of the
+ DTD. -->
+<!ENTITY % host-state "(unknown | up | down)">
+<!ENTITY % address-type "(ipv4 | ipv6 | mac)">
+<!ENTITY % protocol "(ip | tcp | udp)">
+<!ENTITY % port-state "CDATA">
+
+<!ELEMENT nmapdiff (scandiff)>
+<!-- The current version is "1". Lack of a version attribute indicates
+version 0, which was rather different. -->
+<!ATTLIST nmapdiff version CDATA #IMPLIED>
+
+<!ELEMENT scandiff (prescript | hostdiff | host | postscript | (a, b?) | b)*>
+
+<!ELEMENT nmaprun EMPTY>
+<!ATTLIST nmaprun
+ scanner CDATA #REQUIRED
+ args CDATA #IMPLIED
+ start CDATA #IMPLIED
+ startstr CDATA #IMPLIED
+ version CDATA #REQUIRED>
+
+<!ELEMENT prescript (script* | (a, b?) | b)>
+<!ELEMENT postscript (script* | (a, b?) | b)>
+
+<!ELEMENT hostdiff (host | (a, b?) | b)>
+
+<!ELEMENT host (status | address | hostnames | ports | os | hostscript | a | b)*>
+
+<!ELEMENT status EMPTY>
+<!ATTLIST status state %host-state; #REQUIRED>
+
+<!ELEMENT hostnames (hostname | a | b)*>
+
+<!ELEMENT address EMPTY>
+<!ATTLIST address addr CDATA #REQUIRED
+ addrtype %address-type; "ipv4">
+
+<!ELEMENT hostname EMPTY>
+<!ATTLIST hostname name CDATA #REQUIRED>
+
+<!ELEMENT ports ((extraports* | (a, b))?, (portdiff | port)*)>
+
+
+<!ELEMENT portdiff (port | (a, b?) | b)>
+
+<!ELEMENT extraports EMPTY>
+<!ATTLIST extraports state %port-state; #REQUIRED
+ count CDATA #REQUIRED>
+
+<!ELEMENT port (state | service | script | a | b)*>
+<!ATTLIST port protocol %protocol; #REQUIRED
+ portid CDATA #REQUIRED>
+
+<!ELEMENT state EMPTY>
+<!ATTLIST state state %port-state; #REQUIRED>
+
+<!ELEMENT service EMPTY>
+<!ATTLIST service name CDATA #IMPLIED
+ product CDATA #IMPLIED
+ version CDATA #IMPLIED
+ extrainfo CDATA #IMPLIED
+ tunnel CDATA #IMPLIED>
+
+<!ELEMENT script EMPTY>
+<!ATTLIST script id CDATA #REQUIRED
+ output CDATA #REQUIRED>
+
+<!ELEMENT os (osmatch | a | b)*>
+
+<!ELEMENT osmatch EMPTY>
+<!ATTLIST osmatch name CDATA #REQUIRED>
+
+<!ELEMENT hostscript (script | a | b)*>
+
+<!ENTITY % diff-elem "(nmaprun | prescript | postscript | host | status | address | hostname | extraports* | port | state | service | script | os | osmatch* | hostscript)">
+<!ELEMENT a %diff-elem;>
+<!ELEMENT b %diff-elem;>
diff --git a/ndiff/docs/ndiff.xml b/ndiff/docs/ndiff.xml
new file mode 100644
index 0000000..bdb953e
--- /dev/null
+++ b/ndiff/docs/ndiff.xml
@@ -0,0 +1,413 @@
+<!-- This is the DocBook XML source for the Ndiff manual page. -->
+
+<refentry>
+ <refmeta>
+ <refentrytitle>ndiff</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="source">Ndiff</refmiscinfo>
+ <refmiscinfo class="manual">User Commands</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>ndiff</refname>
+ <refpurpose>Utility to compare the results of Nmap scans</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>ndiff</command>
+ <arg choice='opt'>
+ <replaceable>options</replaceable>
+ </arg>
+ <arg choice='req'>
+ <replaceable><filename>a.xml</filename></replaceable>
+ </arg>
+ <arg choice='req'>
+ <replaceable><filename>b.xml</filename></replaceable>
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="ndiff-man-description">
+ <title>Description</title>
+
+ <para>
+ Ndiff is a tool to aid in the comparison of Nmap scans. It takes two
+ Nmap XML output files and prints the differences between them. The
+ differences observed are:
+ <itemizedlist>
+ <listitem>
+ <para>Host states (e.g. up to down)</para>
+ </listitem>
+ <listitem>
+ <para>Port states (e.g. open to closed)</para>
+ </listitem>
+ <listitem>
+ <para>Service versions (from <option>-sV</option>)</para>
+ </listitem>
+ <listitem>
+ <para>OS matches (from <option>-O</option>)</para>
+ </listitem>
+ <listitem>
+ <para>Script output</para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ <para>
+ Ndiff, like the standard <command>diff</command> utility, compares two scans
+ at a time.
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-options">
+ <title>Options Summary</title>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-h</option></term>
+ <term><option>--help</option></term>
+ <listitem>
+ <para>
+ Show a help message and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-v</option></term>
+ <term><option>--verbose</option></term>
+ <listitem>
+ <para>
+ Include all hosts and ports in the output, not only those that
+ have changed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>--text</option></term>
+ <listitem>
+ <para>
+ Write output in human-readable text format.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>--xml</option></term>
+ <listitem>
+ <para>
+ Write output in machine-readable XML format. The document
+ structure is defined in the file
+ <filename>ndiff.dtd</filename> included in the distribution.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>
+ Any other arguments are taken to be the names of Nmap XML output
+ files. There must be exactly two.
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-example">
+ <title>Example</title>
+
+ <para>
+ Let's use Ndiff to compare the output of two Nmap scans that use
+ different options. In the first, we'll do a fast scan
+ (<option>-F</option>), which scans fewer ports for speed. In the
+ second, we'll scan the larger default set of ports, and run an NSE
+ script.
+ </para>
+
+<screen>
+# <userinput>nmap -F scanme.nmap.org -oX scanme-1.xml</userinput>
+# <userinput>nmap --script=html-title scanme.nmap.org -oX scanme-2.xml</userinput>
+$ <userinput>ndiff -v scanme-1.xml scanme-2.xml</userinput>
+-Nmap 5.35DC1 at 2010-07-16 12:09
++Nmap 5.35DC1 at 2010-07-16 12:13
+
+ scanme.nmap.org (64.13.134.52):
+ Host is up.
+-Not shown: 95 filtered ports
++Not shown: 993 filtered ports
+ PORT STATE SERVICE VERSION
+ 22/tcp open ssh
+ 25/tcp closed smtp
+ 53/tcp open domain
++70/tcp closed gopher
+ 80/tcp open http
++|_ html-title: Go ahead and ScanMe!
+ 113/tcp closed auth
++31337/tcp closed Elite
+</screen>
+
+ <para>
+ Changes are marked by a <literal>-</literal> or <literal>+</literal>
+ at the beginning of a line. We can see from the output that the scan
+ without the <option>-F</option> fast scan option found two
+ additional ports: 70 and 31337. The
+ <filename>html-title</filename> script produced some additional
+ output for port 80. From the port counts, we may infer that the fast
+ scan scanned 100 ports (95 filtered, 3 open, and 2 closed), while
+ the normal scan scanned 1000 (993 filtered, 3 open, and 4 closed).
+ </para>
+
+ <para>
+ The <option>-v</option> (or <option>--verbose</option>) option to
+ Ndiff made it show even the ports that didn't change, like 22 and
+ 25. Without <option>-v</option>, they would not have been shown.
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-output">
+ <title>Output</title>
+
+ <para>
+ There are two output modes: text and XML. Text output is the
+ default, and can also be selected with the <option>--text</option>
+ option. Text output resembles a unified diff of Nmap's normal
+ terminal output. Each line is preceded by a character indicating
+ whether and how it changed. <literal>-</literal> means that the line
+ was in the first scan but not in the second; <literal>+</literal>
+ means it was in the second but not the first. A line that changed is
+ represented by a <literal>-</literal> line followed by a
+ <literal>+</literal> line. Lines that did not change are preceded by
+ a blank space.
+ </para>
+
+ <para>
+ <xref linkend="ndiff-man-ex-text-output" xrefstyle="select: label nopage"/>
+ is an example of text output. Here, port 80 on the host
+ photos-cache-snc1.facebook.com gained a service
+ version (<computeroutput>lighttpd 1.5.0</computeroutput>). The host
+ at 69.63.179.25 changed its reverse DNS name. The host at
+ 69.63.184.145 was completely absent in the first scan but came up in
+ the second.
+ </para>
+
+ <example id="ndiff-man-ex-text-output">
+ <title>Ndiff text output</title>
+<screen>
+-Nmap 4.85BETA3 at 2009-03-15 11:00
++Nmap 4.85BETA4 at 2009-03-18 11:00
+
+ photos-cache-snc1.facebook.com (69.63.178.41):
+ Host is up.
+ Not shown: 99 filtered ports
+ PORT STATE SERVICE VERSION
+-80/tcp open http
++80/tcp open http lighttpd 1.5.0
+
+-cm.out.snc1.tfbnw.net (69.63.179.25):
++mailout-snc1.facebook.com (69.63.179.25):
+ Host is up.
+ Not shown: 100 filtered ports
+
++69.63.184.145:
++Host is up.
++Not shown: 98 filtered ports
++PORT STATE SERVICE VERSION
++80/tcp open http Apache httpd 1.3.41.fb1
++443/tcp open ssl/http Apache httpd 1.3.41.fb1
+</screen>
+ </example>
+
+ <para>
+ XML output, intended to be processed by other programs, is selected
+ with the <option>--xml</option> option. It is based on Nmap's XML
+ output, with a few additional elements to indicate differences. The
+ XML document is enclosed in <varname>nmapdiff</varname> and
+ <varname>scandiff</varname> elements. Host differences are enclosed
+ in <varname>hostdiff</varname> tags and port differences are
+ enclosed in <varname>portdiff</varname> tags. Inside a
+ <varname>hostdiff</varname> or <varname>portdiff</varname>,
+ <varname>a</varname> and <varname>b</varname> tags show the state of
+ the host or port in the first scan (<varname>a</varname>) or the
+ second scan (<varname>b</varname>).
+ </para>
+
+ <para>
+ <xref linkend="ndiff-man-ex-xml-output" xrefstyle="select: label nopage"/>
+ shows the XML diff of the same scans shown above in
+ <xref linkend="ndiff-man-ex-text-output" xrefstyle="select: label"/>.
+ Notice how port 80 of
+ photos-cache-snc1.facebook.com is enclosed in
+ <varname>portdiff</varname> tags. For 69.63.179.25, the old hostname
+ is in <varname>a</varname> tags and the new is in
+ <varname>b</varname>. For the new host 69.63.184.145, there is a
+ <varname>b</varname> in the <varname>hostdiff</varname> without a
+ corresponding <varname>a</varname>, indicating that there was no
+ information for the host in the first scan.
+ </para>
+
+ <example id="ndiff-man-ex-xml-output">
+ <title>Ndiff XML output</title>
+<screen>
+<![CDATA[<?xml version="1.0" encoding="UTF-8"?>
+<nmapdiff version="1">
+ <scandiff>
+ <hostdiff>
+ <host>
+ <status state="up"/>
+ <address addr="69.63.178.41" addrtype="ipv4"/>
+ <hostnames>
+ <hostname name="photos-cache-snc1.facebook.com"/>
+ </hostnames>
+ <ports>
+ <extraports count="99" state="filtered"/>
+ <portdiff>
+ <port portid="80" protocol="tcp">
+ <state state="open"/>
+ <a>
+ <service name="http"/>
+ </a>
+ <b>
+ <service name="http" product="lighttpd" version="1.5.0"/>
+ </b>
+ </port>
+ </portdiff>
+ </ports>
+ </host>
+ </hostdiff>
+ <hostdiff>
+ <host>
+ <status state="up"/>
+ <address addr="69.63.179.25" addrtype="ipv4"/>
+ <hostnames>
+ <a>
+ <hostname name="cm.out.snc1.tfbnw.net"/>
+ </a>
+ <b>
+ <hostname name="mailout-snc1.facebook.com"/>
+ </b>
+ </hostnames>
+ <ports>
+ <extraports count="100" state="filtered"/>
+ </ports>
+ </host>
+ </hostdiff>
+ <hostdiff>
+ <b>
+ <host>
+ <status state="up"/>
+ <address addr="69.63.184.145" addrtype="ipv4"/>
+ <ports>
+ <extraports count="98" state="filtered"/>
+ <port portid="80" protocol="tcp">
+ <state state="open"/>
+ <service name="http" product="Apache httpd"
+ version="1.3.41.fb1"/>
+ </port>
+ <port portid="443" protocol="tcp">
+ <state state="open"/>
+ <service name="http" product="Apache httpd" tunnel="ssl"
+ version="1.3.41.fb1"/>
+ </port>
+ </ports>
+ </host>
+ </b>
+ </hostdiff>
+ </scandiff>
+</nmapdiff>]]></screen>
+ </example>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-periodic">
+ <title>Periodic Diffs</title>
+
+ <para>
+ Using Nmap, Ndiff, cron, and a shell script, it's possible to scan a
+ network daily and get email reports of the state of the network and
+ changes since the previous scan.
+ <xref linkend="ndiff-man-ex-cron" xrefstyle="select: label nopage"/>
+ shows the script that ties it together.
+ </para>
+
+ <example id="ndiff-man-ex-cron">
+ <title>Scanning a network periodically with Ndiff and cron</title>
+<programlisting>
+#!/bin/sh
+TARGETS="<replaceable>targets</replaceable>"
+OPTIONS="-v -T4 -F -sV"
+date=`date +%F`
+cd /root/scans
+nmap $OPTIONS $TARGETS -oA scan-$date &gt; /dev/null
+if [ -e scan-prev.xml ]; then
+ ndiff scan-prev.xml scan-$date.xml &gt; diff-$date
+ echo "*** NDIFF RESULTS ***"
+ cat diff-$date
+ echo
+fi
+echo "*** NMAP RESULTS ***"
+cat scan-$date.nmap
+ln -sf scan-$date.xml scan-prev.xml
+</programlisting>
+ </example>
+
+ <para>
+ If the script is saved as <filename>/root/scan-ndiff.sh</filename>,
+ add the following line to root's crontab:
+<programlisting>
+0 12 * * * /root/scan-ndiff.sh
+</programlisting>
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-exit-code">
+ <title>Exit Code</title>
+
+ <para>
+ The exit code indicates whether the scans are equal.
+ <itemizedlist spacing="compact">
+ <listitem><para>0 means that the scans are the same in all the
+ aspects Ndiff knows about.</para></listitem>
+ <listitem><para>1 means that the scans differ.</para></listitem>
+ <listitem><para>2 indicates a runtime error, such as the failure
+ to open a file.</para></listitem>
+ </itemizedlist>
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-bugs">
+ <title>Bugs</title>
+ <para>
+ Report bugs to the <citetitle>nmap-dev</citetitle> mailing list at
+ <email>dev@nmap.org</email>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-history">
+ <title>History</title>
+
+ <para>
+ Ndiff started as a project by Michael Pattrick during the 2008
+ Google Summer of Code. Michael designed the program and led the
+ discussion of its output formats. He wrote versions of the program
+ in Perl and C++, but the summer ended shortly after it was decided
+ to rewrite the program in Python for the sake of Windows (and
+ Zenmap) compatibility. This Python version was written by David
+ Fifield. James Levine <ulink url="https://seclists.org/nmap-hackers/2000/315">released</ulink> a Perl script named Ndiff with
+ similar functionality in 2000.
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-authors">
+ <title>Authors</title>
+
+ <para>
+ David Fifield <email>david@bamsoftware.com</email>
+ </para>
+ <para>
+ Michael Pattrick <email>mpattrick@rhinovirus.org</email>
+ </para>
+ </refsect1>
+
+ <refsect1 id="ndiff-man-web">
+ <title>Web site</title>
+
+ <para>
+ <ulink url="https://nmap.org/ndiff/"/>
+ </para>
+ </refsect1>
+</refentry>
diff --git a/ndiff/ndiff.py b/ndiff/ndiff.py
new file mode 100755
index 0000000..b7d8d68
--- /dev/null
+++ b/ndiff/ndiff.py
@@ -0,0 +1,1532 @@
+#!/usr/bin/env python3
+
+# Ndiff
+#
+# This programs reads two Nmap XML files and displays a list of their
+# differences.
+#
+# Copyright 2021 Nmap Software LLC
+# Ndiff is distributed under the same license as Nmap. See the file
+# LICENSE in the Nmap source distribution or
+# https://nmap.org/book/man-legal.html for more details.
+#
+# Original author was David Fifield based on a design by Michael Pattrick
+
+import datetime
+import difflib
+import getopt
+import sys
+import time
+
+# Prevent loading PyXML
+import xml
+xml.__path__ = [x for x in xml.__path__ if "_xmlplus" not in x]
+
+import xml.sax
+import xml.sax.saxutils
+import xml.dom.minidom
+from io import StringIO
+
+verbose = False
+
+NDIFF_XML_VERSION = "1"
+
+
+class OverrideEntityResolver(xml.sax.handler.EntityResolver):
+ """This class overrides the default behavior of xml.sax to download
+ remote DTDs, instead returning blank strings"""
+ empty = StringIO()
+
+ def resolveEntity(self, publicId, systemId):
+ return OverrideEntityResolver.empty
+
+
+class Scan(object):
+ """A single Nmap scan, corresponding to a single invocation of Nmap. It is
+ a container for a list of hosts. It also has utility methods to load itself
+ from an Nmap XML file."""
+ def __init__(self):
+ self.scanner = None
+ self.version = None
+ self.args = None
+ self.start_date = None
+ self.end_date = None
+ self.hosts = []
+ self.pre_script_results = []
+ self.post_script_results = []
+
+ def sort_hosts(self):
+ self.hosts.sort(key=lambda h: h.get_id())
+
+ def load(self, f):
+ """Load a scan from the Nmap XML in the file-like object f."""
+ parser = xml.sax.make_parser()
+ handler = NmapContentHandler(self)
+ parser.setEntityResolver(OverrideEntityResolver())
+ parser.setContentHandler(handler)
+ parser.parse(f)
+
+ def load_from_file(self, filename):
+ """Load a scan from the Nmap XML file with the given filename."""
+ with open(filename, "r") as f:
+ self.load(f)
+
+ def write_nmaprun_open(self, writer):
+ attrs = {}
+ if self.scanner is not None:
+ attrs["scanner"] = self.scanner
+ if self.args is not None:
+ attrs["args"] = self.args
+ if self.start_date is not None:
+ attrs["start"] = "%d" % time.mktime(self.start_date.timetuple())
+ attrs["startstr"] = self.start_date.strftime(
+ "%a %b %d %H:%M:%S %Y")
+ if self.version is not None:
+ attrs["version"] = self.version
+ writer.startElement("nmaprun", attrs)
+
+ def write_nmaprun_close(self, writer):
+ writer.endElement("nmaprun")
+
+ def nmaprun_to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("nmaprun")
+ if self.scanner is not None:
+ elem.setAttribute("scanner", self.scanner)
+ if self.args is not None:
+ elem.setAttribute("args", self.args)
+ if self.start_date is not None:
+ elem.setAttribute(
+ "start", "%d" % time.mktime(self.start_date.timetuple()))
+ elem.setAttribute(
+ "startstr",
+ self.start_date.strftime("%a %b %d %H:%M:%S %Y"))
+ if self.version is not None:
+ elem.setAttribute("version", self.version)
+ frag.appendChild(elem)
+ return frag
+
+
+class Host(object):
+ """A single host, with a state, addresses, host names, a dict mapping port
+ specs to Ports, and a list of OS matches. Host states are strings, or None
+ for "unknown"."""
+ def __init__(self):
+ self.state = None
+ self.addresses = []
+ self.hostnames = []
+ self.ports = {}
+ self.extraports = {}
+ self.os = []
+ self.script_results = []
+
+ def get_id(self):
+ """Return an id that is used to determine if hosts are "the same"
+ across scans."""
+ hid = None
+ if len(self.addresses) > 0:
+ hid = "%-40s" % (str(sorted(self.addresses)[0]))
+ if len(self.hostnames) > 0:
+ return (hid or " " * 40) + str(sorted(self.hostnames)[0])
+ return hid or id(self)
+
+ def format_name(self):
+ """Return a human-readable identifier for this host."""
+ address_s = ", ".join(a.s for a in sorted(self.addresses))
+ hostname_s = ", ".join(sorted(self.hostnames))
+ if len(hostname_s) > 0:
+ if len(address_s) > 0:
+ return "%s (%s)" % (hostname_s, address_s)
+ else:
+ return hostname_s
+ elif len(address_s) > 0:
+ return address_s
+ else:
+ return "<no name>"
+
+ def add_port(self, port):
+ self.ports[port.spec] = port
+
+ def add_address(self, address):
+ if address not in self.addresses:
+ self.addresses.append(address)
+
+ def add_hostname(self, hostname):
+ if hostname not in self.hostnames:
+ self.hostnames.append(hostname)
+
+ def is_extraports(self, state):
+ return state is None or state in self.extraports
+
+ def extraports_string(self):
+ locallist = [(count, state) for (state, count) in list(self.extraports.items())]
+ # Reverse-sort by count.
+ locallist.sort(reverse=True)
+ return ", ".join(
+ ["%d %s ports" % (count, state) for (count, state) in locallist])
+
+ def state_to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ if self.state is not None:
+ elem = document.createElement("status")
+ elem.setAttribute("state", self.state)
+ frag.appendChild(elem)
+ return frag
+
+ def hostname_to_dom_fragment(self, document, hostname):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("hostname")
+ elem.setAttribute("name", hostname)
+ frag.appendChild(elem)
+ return frag
+
+ def extraports_to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ for state, count in list(self.extraports.items()):
+ elem = document.createElement("extraports")
+ elem.setAttribute("state", state)
+ elem.setAttribute("count", str(count))
+ frag.appendChild(elem)
+ return frag
+
+ def os_to_dom_fragment(self, document, os):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("osmatch")
+ elem.setAttribute("name", os)
+ frag.appendChild(elem)
+ return frag
+
+ def to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("host")
+
+ if self.state is not None:
+ elem.appendChild(self.state_to_dom_fragment(document))
+
+ for addr in self.addresses:
+ elem.appendChild(addr.to_dom_fragment(document))
+
+ if len(self.hostnames) > 0:
+ hostnames_elem = document.createElement("hostnames")
+ for hostname in self.hostnames:
+ hostnames_elem.appendChild(
+ self.hostname_to_dom_fragment(document, hostname))
+ elem.appendChild(hostnames_elem)
+
+ ports_elem = document.createElement("ports")
+ ports_elem.appendChild(self.extraports_to_dom_fragment(document))
+ for port in sorted(self.ports.values()):
+ if not self.is_extraports(port.state):
+ ports_elem.appendChild(port.to_dom_fragment(document))
+ if ports_elem.hasChildNodes():
+ elem.appendChild(ports_elem)
+
+ if len(self.os) > 0:
+ os_elem = document.createElement("os")
+ for os in self.os:
+ os_elem.appendChild(self.os_to_dom_fragment(document, os))
+ elem.appendChild(os_elem)
+
+ if len(self.script_results) > 0:
+ hostscript_elem = document.createElement("hostscript")
+ for sr in self.script_results:
+ hostscript_elem.appendChild(sr.to_dom_fragment(document))
+ elem.appendChild(hostscript_elem)
+
+ frag.appendChild(elem)
+ return frag
+
+
+class Address(object):
+ def __init__(self, s):
+ self.s = s
+
+ def __eq__(self, other):
+ return self.sort_key() == other.sort_key()
+
+ def __ne__(self, other):
+ return not self.__eq__(other)
+
+ def __hash__(self):
+ return hash(self.sort_key())
+
+ def __lt__(self, other):
+ return self.sort_key() < other.sort_key()
+
+ def __str__(self):
+ return str(self.s)
+
+ def __unicode__(self):
+ return self.s
+
+ def new(type, s):
+ if type == "ipv4":
+ return IPv4Address(s)
+ elif type == "ipv6":
+ return IPv6Address(s)
+ elif type == "mac":
+ return MACAddress(s)
+ else:
+ raise ValueError("Unknown address type %s." % type)
+ new = staticmethod(new)
+
+ def to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("address")
+ elem.setAttribute("addr", self.s)
+ elem.setAttribute("addrtype", self.type)
+ frag.appendChild(elem)
+ return frag
+
+# The sort_key method in the Address subclasses determines the order in which
+# addresses are displayed. We do IPv4, then IPv6, then MAC.
+
+
+class IPv4Address(Address):
+ type = property(lambda self: "ipv4")
+
+ def sort_key(self):
+ return (0, self.s)
+
+
+class IPv6Address(Address):
+ type = property(lambda self: "ipv6")
+
+ def sort_key(self):
+ return (1, self.s)
+
+
+class MACAddress(Address):
+ type = property(lambda self: "mac")
+
+ def sort_key(self):
+ return (2, self.s)
+
+
+class Port(object):
+ """A single port, consisting of a port specification, a state, and a
+ service version. A specification, or "spec," is the 2-tuple (number,
+ protocol). So (10, "tcp") corresponds to the port 10/tcp. Port states are
+ strings, or None for "unknown"."""
+ def __init__(self, spec, state=None):
+ self.spec = spec
+ self.state = state
+ self.service = Service()
+ self.script_results = []
+
+ def state_string(self):
+ if self.state is None:
+ return "unknown"
+ else:
+ return str(self.state)
+
+ def spec_string(self):
+ return "%d/%s" % self.spec
+
+ def __hash__(self):
+ return hash(self.spec)
+
+ def __lt__(self, other):
+ return (self.spec, self.service, self.script_results) < (
+ other.spec, other.service, other.script_results)
+
+ def to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("port")
+ elem.setAttribute("portid", str(self.spec[0]))
+ elem.setAttribute("protocol", self.spec[1])
+ if self.state is not None:
+ state_elem = document.createElement("state")
+ state_elem.setAttribute("state", self.state)
+ elem.appendChild(state_elem)
+ elem.appendChild(self.service.to_dom_fragment(document))
+ for sr in self.script_results:
+ elem.appendChild(sr.to_dom_fragment(document))
+ frag.appendChild(elem)
+ return frag
+
+
+class Service(object):
+ """A service version as determined by -sV scan. Also contains the looked-up
+ port name if -sV wasn't used."""
+ def __init__(self):
+ self.name = None
+ self.product = None
+ self.version = None
+ self.extrainfo = None
+ self.tunnel = None
+
+ # self.hostname = None
+ # self.ostype = None
+ # self.devicetype = None
+
+ __hash__ = None
+
+ def __eq__(self, other):
+ return self.name == other.name \
+ and self.product == other.product \
+ and self.version == other.version \
+ and self.extrainfo == other.extrainfo
+
+ def __ne__(self, other):
+ return not self.__eq__(other)
+
+ def name_string(self):
+ parts = []
+ if self.tunnel is not None:
+ parts.append(self.tunnel)
+ if self.name is not None:
+ parts.append(self.name)
+
+ if len(parts) == 0:
+ return None
+ else:
+ return "/".join(parts)
+
+ def version_string(self):
+ """Get a string like in the VERSION column of Nmap output."""
+ parts = []
+ if self.product is not None:
+ parts.append(self.product)
+ if self.version is not None:
+ parts.append(self.version)
+ if self.extrainfo is not None:
+ parts.append("(%s)" % self.extrainfo)
+
+ if len(parts) == 0:
+ return None
+ else:
+ return " ".join(parts)
+
+ def to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("service")
+ for attr in ("name", "product", "version", "extrainfo", "tunnel"):
+ v = getattr(self, attr)
+ if v is None:
+ continue
+ elem.setAttribute(attr, v)
+ if len(elem.attributes) > 0:
+ frag.appendChild(elem)
+ return frag
+
+
+class ScriptResult(object):
+ def __init__(self):
+ self.id = None
+ self.output = None
+
+ __hash__ = None
+
+ def __eq__(self, other):
+ return self.id == other.id and self.output == other.output
+
+ def __ne__(self, other):
+ return not self.__eq__(other)
+
+ def get_lines(self):
+ result = []
+ lines = self.output.splitlines()
+ if len(lines) > 0:
+ lines[0] = self.id + ": " + lines[0]
+ for line in lines[:-1]:
+ result.append("| " + line)
+ if len(lines) > 0:
+ result.append("|_ " + lines[-1])
+ return result
+
+ def to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ elem = document.createElement("script")
+ elem.setAttribute("id", self.id)
+ elem.setAttribute("output", self.output)
+ frag.appendChild(elem)
+ return frag
+
+
+def format_banner(scan):
+ """Format a startup banner more or less like Nmap does."""
+ scanner = "Nmap"
+ if scan.scanner is not None and scan.scanner != "nmap":
+ scanner = scan.scanner
+ parts = [scanner]
+ if scan.version is not None:
+ parts.append(scan.version)
+ parts.append("scan")
+ if scan.start_date is not None:
+ parts.append("initiated %s" % scan.start_date.strftime(
+ "%a %b %d %H:%M:%S %Y"))
+ if scan.args is not None:
+ parts.append("as: %s" % scan.args)
+ return " ".join(parts)
+
+
+def print_script_result_diffs_text(title, script_results_a, script_results_b,
+ script_result_diffs, f=sys.stdout):
+ table = Table("*")
+ for sr_diff in script_result_diffs:
+ sr_diff.append_to_port_table(table)
+ if len(table) > 0:
+ print(file=f)
+ if len(script_results_b) == 0:
+ print("-%s:" % title, file=f)
+ elif len(script_results_a) == 0:
+ print("+%s:" % title, file=f)
+ else:
+ print(" %s:" % title, file=f)
+ print(table, file=f)
+
+
+def script_result_diffs_to_dom_fragment(elem, script_results_a,
+ script_results_b, script_result_diffs, document):
+ if len(script_results_a) == 0 and len(script_results_b) == 0:
+ return document.createDocumentFragment()
+ elif len(script_results_b) == 0:
+ a_elem = document.createElement("a")
+ for sr in script_results_a:
+ elem.appendChild(sr.to_dom_fragment(document))
+ a_elem.appendChild(elem)
+ return a_elem
+ elif len(script_results_a) == 0:
+ b_elem = document.createElement("b")
+ for sr in script_results_b:
+ elem.appendChild(sr.to_dom_fragment(document))
+ b_elem.appendChild(elem)
+ return b_elem
+ else:
+ for sr_diff in script_result_diffs:
+ elem.appendChild(sr_diff.to_dom_fragment(document))
+ return elem
+
+
+def host_pairs(a, b):
+ """Take hosts lists a and b, which must be sorted by id, and return pairs.
+ When the heads of both lists have the same ids, they are returned together.
+ Otherwise the one with the smaller id is returned, with an empty host as
+ its counterpart, and the one with the higher id will remain in its list for
+ a later iteration."""
+ i = 0
+ j = 0
+ while i < len(a) and j < len(b):
+ if a[i].get_id() < b[j].get_id():
+ yield a[i], Host()
+ i += 1
+ elif a[i].get_id() > b[j].get_id():
+ yield Host(), b[j]
+ j += 1
+ else:
+ yield a[i], b[j]
+ i += 1
+ j += 1
+ while i < len(a):
+ yield a[i], Host()
+ i += 1
+ while j < len(b):
+ yield Host(), b[j]
+ j += 1
+
+
+class ScanDiff(object):
+ """An abstract class for different diff output types. Subclasses must
+ define various output methods."""
+ def __init__(self, scan_a, scan_b, f=sys.stdout):
+ """Create a ScanDiff from the "before" scan_a and the "after"
+ scan_b."""
+ self.scan_a = scan_a
+ self.scan_b = scan_b
+ self.f = f
+
+ def output(self):
+ self.scan_a.sort_hosts()
+ self.scan_b.sort_hosts()
+
+ self.output_beginning()
+
+ pre_script_result_diffs = ScriptResultDiff.diff_lists(
+ self.scan_a.pre_script_results, self.scan_b.pre_script_results)
+ self.output_pre_scripts(pre_script_result_diffs)
+
+ cost = 0
+ # Currently we never consider diffing hosts with a different id
+ # (address or host name), which could lead to better diffs.
+ for host_a, host_b in host_pairs(self.scan_a.hosts, self.scan_b.hosts):
+ h_diff = HostDiff(host_a, host_b)
+ cost += h_diff.cost
+ if h_diff.cost > 0 or verbose:
+ self.output_host_diff(h_diff)
+
+ post_script_result_diffs = ScriptResultDiff.diff_lists(
+ self.scan_a.post_script_results,
+ self.scan_b.post_script_results)
+ self.output_post_scripts(post_script_result_diffs)
+
+ self.output_ending()
+
+ return cost
+
+
+class ScanDiffText(ScanDiff):
+ def __init__(self, scan_a, scan_b, f=sys.stdout):
+ ScanDiff.__init__(self, scan_a, scan_b, f)
+
+ def output_beginning(self):
+ banner_a = format_banner(self.scan_a)
+ banner_b = format_banner(self.scan_b)
+ if banner_a != banner_b:
+ print("-%s" % banner_a, file=self.f)
+ print("+%s" % banner_b, file=self.f)
+ elif verbose:
+ print(" %s" % banner_a, file=self.f)
+
+ def output_pre_scripts(self, pre_script_result_diffs):
+ print_script_result_diffs_text("Pre-scan script results",
+ self.scan_a.pre_script_results, self.scan_b.pre_script_results,
+ pre_script_result_diffs, self.f)
+
+ def output_post_scripts(self, post_script_result_diffs):
+ print_script_result_diffs_text("Post-scan script results",
+ self.scan_a.post_script_results, self.scan_b.post_script_results,
+ post_script_result_diffs, self.f)
+
+ def output_host_diff(self, h_diff):
+ print(file=self.f)
+ h_diff.print_text(self.f)
+
+ def output_ending(self):
+ pass
+
+
+class ScanDiffXML(ScanDiff):
+ def __init__(self, scan_a, scan_b, f=sys.stdout):
+ ScanDiff.__init__(self, scan_a, scan_b, f)
+
+ impl = xml.dom.minidom.getDOMImplementation()
+ self.document = impl.createDocument(None, None, None)
+
+ self.writer = XMLWriter(f)
+
+ def nmaprun_differs(self):
+ for attr in ("scanner", "version", "args", "start_date", "end_date"):
+ if getattr(self.scan_a, attr, None) !=\
+ getattr(self.scan_b, attr, None):
+ return True
+ return False
+
+ def output_beginning(self):
+ self.writer.startDocument()
+ self.writer.startElement("nmapdiff", {"version": NDIFF_XML_VERSION})
+ self.writer.startElement("scandiff", {})
+
+ if self.nmaprun_differs():
+ self.writer.frag_a(
+ self.scan_a.nmaprun_to_dom_fragment(self.document))
+ self.writer.frag_b(
+ self.scan_b.nmaprun_to_dom_fragment(self.document))
+ elif verbose:
+ self.writer.frag(
+ self.scan_a.nmaprun_to_dom_fragment(self.document))
+
+ def output_pre_scripts(self, pre_script_result_diffs):
+ if len(pre_script_result_diffs) > 0 or verbose:
+ prescript_elem = self.document.createElement("prescript")
+ frag = script_result_diffs_to_dom_fragment(
+ prescript_elem, self.scan_a.pre_script_results,
+ self.scan_b.pre_script_results, pre_script_result_diffs,
+ self.document)
+ self.writer.frag(frag)
+ frag.unlink()
+
+ def output_post_scripts(self, post_script_result_diffs):
+ if len(post_script_result_diffs) > 0 or verbose:
+ postscript_elem = self.document.createElement("postscript")
+ frag = script_result_diffs_to_dom_fragment(
+ postscript_elem, self.scan_a.post_script_results,
+ self.scan_b.post_script_results, post_script_result_diffs,
+ self.document)
+ self.writer.frag(frag)
+ frag.unlink()
+
+ def output_host_diff(self, h_diff):
+ frag = h_diff.to_dom_fragment(self.document)
+ self.writer.frag(frag)
+ frag.unlink()
+
+ def output_ending(self):
+ self.writer.endElement("scandiff")
+ self.writer.endElement("nmapdiff")
+ self.writer.endDocument()
+
+
+class HostDiff(object):
+ """A diff of two Hosts. It contains the two hosts, variables describing
+ what changed, and a list of PortDiffs and OS differences."""
+ def __init__(self, host_a, host_b):
+ self.host_a = host_a
+ self.host_b = host_b
+ self.state_changed = False
+ self.id_changed = False
+ self.os_changed = False
+ self.extraports_changed = False
+ self.ports = []
+ self.port_diffs = {}
+ self.os_diffs = []
+ self.script_result_diffs = []
+ self.cost = 0
+
+ self.diff()
+
+ def diff(self):
+ if self.host_a.state != self.host_b.state:
+ self.state_changed = True
+ self.cost += 1
+
+ if set(self.host_a.addresses) != set(self.host_b.addresses) \
+ or set(self.host_a.hostnames) != set(self.host_b.hostnames):
+ self.id_changed = True
+ self.cost += 1
+
+ all_specs = list(
+ set(self.host_a.ports.keys()).union(
+ set(self.host_b.ports.keys())))
+ all_specs.sort()
+ for spec in all_specs:
+ # Currently we only compare ports with the same spec. This ignores
+ # the possibility that a service is moved lock, stock, and barrel
+ # to another port.
+ port_a = self.host_a.ports.get(spec)
+ port_b = self.host_b.ports.get(spec)
+ diff = PortDiff(port_a or Port(spec), port_b or Port(spec))
+ if self.include_diff(diff):
+ port = port_a or port_b
+ self.ports.append(port)
+ self.port_diffs[port] = diff
+ self.cost += diff.cost
+
+ os_diffs = difflib.SequenceMatcher(
+ None, self.host_a.os, self.host_b.os)
+ self.os_diffs = os_diffs.get_opcodes()
+ os_cost = len([x for x in self.os_diffs if x[0] != "equal"])
+ if os_cost > 0:
+ self.os_changed = True
+ self.cost += os_cost
+
+ extraports_a = tuple((count, state)
+ for (state, count) in list(self.host_a.extraports.items()))
+ extraports_b = tuple((count, state)
+ for (state, count) in list(self.host_b.extraports.items()))
+ if extraports_a != extraports_b:
+ self.extraports_changed = True
+ self.cost += 1
+
+ self.script_result_diffs = ScriptResultDiff.diff_lists(
+ self.host_a.script_results, self.host_b.script_results)
+ self.cost += len(self.script_result_diffs)
+
+ def include_diff(self, diff):
+ # Don't include the diff if the states are only extraports. Include all
+ # diffs, even those with cost == 0, in verbose mode.
+ if self.host_a.is_extraports(diff.port_a.state) and \
+ self.host_b.is_extraports(diff.port_b.state):
+ return False
+ elif verbose:
+ return True
+ return diff.cost > 0
+
+ def print_text(self, f=sys.stdout):
+ host_a = self.host_a
+ host_b = self.host_b
+
+ # Names and addresses.
+ if self.id_changed:
+ if host_a.state is not None:
+ print("-%s:" % host_a.format_name(), file=f)
+ if self.host_b.state is not None:
+ print("+%s:" % host_b.format_name(), file=f)
+ else:
+ print(" %s:" % host_a.format_name(), file=f)
+
+ # State.
+ if self.state_changed:
+ if host_a.state is not None:
+ print("-Host is %s." % host_a.state, file=f)
+ if host_b.state is not None:
+ print("+Host is %s." % host_b.state, file=f)
+ elif verbose:
+ print(" Host is %s." % host_b.state, file=f)
+
+ # Extraports.
+ if self.extraports_changed:
+ if len(host_a.extraports) > 0:
+ print("-Not shown: %s" % host_a.extraports_string(), file=f)
+ if len(host_b.extraports) > 0:
+ print("+Not shown: %s" % host_b.extraports_string(), file=f)
+ elif verbose:
+ if len(host_a.extraports) > 0:
+ print(" Not shown: %s" % host_a.extraports_string(), file=f)
+
+ # Port table.
+ port_table = Table("** * * *")
+ if host_a.state is None:
+ mark = "+"
+ elif host_b.state is None:
+ mark = "-"
+ else:
+ mark = " "
+ port_table.append((mark, "PORT", "STATE", "SERVICE", "VERSION"))
+
+ for port in self.ports:
+ port_diff = self.port_diffs[port]
+ port_diff.append_to_port_table(port_table, host_a, host_b)
+
+ if len(port_table) > 1:
+ print(port_table, file=f)
+
+ # OS changes.
+ if self.os_changed or verbose:
+ if len(host_a.os) > 0:
+ if len(host_b.os) > 0:
+ print(" OS details:", file=f)
+ else:
+ print("-OS details:", file=f)
+ elif len(host_b.os) > 0:
+ print("+OS details:", file=f)
+ # os_diffs is a list of 5-tuples returned by
+ # difflib.SequenceMatcher.
+ for op, i1, i2, j1, j2 in self.os_diffs:
+ if op == "replace" or op == "delete":
+ for i in range(i1, i2):
+ print("- %s" % host_a.os[i], file=f)
+ if op == "replace" or op == "insert":
+ for i in range(j1, j2):
+ print("+ %s" % host_b.os[i], file=f)
+ if op == "equal":
+ for i in range(i1, i2):
+ print(" %s" % host_a.os[i], file=f)
+
+ print_script_result_diffs_text("Host script results",
+ host_a.script_results, host_b.script_results,
+ self.script_result_diffs)
+
+ def to_dom_fragment(self, document):
+ host_a = self.host_a
+ host_b = self.host_b
+
+ frag = document.createDocumentFragment()
+ hostdiff_elem = document.createElement("hostdiff")
+ frag.appendChild(hostdiff_elem)
+
+ if host_a.state is None or host_b.state is None:
+ # The host is missing in one scan. Output the whole thing.
+ if host_a.state is not None:
+ a_elem = document.createElement("a")
+ a_elem.appendChild(host_a.to_dom_fragment(document))
+ hostdiff_elem.appendChild(a_elem)
+ elif host_b.state is not None:
+ b_elem = document.createElement("b")
+ b_elem.appendChild(host_b.to_dom_fragment(document))
+ hostdiff_elem.appendChild(b_elem)
+ return frag
+
+ host_elem = document.createElement("host")
+
+ # State.
+ if host_a.state == host_b.state:
+ if verbose:
+ host_elem.appendChild(host_a.state_to_dom_fragment(document))
+ else:
+ a_elem = document.createElement("a")
+ a_elem.appendChild(host_a.state_to_dom_fragment(document))
+ host_elem.appendChild(a_elem)
+ b_elem = document.createElement("b")
+ b_elem.appendChild(host_b.state_to_dom_fragment(document))
+ host_elem.appendChild(b_elem)
+
+ # Addresses.
+ addrset_a = set(host_a.addresses)
+ addrset_b = set(host_b.addresses)
+ for addr in sorted(addrset_a.intersection(addrset_b)):
+ host_elem.appendChild(addr.to_dom_fragment(document))
+ a_elem = document.createElement("a")
+ for addr in sorted(addrset_a - addrset_b):
+ a_elem.appendChild(addr.to_dom_fragment(document))
+ if a_elem.hasChildNodes():
+ host_elem.appendChild(a_elem)
+ b_elem = document.createElement("b")
+ for addr in sorted(addrset_b - addrset_a):
+ b_elem.appendChild(addr.to_dom_fragment(document))
+ if b_elem.hasChildNodes():
+ host_elem.appendChild(b_elem)
+
+ # Host names.
+ hostnames_elem = document.createElement("hostnames")
+ hostnameset_a = set(host_a.hostnames)
+ hostnameset_b = set(host_b.hostnames)
+ for hostname in sorted(hostnameset_a.intersection(hostnameset_b)):
+ hostnames_elem.appendChild(
+ host_a.hostname_to_dom_fragment(document, hostname))
+ a_elem = document.createElement("a")
+ for hostname in sorted(hostnameset_a - hostnameset_b):
+ a_elem.appendChild(
+ host_a.hostname_to_dom_fragment(document, hostname))
+ if a_elem.hasChildNodes():
+ hostnames_elem.appendChild(a_elem)
+ b_elem = document.createElement("b")
+ for hostname in sorted(hostnameset_b - hostnameset_a):
+ b_elem.appendChild(
+ host_b.hostname_to_dom_fragment(document, hostname))
+ if b_elem.hasChildNodes():
+ hostnames_elem.appendChild(b_elem)
+ if hostnames_elem.hasChildNodes():
+ host_elem.appendChild(hostnames_elem)
+
+ ports_elem = document.createElement("ports")
+ # Extraports.
+ if host_a.extraports == host_b.extraports:
+ ports_elem.appendChild(host_a.extraports_to_dom_fragment(document))
+ else:
+ a_elem = document.createElement("a")
+ a_elem.appendChild(host_a.extraports_to_dom_fragment(document))
+ ports_elem.appendChild(a_elem)
+ b_elem = document.createElement("b")
+ b_elem.appendChild(host_b.extraports_to_dom_fragment(document))
+ ports_elem.appendChild(b_elem)
+ # Port list.
+ for port in self.ports:
+ p_diff = self.port_diffs[port]
+ if p_diff.cost == 0:
+ if verbose:
+ ports_elem.appendChild(port.to_dom_fragment(document))
+ else:
+ ports_elem.appendChild(p_diff.to_dom_fragment(document))
+ if ports_elem.hasChildNodes():
+ host_elem.appendChild(ports_elem)
+
+ # OS changes.
+ if self.os_changed or verbose:
+ os_elem = document.createElement("os")
+ # os_diffs is a list of 5-tuples returned by
+ # difflib.SequenceMatcher.
+ for op, i1, i2, j1, j2 in self.os_diffs:
+ if op == "replace" or op == "delete":
+ a_elem = document.createElement("a")
+ for i in range(i1, i2):
+ a_elem.appendChild(host_a.os_to_dom_fragment(
+ document, host_a.os[i]))
+ os_elem.appendChild(a_elem)
+ if op == "replace" or op == "insert":
+ b_elem = document.createElement("b")
+ for i in range(j1, j2):
+ b_elem.appendChild(host_b.os_to_dom_fragment(
+ document, host_b.os[i]))
+ os_elem.appendChild(b_elem)
+ if op == "equal":
+ for i in range(i1, i2):
+ os_elem.appendChild(host_a.os_to_dom_fragment(
+ document, host_a.os[i]))
+ if os_elem.hasChildNodes():
+ host_elem.appendChild(os_elem)
+
+ # Host script changes.
+ if len(self.script_result_diffs) > 0 or verbose:
+ hostscript_elem = document.createElement("hostscript")
+ host_elem.appendChild(script_result_diffs_to_dom_fragment(
+ hostscript_elem, host_a.script_results,
+ host_b.script_results, self.script_result_diffs,
+ document))
+
+ hostdiff_elem.appendChild(host_elem)
+
+ return frag
+
+
+class PortDiff(object):
+ """A diff of two Ports. It contains the two ports and the cost of changing
+ one into the other. If the cost is 0 then the two ports are the same."""
+ def __init__(self, port_a, port_b):
+ self.port_a = port_a
+ self.port_b = port_b
+ self.script_result_diffs = []
+ self.cost = 0
+
+ self.diff()
+
+ def diff(self):
+ if self.port_a.spec != self.port_b.spec:
+ self.cost += 1
+
+ if self.port_a.state != self.port_b.state:
+ self.cost += 1
+
+ if self.port_a.service != self.port_b.service:
+ self.cost += 1
+
+ self.script_result_diffs = ScriptResultDiff.diff_lists(
+ self.port_a.script_results, self.port_b.script_results)
+ self.cost += len(self.script_result_diffs)
+
+ # PortDiffs are inserted into a Table and then printed, not printed out
+ # directly. That's why this class has append_to_port_table instead of
+ # print_text.
+ def append_to_port_table(self, table, host_a, host_b):
+ """Append this port diff to a Table containing five columns:
+ +- PORT STATE SERVICE VERSION
+ The "+-" stands for the diff indicator column."""
+ a_columns = [self.port_a.spec_string(),
+ self.port_a.state_string(),
+ self.port_a.service.name_string(),
+ self.port_a.service.version_string()]
+ b_columns = [self.port_b.spec_string(),
+ self.port_b.state_string(),
+ self.port_b.service.name_string(),
+ self.port_b.service.version_string()]
+ if a_columns == b_columns:
+ if verbose or self.script_result_diffs > 0:
+ table.append([" "] + a_columns)
+ else:
+ if not host_a.is_extraports(self.port_a.state):
+ table.append(["-"] + a_columns)
+ if not host_b.is_extraports(self.port_b.state):
+ table.append(["+"] + b_columns)
+
+ for sr_diff in self.script_result_diffs:
+ sr_diff.append_to_port_table(table)
+
+ def to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ portdiff_elem = document.createElement("portdiff")
+ frag.appendChild(portdiff_elem)
+ if (self.port_a.spec == self.port_b.spec and
+ self.port_a.state == self.port_b.state):
+ port_elem = document.createElement("port")
+ port_elem.setAttribute("portid", str(self.port_a.spec[0]))
+ port_elem.setAttribute("protocol", self.port_a.spec[1])
+ if self.port_a.state is not None:
+ state_elem = document.createElement("state")
+ state_elem.setAttribute("state", self.port_a.state)
+ port_elem.appendChild(state_elem)
+ if self.port_a.service == self.port_b.service:
+ port_elem.appendChild(
+ self.port_a.service.to_dom_fragment(document))
+ else:
+ a_elem = document.createElement("a")
+ a_elem.appendChild(
+ self.port_a.service.to_dom_fragment(document))
+ port_elem.appendChild(a_elem)
+ b_elem = document.createElement("b")
+ b_elem.appendChild(
+ self.port_b.service.to_dom_fragment(document))
+ port_elem.appendChild(b_elem)
+ for sr_diff in self.script_result_diffs:
+ port_elem.appendChild(sr_diff.to_dom_fragment(document))
+ portdiff_elem.appendChild(port_elem)
+ else:
+ a_elem = document.createElement("a")
+ a_elem.appendChild(self.port_a.to_dom_fragment(document))
+ portdiff_elem.appendChild(a_elem)
+ b_elem = document.createElement("b")
+ b_elem.appendChild(self.port_b.to_dom_fragment(document))
+ portdiff_elem.appendChild(b_elem)
+
+ return frag
+
+
+class ScriptResultDiff(object):
+ def __init__(self, sr_a, sr_b):
+ """One of sr_a and sr_b may be None."""
+ self.sr_a = sr_a
+ self.sr_b = sr_b
+
+ def diff_lists(a, b):
+ """Return a list of ScriptResultDiffs from two sorted lists of
+ ScriptResults."""
+ diffs = []
+ i = 0
+ j = 0
+ # This algorithm is like a merge of sorted lists.
+ while i < len(a) and j < len(b):
+ if a[i].id < b[j].id:
+ diffs.append(ScriptResultDiff(a[i], None))
+ i += 1
+ elif a[i].id > b[j].id:
+ diffs.append(ScriptResultDiff(None, b[j]))
+ j += 1
+ else:
+ if a[i].output != b[j].output or verbose:
+ diffs.append(ScriptResultDiff(a[i], b[j]))
+ i += 1
+ j += 1
+ while i < len(a):
+ diffs.append(ScriptResultDiff(a[i], None))
+ i += 1
+ while j < len(b):
+ diffs.append(ScriptResultDiff(None, b[j]))
+ j += 1
+ return diffs
+ diff_lists = staticmethod(diff_lists)
+
+ # Script result diffs are appended to a port table rather than being
+ # printed directly, so append_to_port_table exists instead of print_text.
+ def append_to_port_table(self, table):
+ a_lines = []
+ b_lines = []
+ if self.sr_a is not None:
+ a_lines = self.sr_a.get_lines()
+ if self.sr_b is not None:
+ b_lines = self.sr_b.get_lines()
+ if a_lines != b_lines or verbose:
+ diffs = difflib.SequenceMatcher(None, a_lines, b_lines)
+ for op, i1, i2, j1, j2 in diffs.get_opcodes():
+ if op == "replace" or op == "delete":
+ for k in range(i1, i2):
+ table.append_raw("-" + a_lines[k])
+ if op == "replace" or op == "insert":
+ for k in range(j1, j2):
+ table.append_raw("+" + b_lines[k])
+ if op == "equal":
+ for k in range(i1, i2):
+ table.append_raw(" " + a_lines[k])
+
+ def to_dom_fragment(self, document):
+ frag = document.createDocumentFragment()
+ if (self.sr_a is not None and
+ self.sr_b is not None and
+ self.sr_a == self.sr_b):
+ frag.appendChild(self.sr_a.to_dom_fragment(document))
+ else:
+ if self.sr_a is not None:
+ a_elem = document.createElement("a")
+ a_elem.appendChild(self.sr_a.to_dom_fragment(document))
+ frag.appendChild(a_elem)
+ if self.sr_b is not None:
+ b_elem = document.createElement("b")
+ b_elem.appendChild(self.sr_b.to_dom_fragment(document))
+ frag.appendChild(b_elem)
+ return frag
+
+
+class Table(object):
+ """A table of character data, like NmapOutputTable."""
+ def __init__(self, template):
+ """template is a string consisting of "*" and other characters. Each
+ "*" is a left-justified space-padded field. All other characters are
+ copied to the output."""
+ self.widths = []
+ self.rows = []
+ self.prefix = ""
+ self.padding = []
+ j = 0
+ while j < len(template) and template[j] != "*":
+ j += 1
+ self.prefix = template[:j]
+ j += 1
+ i = j
+ while j < len(template):
+ while j < len(template) and template[j] != "*":
+ j += 1
+ self.padding.append(template[i:j])
+ j += 1
+ i = j
+
+ def append(self, row):
+ strings = []
+
+ row = list(row)
+ # Remove trailing Nones.
+ while len(row) > 0 and row[-1] is None:
+ row.pop()
+
+ for i in range(len(row)):
+ if row[i] is None:
+ s = ""
+ else:
+ s = str(row[i])
+ if i == len(self.widths):
+ self.widths.append(len(s))
+ elif len(s) > self.widths[i]:
+ self.widths[i] = len(s)
+ strings.append(s)
+ self.rows.append(strings)
+
+ def append_raw(self, s):
+ """Append a raw string for a row that is not formatted into columns."""
+ self.rows.append(s)
+
+ def __len__(self):
+ return len(self.rows)
+
+ def __str__(self):
+ lines = []
+ for row in self.rows:
+ parts = [self.prefix]
+ i = 0
+ if isinstance(row, str):
+ # A raw string.
+ lines.append(row)
+ else:
+ while i < len(row):
+ parts.append(row[i].ljust(self.widths[i]))
+ if i < len(self.padding):
+ parts.append(self.padding[i])
+ i += 1
+ lines.append("".join(parts).rstrip())
+ return "\n".join(lines)
+
+
+def warn(str):
+ """Print a warning to stderr."""
+ print(str, file=sys.stderr)
+
+
+class NmapContentHandler(xml.sax.handler.ContentHandler):
+ """The xml.sax ContentHandler for the XML parser. It contains a Scan object
+ that is filled in and can be read back again once the parse method is
+ finished."""
+ def __init__(self, scan):
+ xml.sax.handler.ContentHandler.__init__(self)
+ self.scan = scan
+
+ # We keep a stack of the elements we've seen, pushing on start and
+ # popping on end.
+ self.element_stack = []
+
+ self.current_host = None
+ self.current_port = None
+ self.skip_over = False
+
+ self._start_elem_handlers = {
+ "nmaprun": self._start_nmaprun,
+ "host": self._start_host,
+ "hosthint": self._start_hosthint,
+ "status": self._start_status,
+ "address": self._start_address,
+ "hostname": self._start_hostname,
+ "extraports": self._start_extraports,
+ "port": self._start_port,
+ "state": self._start_state,
+ "service": self._start_service,
+ "script": self._start_script,
+ "osmatch": self._start_osmatch,
+ "finished": self._start_finished,
+ }
+ self._end_elem_handlers = {
+ 'host': self._end_host,
+ 'hosthint': self._end_hosthint,
+ 'port': self._end_port,
+ }
+
+ def parent_element(self):
+ """Return the name of the element containing the current one, or None
+ if this is the root element."""
+ if len(self.element_stack) == 0:
+ return None
+ return self.element_stack[-1]
+
+ def startElement(self, name, attrs):
+ """This method keeps track of element_stack. The real parsing work is
+ done in the _start_*() handlers. This is to make it easy for them to
+ bail out on error."""
+ handler = self._start_elem_handlers.get(name)
+ if handler is not None and not self.skip_over:
+ handler(name, attrs)
+ self.element_stack.append(name)
+
+ def endElement(self, name):
+ """This method keeps track of element_stack. The real parsing work is
+ done in _end_*() handlers."""
+ self.element_stack.pop()
+ handler = self._end_elem_handlers.get(name)
+ if handler is not None:
+ handler(name)
+
+ def _start_nmaprun(self, name, attrs):
+ assert self.parent_element() is None
+ if "start" in attrs:
+ start_timestamp = int(attrs.get("start"))
+ self.scan.start_date = datetime.datetime.fromtimestamp(
+ start_timestamp)
+ self.scan.scanner = attrs.get("scanner")
+ self.scan.args = attrs.get("args")
+ self.scan.version = attrs.get("version")
+
+ def _start_host(self, name, attrs):
+ assert self.parent_element() == "nmaprun"
+ self.current_host = Host()
+ self.scan.hosts.append(self.current_host)
+
+ def _start_hosthint(self, name, attrs):
+ assert self.parent_element() == "nmaprun"
+ self.skip_over = True
+
+ def _start_status(self, name, attrs):
+ assert self.parent_element() == "host"
+ assert self.current_host is not None
+ state = attrs.get("state")
+ if state is None:
+ warn('%s element of host %s is missing the "state" attribute; '
+ 'assuming "unknown".' % (
+ name, self.current_host.format_name()))
+ return
+ self.current_host.state = state
+
+ def _start_address(self, name, attrs):
+ assert self.parent_element() == "host"
+ assert self.current_host is not None
+ addr = attrs.get("addr")
+ if addr is None:
+ warn('%s element of host %s is missing the "addr" '
+ 'attribute; skipping.' % (
+ name, self.current_host.format_name()))
+ return
+ addrtype = attrs.get("addrtype", "ipv4")
+ self.current_host.add_address(Address.new(addrtype, addr))
+
+ def _start_hostname(self, name, attrs):
+ assert self.parent_element() == "hostnames"
+ assert self.current_host is not None
+ hostname = attrs.get("name")
+ if hostname is None:
+ warn('%s element of host %s is missing the "name" '
+ 'attribute; skipping.' % (
+ name, self.current_host.format_name()))
+ return
+ self.current_host.add_hostname(hostname)
+
+ def _start_extraports(self, name, attrs):
+ assert self.parent_element() == "ports"
+ assert self.current_host is not None
+ state = attrs.get("state")
+ if state is None:
+ warn('%s element of host %s is missing the "state" '
+ 'attribute; assuming "unknown".' % (
+ name, self.current_host.format_name()))
+ state = None
+ if state in self.current_host.extraports:
+ warn('Duplicate extraports state "%s" in host %s.' % (
+ state, self.current_host.format_name()))
+
+ count = attrs.get("count")
+ if count is None:
+ warn('%s element of host %s is missing the "count" '
+ 'attribute; assuming 0.' % (
+ name, self.current_host.format_name()))
+ count = 0
+ else:
+ try:
+ count = int(count)
+ except ValueError:
+ warn("Can't convert extraports count \"%s\" "
+ "to an integer in host %s; assuming 0." % (
+ attrs["count"], self.current_host.format_name()))
+ count = 0
+ self.current_host.extraports[state] = count
+
+ def _start_port(self, name, attrs):
+ assert self.parent_element() == "ports"
+ assert self.current_host is not None
+ portid_str = attrs.get("portid")
+ if portid_str is None:
+ warn('%s element of host %s missing the "portid" '
+ 'attribute; skipping.' % (
+ name, self.current_host.format_name()))
+ return
+ try:
+ portid = int(portid_str)
+ except ValueError:
+ warn("Can't convert portid \"%s\" to an integer "
+ "in host %s; skipping port." % (
+ portid_str, self.current_host.format_name()))
+ return
+ protocol = attrs.get("protocol")
+ if protocol is None:
+ warn('%s element of host %s missing the "protocol" '
+ 'attribute; skipping.' % (
+ name, self.current_host.format_name()))
+ return
+ self.current_port = Port((portid, protocol))
+
+ def _start_state(self, name, attrs):
+ assert self.parent_element() == "port"
+ assert self.current_host is not None
+ if self.current_port is None:
+ return
+ if "state" not in attrs:
+ warn('%s element of port %s is missing the "state" '
+ 'attribute; assuming "unknown".' % (
+ name, self.current_port.spec_string()))
+ return
+ self.current_port.state = attrs["state"]
+ self.current_host.add_port(self.current_port)
+
+ def _start_service(self, name, attrs):
+ assert self.parent_element() == "port"
+ assert self.current_host is not None
+ if self.current_port is None:
+ return
+ self.current_port.service.name = attrs.get("name")
+ self.current_port.service.product = attrs.get("product")
+ self.current_port.service.version = attrs.get("version")
+ self.current_port.service.extrainfo = attrs.get("extrainfo")
+ self.current_port.service.tunnel = attrs.get("tunnel")
+
+ def _start_script(self, name, attrs):
+ result = ScriptResult()
+ result.id = attrs.get("id")
+ if result.id is None:
+ warn('%s element missing the "id" attribute; skipping.' % name)
+ return
+
+ result.output = attrs.get("output")
+ if result.output is None:
+ warn('%s element missing the "output" attribute; skipping.'
+ % name)
+ return
+ if self.parent_element() == "prescript":
+ self.scan.pre_script_results.append(result)
+ elif self.parent_element() == "postscript":
+ self.scan.post_script_results.append(result)
+ elif self.parent_element() == "hostscript":
+ self.current_host.script_results.append(result)
+ elif self.parent_element() == "port":
+ self.current_port.script_results.append(result)
+ else:
+ warn("%s element not inside prescript, postscript, hostscript, "
+ "or port element; ignoring." % name)
+ return
+
+ def _start_osmatch(self, name, attrs):
+ assert self.parent_element() == "os"
+ assert self.current_host is not None
+ if "name" not in attrs:
+ warn('%s element of host %s is missing the "name" '
+ 'attribute; skipping.' % (
+ name, self.current_host.format_name()))
+ return
+ self.current_host.os.append(attrs["name"])
+
+ def _start_finished(self, name, attrs):
+ assert self.parent_element() == "runstats"
+ if "time" in attrs:
+ end_timestamp = int(attrs.get("time"))
+ self.scan.end_date = datetime.datetime.fromtimestamp(end_timestamp)
+
+ def _end_host(self, name):
+ self.current_host.script_results.sort()
+ self.current_host = None
+
+ def _end_hosthint(self, name):
+ self.skip_over = False
+
+ def _end_port(self, name):
+ self.current_port.script_results.sort()
+ self.current_port = None
+
+
+class XMLWriter (xml.sax.saxutils.XMLGenerator):
+ def __init__(self, f):
+ xml.sax.saxutils.XMLGenerator.__init__(self, f, "utf-8")
+ self.f = f
+
+ def frag(self, frag):
+ for node in frag.childNodes:
+ node.writexml(self.f, newl="\n")
+
+ def frag_a(self, frag):
+ self.startElement("a", {})
+ for node in frag.childNodes:
+ node.writexml(self.f, newl="\n")
+ self.endElement("a")
+
+ def frag_b(self, frag):
+ self.startElement("b", {})
+ for node in frag.childNodes:
+ node.writexml(self.f, newl="\n")
+ self.endElement("b")
+
+
+def usage():
+ print("""\
+Usage: %s [option] FILE1 FILE2
+Compare two Nmap XML files and display a list of their differences.
+Differences include host state changes, port state changes, and changes to
+service and OS detection.
+
+ -h, --help display this help
+ -v, --verbose also show hosts and ports that haven't changed.
+ --text display output in text format (default)
+ --xml display output in XML format\
+""" % sys.argv[0])
+
+EXIT_EQUAL = 0
+EXIT_DIFFERENT = 1
+EXIT_ERROR = 2
+
+
+def usage_error(msg):
+ print("%s: %s" % (sys.argv[0], msg), file=sys.stderr)
+ print("Try '%s -h' for help." % sys.argv[0], file=sys.stderr)
+ sys.exit(EXIT_ERROR)
+
+
+def main():
+ global verbose
+ output_format = None
+
+ try:
+ opts, input_filenames = getopt.gnu_getopt(
+ sys.argv[1:], "hv", ["help", "text", "verbose", "xml"])
+ except getopt.GetoptError as e:
+ usage_error(e.msg)
+ for o, a in opts:
+ if o == "-h" or o == "--help":
+ usage()
+ sys.exit(0)
+ elif o == "-v" or o == "--verbose":
+ verbose = True
+ elif o == "--text":
+ if output_format is not None and output_format != "text":
+ usage_error("contradictory output format options.")
+ output_format = "text"
+ elif o == "--xml":
+ if output_format is not None and output_format != "xml":
+ usage_error("contradictory output format options.")
+ output_format = "xml"
+
+ if len(input_filenames) != 2:
+ usage_error("need exactly two input filenames.")
+
+ if output_format is None:
+ output_format = "text"
+
+ filename_a = input_filenames[0]
+ filename_b = input_filenames[1]
+
+ try:
+ scan_a = Scan()
+ scan_a.load_from_file(filename_a)
+ scan_b = Scan()
+ scan_b.load_from_file(filename_b)
+ except IOError as e:
+ print("Can't open file: %s" % str(e), file=sys.stderr)
+ sys.exit(EXIT_ERROR)
+
+ if output_format == "text":
+ diff = ScanDiffText(scan_a, scan_b)
+ elif output_format == "xml":
+ diff = ScanDiffXML(scan_a, scan_b)
+ cost = diff.output()
+
+ if cost == 0:
+ return EXIT_EQUAL
+ else:
+ return EXIT_DIFFERENT
+
+
+# Catch uncaught exceptions so they can produce an exit code of 2 (EXIT_ERROR),
+# not 1 like they would by default.
+def excepthook(type, value, tb):
+ sys.__excepthook__(type, value, tb)
+ sys.exit(EXIT_ERROR)
+
+if __name__ == "__main__":
+ sys.excepthook = excepthook
+ sys.exit(main())
diff --git a/ndiff/ndifftest.py b/ndiff/ndifftest.py
new file mode 100755
index 0000000..27fc525
--- /dev/null
+++ b/ndiff/ndifftest.py
@@ -0,0 +1,807 @@
+#!/usr/bin/env python3
+
+# Unit tests for Ndiff.
+
+import subprocess
+import sys
+import unittest
+
+# Prevent loading PyXML
+import xml
+xml.__path__ = [x for x in xml.__path__ if "_xmlplus" not in x]
+
+import xml.dom.minidom
+
+import imp
+dont_write_bytecode = sys.dont_write_bytecode
+sys.dont_write_bytecode = True
+ndiff = imp.load_source("ndiff", "ndiff.py")
+for x in dir(ndiff):
+ if not x.startswith("_"):
+ globals()[x] = getattr(ndiff, x)
+sys.dont_write_bytecode = dont_write_bytecode
+del dont_write_bytecode
+
+import io
+
+
+class scan_test(unittest.TestCase):
+ """Test the Scan class."""
+ def test_empty(self):
+ scan = Scan()
+ scan.load_from_file("test-scans/empty.xml")
+ self.assertEqual(len(scan.hosts), 0)
+ self.assertNotEqual(scan.start_date, None)
+ self.assertNotEqual(scan.end_date, None)
+
+ def test_single(self):
+ scan = Scan()
+ scan.load_from_file("test-scans/single.xml")
+ self.assertEqual(len(scan.hosts), 1)
+
+ def test_simple(self):
+ """Test that the correct number of known ports is returned when there
+ are no extraports."""
+ scan = Scan()
+ scan.load_from_file("test-scans/simple.xml")
+ host = scan.hosts[0]
+ self.assertEqual(len(host.ports), 2)
+
+ def test_extraports(self):
+ scan = Scan()
+ scan.load_from_file("test-scans/single.xml")
+ host = scan.hosts[0]
+ self.assertEqual(len(host.ports), 5)
+ self.assertEqual(list(host.extraports.items()), [("filtered", 95)])
+
+ def test_extraports_multi(self):
+ """Test that the correct number of known ports is returned when there
+ are extraports in more than one state."""
+ scan = Scan()
+ scan.load_from_file("test-scans/complex.xml")
+ host = scan.hosts[0]
+ self.assertEqual(len(host.ports), 6)
+ self.assertEqual(set(host.extraports.items()),
+ set([("filtered", 95), ("open|filtered", 99)]))
+
+ def test_nmaprun(self):
+ """Test that nmaprun information is recorded."""
+ scan = Scan()
+ scan.load_from_file("test-scans/empty.xml")
+ self.assertEqual(scan.scanner, "nmap")
+ self.assertEqual(scan.version, "4.90RC2")
+ self.assertEqual(scan.args, "nmap -oX empty.xml -p 1-100")
+
+ def test_addresses(self):
+ """Test that addresses are recorded."""
+ scan = Scan()
+ scan.load_from_file("test-scans/simple.xml")
+ host = scan.hosts[0]
+ self.assertEqual(host.addresses, [IPv4Address("64.13.134.52")])
+
+ def test_hostname(self):
+ """Test that hostnames are recorded."""
+ scan = Scan()
+ scan.load_from_file("test-scans/simple.xml")
+ host = scan.hosts[0]
+ self.assertEqual(host.hostnames, ["scanme.nmap.org"])
+
+ def test_os(self):
+ """Test that OS information is recorded."""
+ scan = Scan()
+ scan.load_from_file("test-scans/complex.xml")
+ host = scan.hosts[0]
+ self.assertTrue(len(host.os) > 0)
+
+ def test_script(self):
+ """Test that script results are recorded."""
+ scan = Scan()
+ scan.load_from_file("test-scans/complex.xml")
+ host = scan.hosts[0]
+ self.assertTrue(len(host.script_results) > 0)
+ self.assertTrue(len(host.ports[(22, "tcp")].script_results) > 0)
+
+# This test is commented out because Nmap XML doesn't store any information
+# about down hosts, not even the fact that they are down. Recovering the list
+# of scanned hosts to infer which ones are down would involve parsing the
+# targets out of the /nmaprun/@args attribute (which is non-trivial) and
+# possibly looking up their addresses.
+# def test_down_state(self):
+# """Test that hosts that are not marked "up" are in the "down"
+# state."""
+# scan = Scan()
+# scan.load_from_file("test-scans/down.xml")
+# self.assertTrue(len(scan.hosts) == 1)
+# host = scan.hosts[0]
+# self.assertTrue(host.state == "down")
+
+
+class host_test(unittest.TestCase):
+ """Test the Host class."""
+ def test_empty(self):
+ h = Host()
+ self.assertEqual(len(h.addresses), 0)
+ self.assertEqual(len(h.hostnames), 0)
+ self.assertEqual(len(h.ports), 0)
+ self.assertEqual(len(h.extraports), 0)
+ self.assertEqual(len(h.os), 0)
+
+ def test_format_name(self):
+ h = Host()
+ self.assertTrue(isinstance(h.format_name(), str))
+ h.add_address(IPv4Address("127.0.0.1"))
+ self.assertTrue("127.0.0.1" in h.format_name())
+ h.add_address(IPv6Address("::1"))
+ self.assertTrue("127.0.0.1" in h.format_name())
+ self.assertTrue("::1" in h.format_name())
+ h.add_hostname("localhost")
+ self.assertTrue("127.0.0.1" in h.format_name())
+ self.assertTrue("::1" in h.format_name())
+ self.assertTrue("localhost" in h.format_name())
+
+ def test_empty_get_port(self):
+ h = Host()
+ for num in 10, 100, 1000, 10000:
+ for proto in ("tcp", "udp", "ip"):
+ port = h.ports.get((num, proto))
+ self.assertEqual(port, None)
+
+ def test_add_port(self):
+ h = Host()
+ spec = (10, "tcp")
+ port = h.ports.get(spec)
+ self.assertEqual(port, None)
+ h.add_port(Port(spec, "open"))
+ self.assertEqual(len(h.ports), 1)
+ port = h.ports[spec]
+ self.assertEqual(port.state, "open")
+ h.add_port(Port(spec, "closed"))
+ self.assertEqual(len(h.ports), 1)
+ port = h.ports[spec]
+ self.assertEqual(port.state, "closed")
+
+ spec = (22, "tcp")
+ port = h.ports.get(spec)
+ self.assertEqual(port, None)
+ port = Port(spec)
+ port.state = "open"
+ port.service.name = "ssh"
+ h.add_port(port)
+ self.assertEqual(len(h.ports), 2)
+ port = h.ports[spec]
+ self.assertEqual(port.state, "open")
+ self.assertEqual(port.service.name, "ssh")
+
+ def test_extraports(self):
+ h = Host()
+ self.assertFalse(h.is_extraports("open"))
+ self.assertFalse(h.is_extraports("closed"))
+ self.assertFalse(h.is_extraports("filtered"))
+ h.extraports["closed"] = 10
+ self.assertFalse(h.is_extraports("open"))
+ self.assertTrue(h.is_extraports("closed"))
+ self.assertFalse(h.is_extraports("filtered"))
+ h.extraports["filtered"] = 10
+ self.assertFalse(h.is_extraports("open"))
+ self.assertTrue(h.is_extraports("closed"))
+ self.assertTrue(h.is_extraports("filtered"))
+ del h.extraports["closed"]
+ del h.extraports["filtered"]
+ self.assertFalse(h.is_extraports("open"))
+ self.assertFalse(h.is_extraports("closed"))
+ self.assertFalse(h.is_extraports("filtered"))
+
+ def test_parse(self):
+ s = Scan()
+ s.load_from_file("test-scans/single.xml")
+ h = s.hosts[0]
+ self.assertEqual(len(h.ports), 5)
+ self.assertEqual(len(h.extraports), 1)
+ self.assertEqual(list(h.extraports.keys())[0], "filtered")
+ self.assertEqual(list(h.extraports.values())[0], 95)
+ self.assertEqual(h.state, "up")
+
+
+class address_test(unittest.TestCase):
+ """Test the Address class."""
+ def test_ipv4_new(self):
+ a = Address.new("ipv4", "127.0.0.1")
+ self.assertEqual(a.type, "ipv4")
+
+ def test_ipv6_new(self):
+ a = Address.new("ipv6", "::1")
+ self.assertEqual(a.type, "ipv6")
+
+ def test_mac_new(self):
+ a = Address.new("mac", "00:00:00:00:00:00")
+ self.assertEqual(a.type, "mac")
+
+ def test_unknown_new(self):
+ self.assertRaises(ValueError, Address.new, "aaa", "")
+
+ def test_compare(self):
+ """Test that addresses with the same contents compare equal."""
+ a = IPv4Address("127.0.0.1")
+ self.assertEqual(a, a)
+ b = IPv4Address("127.0.0.1")
+ self.assertEqual(a, b)
+ c = Address.new("ipv4", "127.0.0.1")
+ self.assertEqual(a, c)
+ self.assertEqual(b, c)
+
+ d = IPv4Address("1.1.1.1")
+ self.assertNotEqual(a, d)
+
+ e = IPv6Address("::1")
+ self.assertEqual(e, e)
+ self.assertNotEqual(a, e)
+
+
+class port_test(unittest.TestCase):
+ """Test the Port class."""
+ def test_spec_string(self):
+ p = Port((10, "tcp"))
+ self.assertEqual(p.spec_string(), "10/tcp")
+ p = Port((100, "ip"))
+ self.assertEqual(p.spec_string(), "100/ip")
+
+ def test_state_string(self):
+ p = Port((10, "tcp"))
+ self.assertEqual(p.state_string(), "unknown")
+
+
+class service_test(unittest.TestCase):
+ """Test the Service class."""
+ def test_compare(self):
+ """Test that services with the same contents compare equal."""
+ a = Service()
+ a.name = "ftp"
+ a.product = "FooBar FTP"
+ a.version = "1.1.1"
+ a.tunnel = "ssl"
+ self.assertEqual(a, a)
+ b = Service()
+ b.name = "ftp"
+ b.product = "FooBar FTP"
+ b.version = "1.1.1"
+ b.tunnel = "ssl"
+ self.assertEqual(a, b)
+ b.name = "http"
+ self.assertNotEqual(a, b)
+ c = Service()
+ self.assertNotEqual(a, c)
+
+ def test_tunnel(self):
+ serv = Service()
+ serv.name = "http"
+ serv.tunnel = "ssl"
+ self.assertEqual(serv.name_string(), "ssl/http")
+
+ def test_version_string(self):
+ serv = Service()
+ serv.product = "FooBar"
+ self.assertTrue(len(serv.version_string()) > 0)
+ serv = Service()
+ serv.version = "1.2.3"
+ self.assertTrue(len(serv.version_string()) > 0)
+ serv = Service()
+ serv.extrainfo = "misconfigured"
+ self.assertTrue(len(serv.version_string()) > 0)
+ serv = Service()
+ serv.product = "FooBar"
+ serv.version = "1.2.3"
+ # Must match Nmap output.
+ self.assertEqual(serv.version_string(),
+ "%s %s" % (serv.product, serv.version))
+ serv.extrainfo = "misconfigured"
+ self.assertEqual(serv.version_string(),
+ "%s %s (%s)" % (serv.product, serv.version, serv.extrainfo))
+
+
+class ScanDiffSub(ScanDiff):
+ """A subclass of ScanDiff that counts diffs for testing."""
+ def __init__(self, scan_a, scan_b, f=sys.stdout):
+ ScanDiff.__init__(self, scan_a, scan_b, f)
+ self.pre_script_result_diffs = []
+ self.post_script_result_diffs = []
+ self.host_diffs = []
+
+ def output_beginning(self):
+ pass
+
+ def output_pre_scripts(self, pre_script_result_diffs):
+ self.pre_script_result_diffs = pre_script_result_diffs
+
+ def output_post_scripts(self, post_script_result_diffs):
+ self.post_script_result_diffs = post_script_result_diffs
+
+ def output_host_diff(self, h_diff):
+ self.host_diffs.append(h_diff)
+
+ def output_ending(self):
+ pass
+
+
+class scan_diff_test(unittest.TestCase):
+ """Test the ScanDiff class."""
+ def setUp(self):
+ self.blackhole = open("/dev/null", "w")
+
+ def tearDown(self):
+ self.blackhole.close()
+
+ def test_self(self):
+ scan = Scan()
+ scan.load_from_file("test-scans/complex.xml")
+ diff = ScanDiffText(scan, scan, self.blackhole)
+ cost = diff.output()
+ self.assertEqual(cost, 0)
+ diff = ScanDiffXML(scan, scan, self.blackhole)
+ cost = diff.output()
+ self.assertEqual(cost, 0)
+
+ def test_unknown_up(self):
+ a = Scan()
+ a.load_from_file("test-scans/empty.xml")
+ b = Scan()
+ b.load_from_file("test-scans/simple.xml")
+ diff = ScanDiffSub(a, b, self.blackhole)
+ diff.output()
+ self.assertEqual(len(diff.pre_script_result_diffs), 0)
+ self.assertEqual(len(diff.post_script_result_diffs), 0)
+ self.assertEqual(len(diff.host_diffs), 1)
+ h_diff = diff.host_diffs[0]
+ self.assertEqual(h_diff.host_a.state, None)
+ self.assertEqual(h_diff.host_b.state, "up")
+
+ def test_up_unknown(self):
+ a = Scan()
+ a.load_from_file("test-scans/simple.xml")
+ b = Scan()
+ b.load_from_file("test-scans/empty.xml")
+ diff = ScanDiffSub(a, b, self.blackhole)
+ diff.output()
+ self.assertEqual(len(diff.pre_script_result_diffs), 0)
+ self.assertEqual(len(diff.post_script_result_diffs), 0)
+ self.assertEqual(len(diff.host_diffs), 1)
+ h_diff = diff.host_diffs[0]
+ self.assertEqual(h_diff.host_a.state, "up")
+ self.assertEqual(h_diff.host_b.state, None)
+
+ def test_diff_is_effective(self):
+ """Test that a scan diff is effective. This means that if the
+ recommended changes are applied to the first scan the scans become the
+ same."""
+ PAIRS = (
+ ("empty", "empty"),
+ ("simple", "complex"),
+ ("complex", "simple"),
+ ("single", "os"),
+ ("os", "single"),
+ ("random-1", "simple"),
+ ("simple", "random-1"),
+ )
+ for pair in PAIRS:
+ a = Scan()
+ a.load_from_file("test-scans/%s.xml" % pair[0])
+ b = Scan()
+ b.load_from_file("test-scans/%s.xml" % pair[1])
+ diff = ScanDiffSub(a, b)
+ scan_apply_diff(a, diff)
+ diff = ScanDiffSub(a, b)
+ self.assertEqual(diff.host_diffs, [])
+
+
+class host_diff_test(unittest.TestCase):
+ """Test the HostDiff class."""
+ def test_empty(self):
+ a = Host()
+ b = Host()
+ diff = HostDiff(a, b)
+ self.assertFalse(diff.id_changed)
+ self.assertFalse(diff.state_changed)
+ self.assertFalse(diff.os_changed)
+ self.assertFalse(diff.extraports_changed)
+ self.assertEqual(diff.cost, 0)
+
+ def test_self(self):
+ h = Host()
+ h.add_port(Port((10, "tcp"), "open"))
+ h.add_port(Port((22, "tcp"), "closed"))
+ diff = HostDiff(h, h)
+ self.assertFalse(diff.id_changed)
+ self.assertFalse(diff.state_changed)
+ self.assertFalse(diff.os_changed)
+ self.assertFalse(diff.extraports_changed)
+ self.assertEqual(diff.cost, 0)
+
+ def test_state_change(self):
+ a = Host()
+ b = Host()
+ a.state = "up"
+ b.state = "down"
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.state_changed)
+ self.assertTrue(diff.cost > 0)
+
+ def test_state_change_unknown(self):
+ a = Host()
+ b = Host()
+ a.state = "up"
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.state_changed)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.state_changed)
+ self.assertTrue(diff.cost > 0)
+
+ def test_address_change(self):
+ a = Host()
+ b = Host()
+ b.add_address(Address.new("ipv4", "127.0.0.1"))
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+ a.add_address(Address.new("ipv4", "1.1.1.1"))
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+
+ def test_hostname_change(self):
+ a = Host()
+ b = Host()
+ b.add_hostname("host-1")
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+ a.add_address("host-2")
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.id_changed)
+ self.assertTrue(diff.cost > 0)
+
+ def test_port_state_change(self):
+ a = Host()
+ b = Host()
+ spec = (10, "tcp")
+ a.add_port(Port(spec, "open"))
+ b.add_port(Port(spec, "closed"))
+ diff = HostDiff(a, b)
+ self.assertTrue(len(diff.ports) > 0)
+ self.assertEqual(set(diff.ports), set(diff.port_diffs.keys()))
+ self.assertTrue(diff.cost > 0)
+
+ def test_port_state_change_unknown(self):
+ a = Host()
+ b = Host()
+ b.add_port(Port((10, "tcp"), "open"))
+ diff = HostDiff(a, b)
+ self.assertTrue(len(diff.ports) > 0)
+ self.assertEqual(set(diff.ports), set(diff.port_diffs.keys()))
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(len(diff.ports) > 0)
+ self.assertEqual(set(diff.ports), set(diff.port_diffs.keys()))
+ self.assertTrue(diff.cost > 0)
+
+ def test_port_state_change_multi(self):
+ a = Host()
+ b = Host()
+ a.add_port(Port((10, "tcp"), "open"))
+ a.add_port(Port((20, "tcp"), "closed"))
+ a.add_port(Port((30, "tcp"), "open"))
+ b.add_port(Port((10, "tcp"), "open"))
+ b.add_port(Port((20, "tcp"), "open"))
+ b.add_port(Port((30, "tcp"), "open"))
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.cost > 0)
+
+ def test_os_change(self):
+ a = Host()
+ b = Host()
+ a.os.append("os-1")
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.os_changed)
+ self.assertTrue(len(diff.os_diffs) > 0)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.os_changed)
+ self.assertTrue(len(diff.os_diffs) > 0)
+ self.assertTrue(diff.cost > 0)
+ b.os.append("os-2")
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.os_changed)
+ self.assertTrue(len(diff.os_diffs) > 0)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.os_changed)
+ self.assertTrue(len(diff.os_diffs) > 0)
+ self.assertTrue(diff.cost > 0)
+
+ def test_extraports_change(self):
+ a = Host()
+ b = Host()
+ a.extraports = {"open": 100}
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.extraports_changed)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.extraports_changed)
+ self.assertTrue(diff.cost > 0)
+ b.extraports = {"closed": 100}
+ diff = HostDiff(a, b)
+ self.assertTrue(diff.extraports_changed)
+ self.assertTrue(diff.cost > 0)
+ diff = HostDiff(b, a)
+ self.assertTrue(diff.extraports_changed)
+ self.assertTrue(diff.cost > 0)
+
+ def test_diff_is_effective(self):
+ """Test that a host diff is effective.
+ This means that if the recommended changes are applied to the first
+ host the hosts become the same."""
+ a = Host()
+ b = Host()
+
+ a.state = "up"
+ b.state = "down"
+
+ a.add_port(Port((10, "tcp"), "open"))
+ a.add_port(Port((20, "tcp"), "closed"))
+ a.add_port(Port((40, "udp"), "open|filtered"))
+ b.add_port(Port((10, "tcp"), "open"))
+ b.add_port(Port((30, "tcp"), "open"))
+ a.add_port(Port((40, "udp"), "open"))
+
+ a.add_hostname("a")
+ a.add_hostname("localhost")
+ b.add_hostname("b")
+ b.add_hostname("localhost")
+ b.add_hostname("b.example.com")
+
+ b.add_address(Address.new("ipv4", "1.2.3.4"))
+
+ a.os = ["os-1", "os-2"]
+ b.os = ["os-2", "os-3"]
+
+ a.extraports = {"filtered": 99}
+
+ diff = HostDiff(a, b)
+ host_apply_diff(a, diff)
+ diff = HostDiff(a, b)
+
+ self.assertFalse(diff.id_changed)
+ self.assertFalse(diff.state_changed)
+ self.assertFalse(diff.os_changed)
+ self.assertFalse(diff.extraports_changed)
+ self.assertEqual(diff.cost, 0)
+
+
+class port_diff_test(unittest.TestCase):
+ """Test the PortDiff class."""
+ def test_equal(self):
+ spec = (10, "tcp")
+ a = Port(spec)
+ b = Port(spec)
+ diff = PortDiff(a, b)
+ self.assertEqual(diff.cost, 0)
+
+ def test_self(self):
+ p = Port((10, "tcp"))
+ diff = PortDiff(p, p)
+ self.assertEqual(diff.cost, 0)
+
+ def test_state_change(self):
+ spec = (10, "tcp")
+ a = Port(spec)
+ a.state = "open"
+ b = Port(spec)
+ b.state = "closed"
+ diff = PortDiff(a, b)
+ self.assertTrue(diff.cost > 0)
+ self.assertEqual(PortDiff(a, diff.port_a).cost, 0)
+ self.assertEqual(PortDiff(b, diff.port_b).cost, 0)
+
+ def test_id_change(self):
+ a = Port((10, "tcp"))
+ a.state = "open"
+ b = Port((20, "tcp"))
+ b.state = "open"
+ diff = PortDiff(a, b)
+ self.assertTrue(diff.cost > 0)
+ self.assertEqual(PortDiff(a, diff.port_a).cost, 0)
+ self.assertEqual(PortDiff(b, diff.port_b).cost, 0)
+
+
+class table_test(unittest.TestCase):
+ """Test the table class."""
+ def test_empty(self):
+ t = Table("")
+ self.assertEqual(str(t), "")
+ t = Table("***")
+ self.assertEqual(str(t), "")
+ t = Table("* * *")
+ self.assertEqual(str(t), "")
+
+ def test_none(self):
+ """Test that None is treated like an empty string when it is not at the
+ end of a row."""
+ t = Table("* * *")
+ t.append((None, "a", "b"))
+ self.assertEqual(str(t), " a b")
+ t = Table("* * *")
+ t.append(("a", None, "b"))
+ self.assertEqual(str(t), "a b")
+ t = Table("* * *")
+ t.append((None, None, "a"))
+ self.assertEqual(str(t), " a")
+
+ def test_prefix(self):
+ t = Table("<<<")
+ t.append(("a", "b", "c"))
+ self.assertEqual(str(t), "<<<abc")
+
+ def test_padding(self):
+ t = Table("<<<*>>>*!!!")
+ t.append(())
+ self.assertEqual(str(t), "<<<")
+ t = Table("<<<*>>>*!!!")
+ t.append(("a"))
+ self.assertEqual(str(t), "<<<a>>>")
+ t = Table("<<<*>>>*!!!")
+ t.append(("a", "b", "c", "d"))
+ self.assertEqual(str(t), "<<<a>>>b!!!cd")
+
+ def test_append_raw(self):
+ """Test the append_raw method that inserts an unformatted row."""
+ t = Table("<* * *>")
+ t.append(("1", "2", "3"))
+ t.append_raw(" row ")
+ self.assertEqual(str(t), "<1 2 3>\n row ")
+ t.append(("4", "5", "6"))
+ self.assertEqual(str(t), "<1 2 3>\n row \n<4 5 6>")
+
+ def test_strip(self):
+ """Test that trailing whitespace is stripped."""
+ t = Table("* * * ")
+ t.append(("a", "b", None))
+ self.assertEqual(str(t), "a b")
+ t = Table("* * *")
+ t.append(("a", None, None))
+ self.assertEqual(str(t), "a")
+ t = Table("* * *")
+ t.append(("a", "b", ""))
+ self.assertEqual(str(t), "a b")
+ t = Table("* * *")
+ t.append(("a", "", ""))
+ self.assertEqual(str(t), "a")
+
+ def test_newline(self):
+ """Test that there is no trailing newline in a table."""
+ t = Table("*")
+ self.assertFalse(str(t).endswith("\n"))
+ t.append(("a"))
+ self.assertFalse(str(t).endswith("\n"))
+ t.append(("b"))
+ self.assertFalse(str(t).endswith("\n"))
+
+
+class scan_diff_xml_test(unittest.TestCase):
+ def setUp(self):
+ a = Scan()
+ a.load_from_file("test-scans/empty.xml")
+ b = Scan()
+ b.load_from_file("test-scans/simple.xml")
+ f = io.StringIO()
+ self.scan_diff = ScanDiffXML(a, b, f)
+ self.scan_diff.output()
+ self.xml = f.getvalue()
+ f.close()
+
+ def test_well_formed(self):
+ try:
+ document = xml.dom.minidom.parseString(self.xml)
+ except Exception as e:
+ self.fail("Parsing XML diff output caused the exception: %s"
+ % str(e))
+
+
+def scan_apply_diff(scan, diff):
+ """Apply a scan diff to the given scan."""
+ for h_diff in diff.host_diffs:
+ host = h_diff.host_a or h_diff.host_b
+ if host not in scan.hosts:
+ scan.hosts.append(host)
+ host_apply_diff(host, h_diff)
+
+
+def host_apply_diff(host, diff):
+ """Apply a host diff to the given host."""
+ if diff.state_changed:
+ host.state = diff.host_b.state
+
+ if diff.id_changed:
+ host.addresses = diff.host_b.addresses[:]
+ host.hostnames = diff.host_b.hostnames[:]
+
+ if diff.os_changed:
+ host.os = diff.host_b.os[:]
+
+ if diff.extraports_changed:
+ for state in list(host.extraports.keys()):
+ for port in list(host.ports.values()):
+ if port.state == state:
+ del host.ports[port.spec]
+ host.extraports = diff.host_b.extraports.copy()
+
+ for port in diff.ports:
+ port_b = diff.port_diffs[port].port_b
+ if port_b.state is None:
+ del host.ports[port.spec]
+ else:
+ host.ports[port.spec] = diff.port_diffs[port].port_b
+
+ for sr_diff in diff.script_result_diffs:
+ sr_a = sr_diff.sr_a
+ sr_b = sr_diff.sr_b
+ if sr_a is None:
+ host.script_results.append(sr_b)
+ elif sr_b is None:
+ host.script_results.remove(sr_a)
+ else:
+ host.script_results[host.script_results.index(sr_a)] = sr_b
+ host.script_results.sort()
+
+
+def call_quiet(args, **kwargs):
+ """Run a command with subprocess.call and hide its output."""
+ return subprocess.call(args, stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT, env={'PYTHONPATH': "."}, **kwargs)
+
+
+class exit_code_test(unittest.TestCase):
+ NDIFF = "./scripts/ndiff"
+
+ def test_exit_equal(self):
+ """Test that the exit code is 0 when the diff is empty."""
+ for format in ("--text", "--xml"):
+ code = call_quiet([self.NDIFF, format,
+ "test-scans/simple.xml", "test-scans/simple.xml"])
+ self.assertEqual(code, 0)
+ # Should be independent of verbosity.
+ for format in ("--text", "--xml"):
+ code = call_quiet([self.NDIFF, "-v", format,
+ "test-scans/simple.xml", "test-scans/simple.xml"])
+ self.assertEqual(code, 0)
+
+ def test_exit_different(self):
+ """Test that the exit code is 1 when the diff is not empty."""
+ for format in ("--text", "--xml"):
+ code = call_quiet([self.NDIFF, format,
+ "test-scans/simple.xml", "test-scans/complex.xml"])
+ self.assertEqual(code, 1)
+
+ def test_exit_error(self):
+ """Test that the exit code is 2 when there is an error."""
+ code = call_quiet([self.NDIFF])
+ self.assertEqual(code, 2)
+ code = call_quiet([self.NDIFF, "test-scans/simple.xml"])
+ self.assertEqual(code, 2)
+ code = call_quiet([self.NDIFF, "test-scans/simple.xml",
+ "test-scans/nonexistent.xml"])
+ self.assertEqual(code, 2)
+ code = call_quiet([self.NDIFF, "--nothing"])
+ self.assertEqual(code, 2)
+
+unittest.main()
diff --git a/ndiff/scripts/ndiff b/ndiff/scripts/ndiff
new file mode 100755
index 0000000..b80e99b
--- /dev/null
+++ b/ndiff/scripts/ndiff
@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+
+# Ndiff
+#
+# This programs reads two Nmap XML files and displays a list of their
+# differences.
+#
+# Copyright 2021 Nmap Software LLC
+# Ndiff is distributed under the same license as Nmap. See the file
+# LICENSE in the Nmap source distribution or
+# https://nmap.org/book/man-legal.html for more details.
+#
+# Original author was David Fifield based on a design by Michael Pattrick
+
+import sys
+
+# Check if the given directory, and all its parent directories, are owned and
+# writable only by our euid or by root. If symlinks are present, they are
+# recursively checked, up to a limit of SYMLINK_LIMIT.
+# https://www.securecoding.cert.org/confluence/display/seccode/FIO15-C.+Ensure+that+file+operations+are+performed+in+a+secure+directory
+# We use this code for Zenmap too
+SYMLINK_LIMIT = 5
+def is_secure_dir(path, num_symlinks=0):
+ import os
+ import os.path
+ import stat
+
+ if not os.path.isabs(path):
+ return False
+
+ if num_symlinks >= SYMLINK_LIMIT:
+ return False
+
+ dirs = []
+ while True:
+ dirs.append(path)
+ dirname = os.path.dirname(path)
+ if dirname == path:
+ break
+ path = dirname
+ # Traverse root-to-leaf.
+ dirs.reverse()
+
+ for dir in dirs:
+ if os.path.islink(dir):
+ link = os.readlink(dir)
+ if not is_secure_dir(link, num_symlinks + 1):
+ return False
+ continue
+ if not os.path.isdir(dir):
+ return False
+ buf = os.stat(dir)
+ if buf.st_uid != os.geteuid() and buf.st_uid != 0:
+ return False
+ if buf.st_mode & (stat.S_IWGRP | stat.S_IWOTH) != 0:
+ return False
+
+ return True
+
+# Add the install_lib directory to sys.path, the list of directories searched
+# for modules, but don't do it if the directory or its parents may be writable
+# by other users. The following line is replaced by the installation program.
+INSTALL_LIB = None
+if INSTALL_LIB is not None and is_secure_dir(INSTALL_LIB):
+ sys.path.append(INSTALL_LIB) # lgtm[py/unreachable-statement]
+
+try:
+ import ndiff
+except ImportError as e:
+ print("""\
+Could not import the ndiff module: %s.
+I checked in these directories:""" % repr(e), file=sys.stderr)
+ for dir in sys.path:
+ print(" %s" % dir, file=sys.stderr)
+ print("""\
+If you installed Ndiff in another directory, you may have to add the
+modules directory to the PYTHONPATH environment variable.""", file=sys.stderr)
+ sys.exit(1)
+
+import ndiff
+
+if __name__ == "__main__":
+ sys.excepthook = ndiff.excepthook
+ sys.exit(ndiff.main())
diff --git a/ndiff/setup.py b/ndiff/setup.py
new file mode 100644
index 0000000..af2b612
--- /dev/null
+++ b/ndiff/setup.py
@@ -0,0 +1,314 @@
+#!/usr/bin/env python
+
+import errno
+import sys
+import os
+import os.path
+import re
+
+from stat import ST_MODE
+
+import distutils.command
+import distutils.command.install
+import distutils.core
+import distutils.cmd
+import distutils.errors
+from distutils import log
+from distutils.command.install import install
+
+APP_NAME = "ndiff"
+# The name of the file used to record the list of installed files, so that the
+# uninstall command can remove them.
+INSTALLED_FILES_NAME = "INSTALLED_FILES"
+
+
+# path_startswith and path_strip_prefix are used to deal with the installation
+# root (--root option, also known as DESTDIR).
+def path_startswith(path, prefix):
+ """Returns True if path starts with prefix. It's a little more intelligent
+ than str.startswith because it normalizes the paths to remove multiple
+ directory separators and down-up traversals."""
+ path = os.path.normpath(path)
+ prefix = os.path.normpath(prefix)
+ return path.startswith(prefix)
+
+
+def path_strip_prefix(path, prefix):
+ """Return path stripped of its directory prefix if it starts with prefix,
+ otherwise return path unmodified. This only works correctly with Unix
+ paths; for example it will not replace the drive letter on a Windows path.
+ Examples:
+ >>> path_strip_prefix('/tmp/destdir/usr/bin', '/tmp/destdir')
+ '/usr/bin'
+ >>> path_strip_prefix('/tmp/../tmp/destdir/usr/bin', '/tmp///destdir')
+ '/usr/bin'
+ >>> path_strip_prefix('/etc', '/tmp/destdir')
+ '/etc'
+ >>> path_strip_prefix('/etc', '/')
+ '/etc'
+ >>> path_strip_prefix('/etc', '')
+ '/etc'
+ """
+ absolute = os.path.isabs(path)
+ path = os.path.normpath(path)
+ prefix = os.path.normpath(prefix)
+ if path.startswith(prefix) and prefix != os.sep:
+ path = path[len(prefix):]
+ # Absolute paths must remain absolute and relative paths must remain
+ # relative.
+ assert os.path.isabs(path) == absolute
+ return path
+
+
+###############################################################################
+# Distutils subclasses
+
+class null_command(distutils.cmd.Command):
+ """This is a dummy distutils command that does nothing. We use it to
+ replace the install_egg_info and avoid installing a .egg-info file, because
+ there's no option to disable that."""
+ def initialize_options(self):
+ pass
+
+ def finalize_options(self):
+ pass
+
+ def get_outputs(self):
+ return ()
+
+ def run(self):
+ pass
+
+
+class checked_install(distutils.command.install.install):
+ """This is a wrapper around the install command that checks for an error
+ caused by not having the python-dev package installed. By default,
+ distutils gives a misleading error message: "invalid Python installation."
+ """
+
+ def finalize_options(self):
+ # Ubuntu's python2.6-2.6.4-0ubuntu3 package changes sys.prefix in
+ # install.finalize_options when sys.prefix is "/usr/local" (our
+ # default). Because we need the unchanged value later, remember it
+ # here.
+ self.saved_prefix = sys.prefix
+ try:
+ distutils.command.install.install.finalize_options(self)
+ except distutils.errors.DistutilsPlatformError as e:
+ raise distutils.errors.DistutilsPlatformError(str(e) + """
+Installing your distribution's python-dev package may solve this problem.""")
+
+ def set_modules_path(self):
+ app_file_name = os.path.join(self.install_scripts, APP_NAME)
+ # Find where the modules are installed. distutils will put them in
+ # self.install_lib, but that path can contain the root (DESTDIR), so we
+ # must strip it off if necessary.
+ modules_dir = self.install_lib
+ if self.root is not None:
+ modules_dir = path_strip_prefix(modules_dir, self.root)
+
+ app_file = open(app_file_name, "r")
+ lines = app_file.readlines()
+ app_file.close()
+
+ for i in range(len(lines)):
+ if re.match(r'^INSTALL_LIB =', lines[i]):
+ lines[i] = "INSTALL_LIB = %s\n" % repr(modules_dir)
+ break
+ else:
+ raise ValueError(
+ "INSTALL_LIB replacement not found in %s" % app_file_name)
+
+ app_file = open(app_file_name, "w")
+ app_file.writelines(lines)
+ app_file.close()
+
+ def run(self):
+ install.run(self)
+
+# These below are from Zenmap. We're only using set_modules_path right now, but
+# we might consider whether the others would be useful (or, if not, whether we
+# should remove them from Zenmap).
+# self.set_perms()
+ self.set_modules_path()
+# self.fix_paths()
+ self.create_uninstaller()
+ self.write_installed_files()
+
+ def get_installed_files(self):
+ """Return a list of installed files and directories, each prefixed with
+ the installation root if given. The list of installed directories
+ doesn't come from distutils so it may be incomplete."""
+ installed_files = self.get_outputs()
+ for package in self.distribution.py_modules:
+ dir = package.replace(".", "/")
+ installed_files.append(os.path.join(self.install_lib, dir))
+ installed_files.append(
+ os.path.join(self.install_scripts, "uninstall_" + APP_NAME))
+ return installed_files
+
+ def create_uninstaller(self):
+ uninstaller_filename = os.path.join(
+ self.install_scripts, "uninstall_" + APP_NAME)
+
+ uninstaller = """\
+#!/usr/bin/env python
+import errno, os, os.path, sys
+
+print('Uninstall %(name)s')
+
+answer = raw_input('Are you sure that you want to uninstall '
+ '%(name)s (yes/no) ')
+
+if answer != 'yes' and answer != 'y':
+ print('Not uninstalling.')
+ sys.exit(0)
+
+""" % {'name': APP_NAME}
+
+ installed_files = []
+ for output in self.get_installed_files():
+ if self.root is not None:
+ # If we have a root (DESTDIR), we need to strip it off the
+ # front of paths so the uninstaller runs on the target host.
+ # The path manipulations are tricky, but made easier because
+ # the uninstaller only has to run on Unix.
+ if not path_startswith(output, self.root):
+ # This should never happen (everything gets installed
+ # inside the root), but if it does, be safe and don't
+ # delete anything.
+ uninstaller += ("print('%s was not installed inside "
+ "the root %s; skipping.')\n" % (output, self.root))
+ continue
+ output = path_strip_prefix(output, self.root)
+ assert os.path.isabs(output)
+ installed_files.append(output)
+
+ uninstaller += """\
+INSTALLED_FILES = (
+"""
+ for file in installed_files:
+ uninstaller += " %s,\n" % repr(file)
+ uninstaller += """\
+)
+
+# Split the list into lists of files and directories.
+files = []
+dirs = []
+for path in INSTALLED_FILES:
+ if os.path.isfile(path) or os.path.islink(path):
+ files.append(path)
+ elif os.path.isdir(path):
+ dirs.append(path)
+# Delete the files.
+for file in files:
+ print("Removing '%s'." % file)
+ try:
+ os.remove(file)
+ except OSError, e:
+ print(' Error: %s.' % str(e), file=sys.stderr)
+# Delete the directories. First reverse-sort the normalized paths by
+# length so that child directories are deleted before their parents.
+dirs = [os.path.normpath(dir) for dir in dirs]
+dirs.sort(key = len, reverse = True)
+for dir in dirs:
+ try:
+ print("Removing the directory '%s'." % dir)
+ os.rmdir(dir)
+ except OSError, e:
+ if e.errno == errno.ENOTEMPTY:
+ print("Directory '%s' not empty; not removing." % dir)
+ else:
+ print(str(e), file=sys.stderr)
+"""
+
+ uninstaller_file = open(uninstaller_filename, 'w')
+ uninstaller_file.write(uninstaller)
+ uninstaller_file.close()
+
+ # Set exec bit for uninstaller
+ mode = ((os.stat(uninstaller_filename)[ST_MODE]) | 0o555) & 0o7777
+ os.chmod(uninstaller_filename, mode)
+
+ def write_installed_files(self):
+ """Write a list of installed files for use by the uninstall command.
+ This is similar to what happens with the --record option except that it
+ doesn't strip off the installation root, if any. File names containing
+ newline characters are not handled."""
+ if INSTALLED_FILES_NAME == self.record:
+ distutils.log.warn("warning: installation record is overwriting "
+ "--record file '%s'." % self.record)
+ with open(INSTALLED_FILES_NAME, "w") as f:
+ for output in self.get_installed_files():
+ assert "\n" not in output
+ print(output, file=f)
+
+
+class my_uninstall(distutils.cmd.Command):
+ """A distutils command that performs uninstallation. It reads the list of
+ installed files written by the install command."""
+
+ command_name = "uninstall"
+ description = "uninstall installed files recorded in '%s'" % (
+ INSTALLED_FILES_NAME)
+ user_options = []
+
+ def initialize_options(self):
+ pass
+
+ def finalize_options(self):
+ pass
+
+ def run(self):
+ # Read the list of installed files.
+ try:
+ f = open(INSTALLED_FILES_NAME, "r")
+ except IOError as e:
+ if e.errno == errno.ENOENT:
+ log.error("Couldn't open the installation record '%s'. "
+ "Have you installed yet?" % INSTALLED_FILES_NAME)
+ return
+ installed_files = [file.rstrip("\n") for file in f.readlines()]
+ f.close()
+ # Delete the installation record too.
+ installed_files.append(INSTALLED_FILES_NAME)
+ # Split the list into lists of files and directories.
+ files = []
+ dirs = []
+ for path in installed_files:
+ if os.path.isfile(path) or os.path.islink(path):
+ files.append(path)
+ elif os.path.isdir(path):
+ dirs.append(path)
+ # Delete the files.
+ for file in files:
+ log.info("Removing '%s'." % file)
+ try:
+ if not self.dry_run:
+ os.remove(file)
+ except OSError as e:
+ log.error(str(e))
+ # Delete the directories. First reverse-sort the normalized paths by
+ # length so that child directories are deleted before their parents.
+ dirs = [os.path.normpath(dir) for dir in dirs]
+ dirs.sort(key=len, reverse=True)
+ for dir in dirs:
+ try:
+ log.info("Removing the directory '%s'." % dir)
+ if not self.dry_run:
+ os.rmdir(dir)
+ except OSError as e:
+ if e.errno == errno.ENOTEMPTY:
+ log.info("Directory '%s' not empty; not removing." % dir)
+ else:
+ log.error(str(e))
+
+
+distutils.core.setup(name="ndiff", scripts=["scripts/ndiff"],
+ py_modules=["ndiff"],
+ data_files=[("share/man/man1", ["docs/ndiff.1"])],
+ cmdclass={
+ "install_egg_info": null_command,
+ "install": checked_install,
+ "uninstall": my_uninstall
+ })
diff --git a/ndiff/test-scans/anonymize.py b/ndiff/test-scans/anonymize.py
new file mode 100755
index 0000000..7b35237
--- /dev/null
+++ b/ndiff/test-scans/anonymize.py
@@ -0,0 +1,122 @@
+#!/usr/bin/env python3
+
+# Anonymize an Nmap XML file, replacing host name and IP addresses with random
+# anonymous ones. Anonymized names will be consistent between runs of the
+# program. Any servicefp attributes are removed. Give a file name as an
+# argument. The anonymized file is written to stdout.
+#
+# The anonymization is not rigorous. This program just matches regular
+# expressions against things that look like address and host names. It is
+# possible that it will leave some identifying information.
+
+import hashlib
+import random
+import re
+import sys
+
+VERBOSE = True
+
+r = random.Random()
+
+
+def hash(s):
+ digest = hashlib.sha512(s.encode()).hexdigest()
+ return int(digest, 16)
+
+
+def anonymize_mac_address(addr):
+ r.seed(hash(addr))
+ nums = (0, 0, 0) + tuple(r.randrange(256) for i in range(3))
+ return ":".join("%02X" % x for x in nums)
+
+
+def anonymize_ipv4_address(addr):
+ r.seed(hash(addr))
+ nums = (10,) + tuple(r.randrange(256) for i in range(3))
+ return ".".join(str(x) for x in nums)
+
+
+def anonymize_ipv6_address(addr):
+ r.seed(hash(addr))
+ # RFC 4193.
+ nums = (0xFD00 + r.randrange(256),)
+ nums = nums + tuple(r.randrange(65536) for i in range(7))
+ return ":".join("%04X" % x for x in nums)
+
+# Maps to memoize address and host name conversions.
+hostname_map = {}
+address_map = {}
+
+
+def anonymize_hostname(name):
+ if name in hostname_map:
+ return hostname_map[name]
+ LETTERS = "acbdefghijklmnopqrstuvwxyz"
+ r.seed(hash(name))
+ length = r.randrange(5, 10)
+ prefix = "".join(r.sample(LETTERS, length))
+ num = r.randrange(1000)
+ hostname_map[name] = "%s-%d.example.com" % (prefix, num)
+ if VERBOSE:
+ print("Replace %s with %s" % (name, hostname_map[name]), file=sys.stderr)
+ return hostname_map[name]
+
+mac_re = re.compile(r'\b([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}\b')
+ipv4_re = re.compile(r'\b([0-9]{1,3}\.){3}[0-9]{1,3}\b')
+ipv6_re = re.compile(r'\b([0-9a-fA-F]{1,4}::?){3,}[0-9a-fA-F]{1,4}\b')
+
+
+def anonymize_address(addr):
+ if addr in address_map:
+ return address_map[addr]
+ if mac_re.match(addr):
+ address_map[addr] = anonymize_mac_address(addr)
+ elif ipv4_re.match(addr):
+ address_map[addr] = anonymize_ipv4_address(addr)
+ elif ipv6_re.match(addr):
+ address_map[addr] = anonymize_ipv6_address(addr)
+ else:
+ assert False
+ if VERBOSE:
+ print("Replace %s with %s" % (addr, address_map[addr]), file=sys.stderr)
+ return address_map[addr]
+
+
+def repl_addr(match):
+ addr = match.group(0)
+ anon_addr = anonymize_address(addr)
+ return anon_addr
+
+
+def repl_hostname_name(match):
+ name = match.group(1)
+ anon_name = anonymize_hostname(name)
+ return r'<hostname name="%s"' % anon_name
+
+
+def repl_hostname(match):
+ name = match.group(1)
+ anon_name = anonymize_hostname(name)
+ return r'hostname="%s"' % anon_name
+
+
+def anonymize_file(f):
+ for line in f:
+ line = re.sub(mac_re, repl_addr, line)
+ line = re.sub(ipv4_re, repl_addr, line)
+ line = re.sub(ipv6_re, repl_addr, line)
+ line = re.sub(r'<hostname name="([^"]*)"', repl_hostname_name, line)
+ line = re.sub(r'\bhostname="([^"]*)"', repl_hostname, line)
+ line = re.sub(r' *\bservicefp="([^"]*)"', r'', line)
+ yield line
+
+
+def main():
+ filename = sys.argv[1]
+ f = open(filename, "r")
+ for line in anonymize_file(f):
+ sys.stdout.write(line)
+ f.close()
+
+if __name__ == "__main__":
+ main()
diff --git a/ndiff/test-scans/complex.xml b/ndiff/test-scans/complex.xml
new file mode 100644
index 0000000..c3e2d5b
--- /dev/null
+++ b/ndiff/test-scans/complex.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 4.90RC2 scan initiated Fri Jul 10 17:47:13 2009 as: nmap -oX complex.xml -sV -sC -O -&#45;script=default,whois -&#45;version-light -sS -sU -p T:1-100,U:1-100 scanme.nmap.org -->
+<nmaprun scanner="nmap" args="nmap -oX complex.xml -sV -sC -O -&#45;script=default,whois -&#45;version-light -sS -sU -p T:1-100,U:1-100 scanme.nmap.org" start="1247269633" startstr="Fri Jul 10 17:47:13 2009" version="4.90RC2" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="100" services="1-100" />
+<scaninfo type="udp" protocol="udp" numservices="100" services="1-100" />
+<verbose level="0" />
+<debugging level="0" />
+<host starttime="1247269633" endtime="1247269755"><status state="up" reason="echo-reply"/>
+<address addr="64.13.134.52" addrtype="ipv4" />
+<hostnames><hostname name="scanme.nmap.org" type="PTR" /></hostnames>
+<ports><extraports state="open|filtered" count="99">
+<extrareasons reason="no-responses" count="99"/>
+</extraports>
+<extraports state="filtered" count="95">
+<extrareasons reason="no-responses" count="95"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10" /><script id="ssh-hostkey" output="1024 03:5f:d3:9d:95:74:8a:d0:8d:70:17:9a:bf:93:84:13 (DSA)&#xa;2048 fa:af:76:4c:b0:f4:4b:83:a4:6e:70:9f:a1:ec:51:0c (RSA)" /></port>
+<port protocol="tcp" portid="25"><state state="closed" reason="reset" reason_ttl="52"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="domain" product="ISC BIND" version="9.3.4" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="70"><state state="closed" reason="reset" reason_ttl="52"/><service name="gopher" method="table" conf="3" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" product="Apache httpd" version="2.2.2" extrainfo="(Fedora)" method="probed" conf="10" /><script id="html-title" output="Go ahead and ScanMe!" /></port>
+<port protocol="udp" portid="53"><state state="open" reason="udp-response" reason_ttl="52"/><service name="domain" product="ISC BIND" version="9.3.4" method="probed" conf="10" /><script id="dns-recursion" output="Recursion appears to be enabled" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<portused state="closed" proto="tcp" portid="25" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osmatch name="Linux 2.6.9 - 2.6.24" accuracy="100" line="21905" />
+</os>
+<uptime seconds="687785" lastboot="Thu Jul 2 18:46:10 2009" />
+<tcpsequence index="202" difficulty="Good luck!" values="80732ED8,802E30DB,80447584,80D4B2B5,8042F52F,80222756" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="1000HZ" values="28FEACA9,28FEAD0D,28FEAD71,28FEADD7,28FEAE3C,28FEAEA1" />
+<hostscript><script id="whois" output="Record found at whois.arin.net&#xa;netrange: 64.13.134.0 - 64.13.134.63&#xa;netname: NET-64-13-143-0-26&#xa;orgname: Titan Networks&#xa;orgid: INSEC&#xa;country: US stateprov: CA " /></hostscript><times srtt="92144" rttvar="1856" to="100000" />
+</host>
+<runstats><finished time="1247269755" timestr="Fri Jul 10 17:49:15 2009" elapsed="122.97"/><hosts up="1" down="0" total="1" />
+<!-- Nmap done at Fri Jul 10 17:49:15 2009; 1 IP address (1 host up) scanned in 122.97 seconds -->
+</runstats></nmaprun>
diff --git a/ndiff/test-scans/down.xml b/ndiff/test-scans/down.xml
new file mode 100644
index 0000000..ef6c3dd
--- /dev/null
+++ b/ndiff/test-scans/down.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- This scan has a down host. -->
+<!-- Nmap 4.90RC2 scan initiated Fri Jul 10 17:21:37 2009 as: nmap -oX down.xml -p 1-100 -PS100 scanme.nmap.org -->
+<nmaprun scanner="nmap" args="nmap -oX down.xml -p 1-100 -PS100 scanme.nmap.org" start="1247268097" startstr="Fri Jul 10 17:21:37 2009" version="4.90RC2" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="100" services="1-100" />
+<verbose level="0" />
+<debugging level="0" />
+<runstats><finished time="1247268099" timestr="Fri Jul 10 17:21:39 2009" elapsed="2.33"/><hosts up="0" down="1" total="1" />
+<!-- Nmap done at Fri Jul 10 17:21:39 2009; 1 IP address (0 hosts up) scanned in 2.33 seconds -->
+</runstats></nmaprun>
diff --git a/ndiff/test-scans/empty.xml b/ndiff/test-scans/empty.xml
new file mode 100644
index 0000000..1a1bbfa
--- /dev/null
+++ b/ndiff/test-scans/empty.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 4.90RC2 scan initiated Fri Jul 10 17:22:08 2009 as: nmap -oX empty.xml -p 1-100 -->
+<nmaprun scanner="nmap" args="nmap -oX empty.xml -p 1-100" start="1247268128" startstr="Fri Jul 10 17:22:08 2009" version="4.90RC2" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="100" services="1-100" />
+<verbose level="0" />
+<debugging level="0" />
+<runstats><finished time="1247268128" timestr="Fri Jul 10 17:22:08 2009" elapsed="0.28"/><hosts up="0" down="0" total="0" />
+<!-- Nmap done at Fri Jul 10 17:22:08 2009; 0 IP addresses (0 hosts up) scanned in 0.28 seconds -->
+</runstats></nmaprun>
diff --git a/ndiff/test-scans/os.xml b/ndiff/test-scans/os.xml
new file mode 100644
index 0000000..7782746
--- /dev/null
+++ b/ndiff/test-scans/os.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 4.90RC2 scan initiated Fri Jul 10 17:23:03 2009 as: nmap -oX os.xml -p 22,113 -O scanme.nmap.org -->
+<nmaprun scanner="nmap" args="nmap -oX os.xml -p 22,113 -O scanme.nmap.org" start="1247268183" startstr="Fri Jul 10 17:23:03 2009" version="4.90RC2" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="2" services="22,113" />
+<verbose level="0" />
+<debugging level="0" />
+<host starttime="1247268183" endtime="1247268185"><status state="up" reason="echo-reply"/>
+<address addr="64.13.134.52" addrtype="ipv4" />
+<hostnames><hostname name="scanme.nmap.org" type="PTR" /></hostnames>
+<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ssh" method="table" conf="3" /></port>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="52"/><service name="auth" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<portused state="closed" proto="tcp" portid="113" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osmatch name="Linux 2.6.9 - 2.6.24" accuracy="100" line="21905" />
+</os>
+<uptime seconds="686216" lastboot="Thu Jul 2 18:46:10 2009" />
+<tcpsequence index="198" difficulty="Good luck!" values="1D7B0FEF,1CF2BCF2,1D04B03E,1D5AAAE7,1D1E45AD,1D4F7B7F" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="1000HZ" values="28E6CD6D,28E6CDD2,28E6CE37,28E6CE9C,28E6CF01,28E6CF66" />
+<times srtt="91197" rttvar="3569" to="105473" />
+</host>
+<runstats><finished time="1247268186" timestr="Fri Jul 10 17:23:06 2009" elapsed="3.56"/><hosts up="1" down="0" total="1" />
+<!-- Nmap done at Fri Jul 10 17:23:06 2009; 1 IP address (1 host up) scanned in 3.56 seconds -->
+</runstats></nmaprun>
diff --git a/ndiff/test-scans/random-1.xml b/ndiff/test-scans/random-1.xml
new file mode 100644
index 0000000..0c0f43e
--- /dev/null
+++ b/ndiff/test-scans/random-1.xml
@@ -0,0 +1,1638 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 4.85BETA4 scan initiated Tue Mar 24 17:34:11 2009 as: nmap -T4 -sV -O -PS -PE -iL ndiff-random-hosts -oA scan -->
+<nmaprun scanner="nmap" args="nmap -T4 -sV -O -PS -PE -iL ndiff-random-hosts -oA scan" start="1237937651" startstr="Tue Mar 24 17:34:11 2009" version="4.85BETA4" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3050,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389" />
+<verbose level="0" />
+<debugging level="0" />
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.119.131.50" addrtype="ipv4" />
+<hostnames><hostname name="humrpocy-19.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="router" vendor="Nortel" osfamily="embedded" accuracy="87" />
+<osclass type="switch" vendor="Nortel" osfamily="embedded" accuracy="86" />
+<osclass type="storage-misc" vendor="Sun" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="HP 4000M ProCurve switch (J4121A)" accuracy="87" line="10422"/>
+<osmatch name="Nortel 5530 Ethernet Routing Switch" accuracy="87" line="26064"/>
+<osmatch name="Nortel 5520 Ethernet Routing Switch" accuracy="86" line="26084"/>
+<osmatch name="Sun StorageTek 6140 NAS device" accuracy="86" line="29480"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<uptime seconds="106211" lastboot="Mon Mar 23 12:48:56 2009" />
+<tcpsequence index="155" difficulty="Good luck!" values="9FA2CB9F,9FA412FA,9FA56B99,9FA906FE,9FAA2C4F,9FAB4F53" />
+<ipidsequence class="Incremental" values="661F,6620,6621,6622,6623,6625" />
+<tcptssequence class="2HZ" values="33D30,33D30,33D30,33D31,33D31,33D31" />
+<times srtt="114170" rttvar="2238" to="123122" />
+</host>
+<host starttime="1237937651" endtime="1237940317"><status state="up" reason="syn-ack"/>
+<address addr="10.89.230.125" addrtype="ipv4" />
+<hostnames><hostname name="bthpafeg-852.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="968">
+<extrareasons reason="no-responses" count="967"/>
+<extrareasons reason="admin-prohibited" count="1"/>
+</extraports>
+<port protocol="tcp" portid="20"><state state="closed" reason="reset" reason_ttl="56"/><service name="ftp-data" method="table" conf="3" /></port>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="ftp" product="ProFTPD" version="1.2.8 - 1.2.9" ostype="Unix" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="ssh" product="OpenSSH" version="4.5" extrainfo="protocol 1.99" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="telnet" product="Linux telnetd" ostype="Linux" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="smtp" product="Sendmail" extrainfo="Not accepting mail" hostname="bthpafeg-852.example.com" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="domain" product="ISC BIND" version="4.X" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="110"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="pop3" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="56"/><service name="auth" method="table" conf="3" /></port>
+<port protocol="tcp" portid="143"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="imap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="https" tunnel="ssl" method="table" conf="3" /></port>
+<port protocol="tcp" portid="465"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="smtp" product="Sendmail" version="8.13.6" ostype="Unix" tunnel="ssl" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="587"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="smtp" product="Sendmail" extrainfo="Not accepting mail" hostname="bthpafeg-852.example.com" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="993"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="imaps" tunnel="ssl" method="table" conf="3" /></port>
+<port protocol="tcp" portid="995"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="pop3" tunnel="ssl" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="1755"><state state="closed" reason="reset" reason_ttl="56"/><service name="wms" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2401"><state state="closed" reason="reset" reason_ttl="56"/><service name="cvspserver" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="mysql" product="MySQL" extrainfo="unauthorized" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="3690"><state state="closed" reason="reset" reason_ttl="56"/><service name="svn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5000"><state state="closed" reason="reset" reason_ttl="56"/><service name="upnp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5432"><state state="closed" reason="reset" reason_ttl="56"/><service name="postgresql" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6789"><state state="closed" reason="reset" reason_ttl="56"/><service name="ibm-db2-admin" method="table" conf="3" /></port>
+<port protocol="tcp" portid="7070"><state state="closed" reason="reset" reason_ttl="56"/><service name="realserver" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8000"><state state="closed" reason="reset" reason_ttl="56"/><service name="http-alt" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8008"><state state="closed" reason="reset" reason_ttl="56"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8080"><state state="closed" reason="reset" reason_ttl="56"/><service name="http-proxy" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8081"><state state="closed" reason="reset" reason_ttl="56"/><service name="blackice-icecap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8082"><state state="closed" reason="reset" reason_ttl="56"/><service name="blackice-alerts" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="http" product="Apache SSL-only mode httpd" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="8888"><state state="closed" reason="reset" reason_ttl="56"/><service name="sun-answerbook" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9080"><state state="closed" reason="reset" reason_ttl="56"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9090"><state state="closed" reason="reset" reason_ttl="56"/><service name="zeus-admin" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="20" />
+<osclass type="storage-misc" vendor="Buffalo" osfamily="embedded" accuracy="94" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="94" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="90" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="90" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="90" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="90" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="90" />
+<osclass type="general purpose" vendor="Linksys" osfamily="Linux" osgen="2.4.X" accuracy="90" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90" />
+<osclass type="WAP" vendor="Acorp" osfamily="embedded" accuracy="89" />
+<osclass type="broadband router" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osclass type="specialized" vendor="Infoblox" osfamily="NIOS" osgen="4.X" accuracy="85" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="85" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="85" />
+<osclass type="storage-misc" vendor="Western Digital" osfamily="Linux" osgen="2.6.X" accuracy="85" />
+<osclass type="broadband router" vendor="Linksys" osfamily="embedded" accuracy="85" />
+<osmatch name="Buffalo TeraStation NAS device" accuracy="94" line="4242"/>
+<osmatch name="Linksys WAP54G WAP" accuracy="94" line="13835"/>
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="90" line="665"/>
+<osmatch name="AVM Fritz!Box FON WLAN 7170 WAP" accuracy="90" line="3100"/>
+<osmatch name="HP 4200 PSA (Print Server Appliance) model J4117A" accuracy="90" line="9486"/>
+<osmatch name="HP Brocade 4Gb SAN switch" accuracy="90" line="10490"/>
+<osmatch name="Linksys WRT300N wireless broadband router" accuracy="90" line="13907"/>
+<osmatch name="Linux 2.4.20" accuracy="90" line="14001"/>
+<osmatch name="Linux 2.6.20 (Ubuntu 7.04 server, x86)" accuracy="90" line="16603"/>
+<osmatch name="Linux 2.6.24 (Ubuntu 8.04, x86)" accuracy="90" line="18240"/>
+</os>
+<uptime seconds="14852728" lastboot="Fri Oct 3 20:33:39 2008" />
+<tcpsequence index="248" difficulty="Good luck!" values="19B5E581,25137B9E,468788B4,32642A97,2959E182,58EE55A" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="588759A7,588759B1,588759BB,588759C5,588759CF,588759D9" />
+<times srtt="181926" rttvar="1871" to="189410" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.142.171.151" addrtype="ipv4" />
+<hostnames><hostname name="dkepf-501.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="ftp" product="Alcatel Speedtouch aDSL router ftpd" devicetype="broadband router" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+</os>
+<uptime seconds="1349896" lastboot="Mon Mar 9 03:20:51 2009" />
+<tcpsequence index="263" difficulty="Good luck!" values="AF340117,11AE7031,7D8475F5,76A11099,9E88623E,90249C2" />
+<ipidsequence class="Incremental" values="E6C3,E6C4,E6C5,E6C6,E6C7,E6C8" />
+<tcptssequence class="2HZ" values="29317A,29317A,29317A,29317A,29317B,29317B" />
+<times srtt="205367" rttvar="2062" to="213615" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.11.94.39" addrtype="ipv4" />
+<hostnames><hostname name="qfjzctvd-326.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="995">
+<extrareasons reason="no-responses" count="995"/>
+</extraports>
+<port protocol="tcp" portid="20"><state state="closed" reason="reset" reason_ttl="54"/><service name="ftp-data" method="table" conf="3" /></port>
+<port protocol="tcp" portid="21"><state state="closed" reason="reset" reason_ttl="54"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="500"><state state="closed" reason="reset" reason_ttl="54"/><service name="isakmp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1723"><state state="closed" reason="reset" reason_ttl="54"/><service name="pptp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<portused state="closed" proto="tcp" portid="20" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="89" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="88" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="85" />
+<osmatch name="Linux 2.6.24 (Debian)" accuracy="89" line="18121"/>
+<osmatch name="Linux 2.6.8 (x86)" accuracy="89" line="18997"/>
+<osmatch name="Linux 2.6.15 - 2.6.26" accuracy="88" line="15361"/>
+<osmatch name="Linux 2.6.20 (Ubuntu 7.04 server, x86)" accuracy="88" line="16603"/>
+<osmatch name="Thomson Symbio VoIP phone" accuracy="88" line="30687"/>
+<osmatch name="Linux 2.6.25 (openSUSE 11.0)" accuracy="87" line="18343"/>
+<osmatch name="Linux 2.6.22 (Debian 4.0)" accuracy="87" line="17368"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+<osmatch name="Linux 2.6.22" accuracy="85" line="17334"/>
+<osmatch name="Netgear DG834PN RangeMax wireless broadband router" accuracy="85" line="25517"/>
+</os>
+<uptime seconds="2659738" lastboot="Sat Feb 21 22:30:09 2009" />
+<tcpsequence index="206" difficulty="Good luck!" values="2091CFBB,216359FA,20F344AB,20D0B1D7,20CDDE24,20CA0AE1" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="other" values="1FB4A5CD,1FB4A5E1,1FB4A5F5,1FB4A609,1FB4A61D,1FB4A631" />
+<times srtt="112949" rttvar="2691" to="123713" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="echo-reply"/>
+<address addr="10.148.10.18" addrtype="ipv4" />
+<hostnames><hostname name="bzneg-467.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="233783" rttvar="83472" to="567671" />
+</host>
+<host starttime="1237937651" endtime="1237940266"><status state="up" reason="reset"/>
+<address addr="10.39.181.220" addrtype="ipv4" />
+<hostnames><hostname name="kfrjacts-262.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="997">
+<extrareasons reason="resets" count="997"/>
+</extraports>
+<port protocol="tcp" portid="646"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2222"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="100" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="100" />
+<osmatch name="Cisco 2821 router" accuracy="100" line="5341" />
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="100" line="5637" />
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="100" line="5694" />
+</os>
+<times srtt="209655" rttvar="1342" to="215023" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="reset"/>
+<address addr="10.84.70.205" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="841">
+<extrareasons reason="resets" count="841"/>
+</extraports>
+<extraports state="filtered" count="159">
+<extrareasons reason="no-responses" count="159"/>
+</extraports>
+</ports>
+<os><portused state="closed" proto="tcp" portid="80" />
+<portused state="closed" proto="udp" portid="44541" />
+<osclass type="firewall" vendor="IronPort" osfamily="AsyncOS" osgen="6.X" accuracy="97" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="96" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="96" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="96" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="96" />
+<osclass type="storage-misc" vendor="Isilon" osfamily="OneFS" accuracy="96" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="96" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="96" />
+<osclass type="VoIP gateway" vendor="Netcomm" osfamily="embedded" accuracy="96" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="96" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="4.X" accuracy="94" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="94" />
+<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="92" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="5.X" accuracy="91" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="91" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" accuracy="91" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="91" />
+<osclass type="storage-misc" vendor="Panasas" osfamily="embedded" accuracy="91" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="90" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="2.X" accuracy="90" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.3.X" accuracy="90" />
+<osclass type="firewall" vendor="Barracuda Networks" osfamily="embedded" accuracy="90" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="90" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="90" />
+<osclass type="broadband router" vendor="Motorola" osfamily="embedded" accuracy="90" />
+<osmatch name="IronPort C150 email security appliance (AsyncOS 6.5.3)" accuracy="97" line="12650"/>
+<osmatch name="Apple iPod touch audio player (iPhone OS 1.1.2 - 1.1.4, Darwin 9.0.0d1)" accuracy="96" line="1630"/>
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="96" line="2173"/>
+<osmatch name="Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86)" accuracy="96" line="2432"/>
+<osmatch name="Apple Mac OS X 10.5.5 (Leopard) (Darwin 9.5.0)" accuracy="96" line="2607"/>
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="96" line="3561"/>
+<osmatch name="Isilon IQ 200 NAS device" accuracy="96" line="12667"/>
+<osmatch name="m0n0wall FreeBSD-based embedded firewall version 1.22 - 1.23b1" accuracy="96" line="19677"/>
+<osmatch name="Netcomm V300 VoIP gateway" accuracy="96" line="25294"/>
+<osmatch name="Netgear WGR614v7 wireless broadband router" accuracy="96" line="25534"/>
+</os>
+<distance value="17" />
+<times srtt="213824" rttvar="1693" to="220596" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="echo-reply"/>
+<address addr="10.215.40.171" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="110"/><service name="auth" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="113" />
+<osclass type="general purpose" vendor="IBM" osfamily="AIX" osgen="5.X" accuracy="98" />
+<osclass type="broadband router" vendor="Motorola" osfamily="VxWorks" osgen="5.X" accuracy="98" />
+<osclass type="VoIP gateway" vendor="Netcomm" osfamily="embedded" accuracy="98" />
+<osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="98" />
+<osclass type="WAP" vendor="Symbol" osfamily="embedded" accuracy="98" />
+<osclass type="broadband router" vendor="Efficient Networks" osfamily="embedded" accuracy="98" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="96" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="96" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="96" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="96" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="96" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="96" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="96" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="96" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="96" />
+<osclass type="broadband router" vendor="Motorola" osfamily="embedded" accuracy="96" />
+<osclass type="broadband router" vendor="Neuf" osfamily="embedded" accuracy="96" />
+<osclass type="VoIP phone" vendor="Polycom" osfamily="embedded" accuracy="96" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="embedded" accuracy="96" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="SonicOS" osgen="2.X" accuracy="96" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="96" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="96" />
+<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="96" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="4.X" accuracy="94" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="94" />
+<osclass type="firewall" vendor="IronPort" osfamily="AsyncOS" osgen="6.X" accuracy="94" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="94" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" accuracy="94" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="94" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="94" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="2.X" accuracy="93" />
+<osclass type="general purpose" vendor="NetBSD" osfamily="NetBSD" osgen="4.X" accuracy="93" />
+<osclass type="WAP" vendor="Planet" osfamily="embedded" accuracy="93" />
+<osclass type="webcam" vendor="Sony" osfamily="embedded" accuracy="93" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="93" />
+<osmatch name="IBM AIX 5.3" accuracy="98" line="11699"/>
+<osmatch name="Motorola SURFboard SB3100 cable modem (VxWorks 5.3)" accuracy="98" line="24924"/>
+<osmatch name="Netcomm V300 VoIP gateway" accuracy="98" line="25294"/>
+<osmatch name="Nokia IP650 firewall (IPSO 4.0 and CheckPoint Firewall-1/VPN-1 software)" accuracy="98" line="25901"/>
+<osmatch name="Symbol WS5000 wireless switch" accuracy="98" line="30331"/>
+<osmatch name="Efficient Networks 5930 ADSL router" accuracy="98" line="7399"/>
+<osmatch name="HP OpenVMS 7.3-1" accuracy="96" line="11189"/>
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="96" line="2173"/>
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="96" line="3561"/>
+<osmatch name="HP Brocade 1600 switch" accuracy="96" line="10473"/>
+</os>
+<times srtt="538204" rttvar="17740" to="609164" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.38.206.163" addrtype="ipv4" />
+<hostnames><hostname name="zhftxagwp-827.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="router" vendor="Nortel" osfamily="embedded" accuracy="87" />
+<osclass type="switch" vendor="Nortel" osfamily="embedded" accuracy="86" />
+<osclass type="storage-misc" vendor="Sun" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="HP 4000M ProCurve switch (J4121A)" accuracy="87" line="10422"/>
+<osmatch name="Nortel 5530 Ethernet Routing Switch" accuracy="87" line="26064"/>
+<osmatch name="Nortel 5520 Ethernet Routing Switch" accuracy="86" line="26084"/>
+<osmatch name="Sun StorageTek 6140 NAS device" accuracy="86" line="29480"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<uptime seconds="3522803" lastboot="Wed Feb 11 22:45:44 2009" />
+<tcpsequence index="154" difficulty="Good luck!" values="5227FB2B,522B38CC,522C580E,522D609D,522E91C9,522FA169" />
+<ipidsequence class="Incremental" values="3C37,3C38,3C39,3C3A,3C3B,3C3C" />
+<tcptssequence class="2HZ" values="6B8151,6B8152,6B8152,6B8152,6B8152,6B8152" />
+<times srtt="127255" rttvar="3263" to="140307" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.159.62.117" addrtype="ipv4" />
+<hostnames><hostname name="crtkxbefa-121.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="router" vendor="Nortel" osfamily="embedded" accuracy="87" />
+<osclass type="switch" vendor="Nortel" osfamily="embedded" accuracy="86" />
+<osclass type="storage-misc" vendor="Sun" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="HP 4000M ProCurve switch (J4121A)" accuracy="87" line="10422"/>
+<osmatch name="Nortel 5530 Ethernet Routing Switch" accuracy="87" line="26064"/>
+<osmatch name="Nortel 5520 Ethernet Routing Switch" accuracy="86" line="26084"/>
+<osmatch name="Sun StorageTek 6140 NAS device" accuracy="86" line="29480"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<uptime seconds="373102" lastboot="Fri Mar 20 10:40:45 2009" />
+<tcpsequence index="155" difficulty="Good luck!" values="9026478D,9029BECE,902AD819,902C28A9,902D2F89,902EA427" />
+<ipidsequence class="Incremental" values="BC31,BC32,BC33,BC34,BC35,BC36" />
+<tcptssequence class="2HZ" values="B6246,B6247,B6247,B6247,B6247,B6247" />
+<times srtt="113544" rttvar="3560" to="127784" />
+</host>
+<host starttime="1237937651" endtime="1237940347"><status state="up" reason="reset"/>
+<address addr="10.252.183.253" addrtype="ipv4" />
+<hostnames><hostname name="wpntxv-442.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="993">
+<extrareasons reason="resets" count="993"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1110"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3260"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="iscsi" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3261"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="iscsi" product="StarWind iSCSI" version="3.2.3 build 20070527" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="19780"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="50300"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="1110" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="33645" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="90" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="86" />
+<osmatch name="Microsoft Windows XP SP2" accuracy="90" line="23991"/>
+<osmatch name="Microsoft Windows XP SP3" accuracy="87" line="24340"/>
+<osmatch name="Microsoft Windows Server 2003 SP0 or Windows XP SP2" accuracy="86" line="20773"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (French)" accuracy="86" line="22909"/>
+<osmatch name="Microsoft Windows Server 2003 SP1 or SP2" accuracy="85" line="21130"/>
+<osmatch name="Microsoft Windows Server 2003 SP2" accuracy="85" line="21181"/>
+<osmatch name="Microsoft Windows Server 2003 SP1" accuracy="85" line="20833"/>
+</os>
+<distance value="20" />
+<tcpsequence index="256" difficulty="Good luck!" values="27194379,F3D2E9CB,C06DFF55,88FF2610,5E47E815,C98895FA" />
+<ipidsequence class="Incremental" values="CCFA,CD02,CD07,CD09,CD0D,CD0F" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="248752" rttvar="3284" to="261888" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="reset"/>
+<address addr="10.97.106.173" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4242"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4662"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="edonkey" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6346"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="gnutella" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="telecom-misc" vendor="Avaya" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="96" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="96" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="96" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="95" />
+<osclass type="storage-misc" vendor="Buffalo" osfamily="embedded" accuracy="95" />
+<osclass type="firewall" vendor="Check Point" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Cisco-Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="95" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="specialized" vendor="Infoblox" osfamily="NIOS" osgen="4.X" accuracy="95" />
+<osclass type="firewall" vendor="IPCop" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="firewall" vendor="IronPort" osfamily="AsyncOS" osgen="6.X" accuracy="95" />
+<osclass type="storage-misc" vendor="Isilon" osfamily="OneFS" accuracy="95" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="Linksys" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="broadband router" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="95" />
+<osmatch name="Avaya Communication Manager (Linux 2.6.11)" accuracy="96" line="3060"/>
+<osmatch name="Check Point ZoneAlarm Z100G firewall" accuracy="96" line="4511"/>
+<osmatch name="HP OpenVMS 7.3-1" accuracy="96" line="11189"/>
+<osmatch name="ISS Proventia GX3002C firewall (Linux 2.4.18)" accuracy="96" line="12702"/>
+<osmatch name="Linux 2.6.18 (CentOS 5, x86_64, SMP)" accuracy="96" line="16017"/>
+<osmatch name="Linux 2.6.20-gentoo-r8 (Gentoo, x86, SMP)" accuracy="96" line="16706"/>
+<osmatch name="Linux 10.66.62.154-32.fc6 (x86, SMP)" accuracy="96" line="17726"/>
+<osmatch name="Linux 2.6.24 (Debian)" accuracy="96" line="18121"/>
+<osmatch name="Linux 2.6.26" accuracy="96" line="18429"/>
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="95" line="665"/>
+</os>
+<times srtt="337353" rttvar="9781" to="376477" />
+</host>
+<host starttime="1237937651" endtime="1237940266"><status state="up" reason="echo-reply"/>
+<address addr="10.210.134.64" addrtype="ipv4" />
+<hostnames><hostname name="dracgiems-913.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="929">
+<extrareasons reason="no-responses" count="929"/>
+</extraports>
+<extraports state="closed" count="71">
+<extrareasons reason="resets" count="71"/>
+</extraports>
+</ports>
+<os><portused state="closed" proto="tcp" portid="21" />
+<osclass type="bridge" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2008" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="100" />
+<osclass type="broadband router" vendor="Solwise" osfamily="embedded" accuracy="100" />
+</os>
+<times srtt="120322" rttvar="3282" to="133450" />
+</host>
+<host starttime="1237937651" endtime="1237940266"><status state="up" reason="reset"/>
+<address addr="10.231.222.23" addrtype="ipv4" />
+<hostnames><hostname name="elokstm-701.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="34140" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osmatch name="Apple iPod touch audio player (iPhone OS 1.1.2 - 1.1.4, Darwin 9.0.0d1)" accuracy="100" line="1630" />
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="100" line="2173" />
+<osmatch name="Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86)" accuracy="100" line="2432" />
+<osmatch name="Apple Mac OS X 10.5.5 (Leopard) (Darwin 9.5.0)" accuracy="100" line="2607" />
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="100" line="3561" />
+<osmatch name="m0n0wall FreeBSD-based embedded firewall version 1.22 - 1.23b1" accuracy="100" line="19677" />
+<osmatch name="Netgear WGR614v7 wireless broadband router" accuracy="100" line="25534" />
+</os>
+<distance value="13" />
+<times srtt="88514" rttvar="1721" to="100000" />
+</host>
+<host starttime="1237937651" endtime="1237940347"><status state="up" reason="syn-ack"/>
+<address addr="10.186.15.11" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="975">
+<extrareasons reason="resets" count="975"/>
+</extraports>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="44"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="113"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="auth" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1025"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="NFS-or-IIS" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1110"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nfsd-status" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1433"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2869"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3389"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-term-serv" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4662"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="edonkey" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4899"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="radmin" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5800"><state state="filtered" reason="admin-prohibited" reason_ttl="236" reason_ip="10.169.37.23"/><service name="vnc-http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5900"><state state="filtered" reason="admin-prohibited" reason_ttl="236" reason_ip="10.169.37.23"/><service name="vnc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6129"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6667"><state state="filtered" reason="admin-prohibited" reason_ttl="236" reason_ip="10.169.37.23"/><service name="irc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6881"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bittorrent-tracker" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8008"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9898"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="11111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="19780"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="50300"><state state="open" reason="syn-ack" reason_ttl="44"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="80" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="30297" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="88" />
+<osclass type="power-device" vendor="Newave" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="85" />
+<osmatch name="Microsoft Windows Fundamentals for Legacy PCs (XP Embedded derivative)" accuracy="88" line="22428"/>
+<osmatch name="Microsoft Windows XP SP2" accuracy="87" line="23991"/>
+<osmatch name="Newave UPS SNMP adapter" accuracy="86" line="25746"/>
+<osmatch name="Linux 2.6.24 (Gentoo)" accuracy="85" line="18155"/>
+</os>
+<distance value="19" />
+<tcpsequence index="262" difficulty="Good luck!" values="A92E224A,C22735F,7F4E82BC,D1C3EFE,8620D721,97551577" />
+<ipidsequence class="Busy server or unknown class" values="ABAD,ABB4,ABC0,ABC9,ABD0,ABDA" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="297434" rttvar="1877" to="304942" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="reset"/>
+<address addr="10.186.25.245" addrtype="ipv4" />
+<hostnames><hostname name="szajckt-621.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="982">
+<extrareasons reason="resets" count="982"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ssh" method="table" conf="3" /></port>
+<port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="179"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bgp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1023"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netvenuechat" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1433"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2967"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="symantec-av" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3306"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="mysql" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4899"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="radmin" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6101"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="backupexec" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6129"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9898"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="10000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="Cobalt" osfamily="Linux" osgen="2.0.X" accuracy="94" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="94" />
+<osclass type="media device" vendor="Netgear" osfamily="embedded" accuracy="94" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="94" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="94" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="94" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="92" />
+<osclass type="firewall" vendor="NetworksAOK" osfamily="embedded" accuracy="92" />
+<osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="92" />
+<osclass type="VoIP gateway" vendor="Avaya" osfamily="embedded" accuracy="92" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="92" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="92" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="92" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="92" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="92" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="92" />
+<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="92" />
+<osclass type="switch" vendor="Allied Telesyn" osfamily="embedded" accuracy="91" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="91" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="91" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="2.X" accuracy="91" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="91" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="91" />
+<osclass type="switch" vendor="Avaya" osfamily="embedded" accuracy="91" />
+<osmatch name="Linksys WRT54G v8 wireless broadband router" accuracy="95" line="13947"/>
+<osmatch name="WatchGuard FireBox 500 firewall" accuracy="95" line="31008"/>
+<osmatch name="WatchGuard FireBox 700 firewall" accuracy="95" line="31025"/>
+<osmatch name="Cobalt Qube 1 2700WG (Linux 2.0.34)" accuracy="94" line="5994"/>
+<osmatch name="HP ProLiant BL p-Class C-Gbe2 switch" accuracy="94" line="10716"/>
+<osmatch name="Netgear EVA700 Digital Entertainer set top box" accuracy="94" line="25414"/>
+<osmatch name="Teltronics NET-PATH intrusion detection system" accuracy="94" line="30560"/>
+<osmatch name="ZyXEL ZyWALL 10W firewall (ZyNOS 3.62)" accuracy="94" line="31437"/>
+<osmatch name="ZyXEL ZyWALL 2 or Prestige 660HW-61 ADSL router (ZyNOS 3.62)" accuracy="94" line="31455"/>
+<osmatch name="ZyXEL ZyWALL 70 firewall (ZyNOS 3.65)" accuracy="94" line="31472"/>
+</os>
+<times srtt="88345" rttvar="759" to="100000" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="echo-reply"/>
+<address addr="10.151.8.116" addrtype="ipv4" />
+<hostnames><hostname name="twkmzuqoe-581.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="999"/>
+<extrareasons reason="port-unreach" count="1"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="252047" rttvar="83318" to="585319" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="echo-reply"/>
+<address addr="10.165.44.177" addrtype="ipv4" />
+<hostnames><hostname name="ntuhsb-272.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="282328" rttvar="91389" to="647884" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.157.26.46" addrtype="ipv4" />
+<hostnames><hostname name="zsjhwl-125.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="245"/><service name="ssh" product="Cisco SSH" version="1.25" extrainfo="protocol 1.5" ostype="IOS" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<osclass type="firewall" vendor="Cisco" osfamily="PIX OS" osgen="6.X" accuracy="89" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="88" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="6.X" accuracy="88" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="4.X" accuracy="87" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="7.X" accuracy="86" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="8.X" accuracy="86" />
+<osclass type="WAP" vendor="D-Link" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="TRENDnet" osfamily="embedded" accuracy="86" />
+<osclass type="VoIP adapter" vendor="Sipura" osfamily="embedded" accuracy="86" />
+<osclass type="switch" vendor="Extreme Networks" osfamily="ExtremeWare" osgen="7.X" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osclass type="switch" vendor="Allied Telesyn" osfamily="embedded" accuracy="85" />
+<osmatch name="Cisco PIX firewall (PIX OS 6.3(5))" accuracy="89" line="5943"/>
+<osmatch name="HP ProLiant BL p-Class C-Gbe2 switch" accuracy="88" line="10716"/>
+<osmatch name="Cisco Catalyst WS-C6509 switch (CatOS 6.3)" accuracy="88" line="4650"/>
+<osmatch name="Cisco Catalyst WS-C5000 switch (CatOS 4.5(1))" accuracy="87" line="4633"/>
+<osmatch name="Cisco Catalyst 4003, 4006, or 6509 switch (CatOS 7.6(17) - 8.4(3))" accuracy="86" line="4669"/>
+<osmatch name="D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP" accuracy="86" line="6528"/>
+<osmatch name="Sipura SPA-3000 VoIP adapter" accuracy="86" line="28840"/>
+<osmatch name="Cisco Catalyst WS-C6506 switch (CatOS 7.6(16))" accuracy="86" line="4687"/>
+<osmatch name="Extreme Networks Summit48si switch (ExtremeWare 7.6)" accuracy="86" line="7649"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<tcpsequence index="258" difficulty="Good luck!" values="20403B1A,7E608C0D,38ED63F7,FCB25AA7,C8BA6AB6,C10E681F" />
+<ipidsequence class="Incremental" values="DB76,DB77,DB78,DB79,DB7A,DB7B" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="87374" rttvar="5180" to="108094" />
+</host>
+<host starttime="1237937651" endtime="1237940266"><status state="up" reason="echo-reply"/>
+<address addr="10.96.156.60" addrtype="ipv4" />
+<hostnames><hostname name="skdwjp-884.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os><osclass type="broadband router" vendor="D-Link" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="SMC" osfamily="embedded" accuracy="100" />
+<osclass type="specialized" vendor="Digi" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="Foundry" osfamily="embedded" accuracy="100" />
+<osclass type="proxy server" vendor="Foundry" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="Foundry" osfamily="IronWare" osgen="2.X" accuracy="100" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="100" />
+<osclass type="remote management" vendor="HP" osfamily="iLO" accuracy="100" />
+<osclass type="general purpose" vendor="IBM" osfamily="OS/400" osgen="V5" accuracy="100" />
+<osclass type="general purpose" vendor="IBM" osfamily="z/OS" accuracy="100" />
+<osclass type="general purpose" vendor="IBM" osfamily="z/VM" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osclass type="specialized" vendor="Raritan" osfamily="embedded" accuracy="100" />
+<osclass type="media device" vendor="Sagem Communication" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="Symbol" osfamily="embedded" accuracy="100" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="100" />
+<osclass type="router" vendor="USRobotics" osfamily="embedded" accuracy="100" />
+</os>
+<times srtt="207220" rttvar="121947" to="695008" />
+</host>
+<host starttime="1237937651" endtime="1237940266"><status state="up" reason="reset"/>
+<address addr="10.156.30.100" addrtype="ipv4" />
+<hostnames><hostname name="uckos-452.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="554"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rtsp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="7070"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="realserver" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="100" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="broadband router" vendor="Motorola" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="Neuf" osfamily="embedded" accuracy="100" />
+<osclass type="VoIP phone" vendor="Polycom" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="SonicOS" osgen="2.X" accuracy="100" />
+</os>
+<times srtt="96734" rttvar="2312" to="105982" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="syn-ack"/>
+<address addr="10.137.81.38" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="http" product="APC switched rack PDU http config" extrainfo="Allegro embedded httpd 4.04" devicetype="power-device" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="80" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="96" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="87" />
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="96" line="8449"/>
+<osmatch name="Apple AirPort Extreme WAP v7.3.2" accuracy="87" line="1612"/>
+</os>
+<uptime seconds="2912494" lastboot="Thu Feb 19 00:17:33 2009" />
+<tcpsequence index="255" difficulty="Good luck!" values="C4D53964,A3CD4B35,9EE3FC4B,D156DE70,95827FD1,D403D5BE" />
+<ipidsequence class="Incremental" values="3524,3525,3526,3527,3528,3529" />
+<tcptssequence class="1000HZ" values="AD97FFD8,AD98003C,AD9800A0,AD980104,AD980168,AD9801CC" />
+<times srtt="82744" rttvar="6043" to="106916" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.188.46.230" addrtype="ipv4" />
+<hostnames><hostname name="xbzpqkvw-255.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="telnet" product="Cisco or Edge-core switch telnetd" devicetype="switch" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5004"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5060"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sip" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="33040" />
+<osclass type="phone" vendor="Nokia" osfamily="Symbian OS" accuracy="88" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="86" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="85" />
+<osclass type="switch" vendor="Allied Telesyn" osfamily="embedded" accuracy="85" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="85" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="85" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="85" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="Nokia N81 mobile phone (Symbian OS)" accuracy="88" line="26028"/>
+<osmatch name="ZyXEL ZyWALL 10W firewall (ZyNOS 3.62)" accuracy="86" line="31437"/>
+<osmatch name="Apple AirPort Extreme WAP v7.3.2" accuracy="85" line="1612"/>
+<osmatch name="Allied Telesyn Rapier G6 switch" accuracy="85" line="1217"/>
+<osmatch name="HP ProLiant BL p-Class C-Gbe2 switch" accuracy="85" line="10716"/>
+<osmatch name="Cisco Catalyst 1900 Switch, Software v9.00.03" accuracy="85" line="4929"/>
+<osmatch name="Lantronix XPort-03 embedded serial device server (firmware 1.80)" accuracy="85" line="13161"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<distance value="18" />
+<tcpsequence index="17" difficulty="Good luck!" values="83F5,83FF,8409,8412,841C,8426" />
+<ipidsequence class="Incremental" values="173,174,175,176,177,178" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="208615" rttvar="669" to="211291" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="reset"/>
+<address addr="10.228.201.235" addrtype="ipv4" />
+<hostnames><hostname name="uweimhflr-969.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+</os>
+<times srtt="159532" rttvar="1778" to="166644" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.253.52.142" addrtype="ipv4" />
+<hostnames><hostname name="ysqxnovik-508.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="53"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="router" vendor="Nortel" osfamily="embedded" accuracy="87" />
+<osclass type="switch" vendor="Nortel" osfamily="embedded" accuracy="86" />
+<osclass type="storage-misc" vendor="Sun" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="HP 4000M ProCurve switch (J4121A)" accuracy="87" line="10422"/>
+<osmatch name="Nortel 5530 Ethernet Routing Switch" accuracy="87" line="26064"/>
+<osmatch name="Nortel 5520 Ethernet Routing Switch" accuracy="86" line="26084"/>
+<osmatch name="Sun StorageTek 6140 NAS device" accuracy="86" line="29480"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<uptime seconds="4829" lastboot="Tue Mar 24 16:58:38 2009" />
+<tcpsequence index="155" difficulty="Good luck!" values="CE71F342,CE757EF9,CE76DBA1,CE77E9B1,CE7913C2,CE7A5C72" />
+<ipidsequence class="Incremental" values="1A7F,1A80,1A82,1A83,1A84,1A85" />
+<tcptssequence class="2HZ" values="2524,2525,2525,2525,2525,2525" />
+<times srtt="139127" rttvar="3501" to="153131" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="syn-ack"/>
+<address addr="10.196.172.89" addrtype="ipv4" />
+<hostnames><hostname name="utkjlegbx-701.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="995">
+<extrareasons reason="no-responses" count="995"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="ftp" product="Dreambox ftpd" ostype="Linux" devicetype="media device" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="http" product="Dreambox httpd" devicetype="media device" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="48"/><service name="sip" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8080"><state state="closed" reason="reset" reason_ttl="47"/><service name="http-proxy" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="48"/><service name="upnp" product="Microsoft Windows UPnP" ostype="Windows" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="8080" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="88" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="86" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="86" />
+<osclass type="specialized" vendor="Infoblox" osfamily="NIOS" osgen="4.X" accuracy="85" />
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="88" line="8449"/>
+<osmatch name="Linux 2.6.8 (x86)" accuracy="86" line="18997"/>
+<osmatch name="Linux 2.6.9 - 2.6.24" accuracy="86" line="19279"/>
+<osmatch name="Thomson Symbio VoIP phone" accuracy="86" line="30687"/>
+<osmatch name="Infoblox NIOS Release 4.1r2-5-22263" accuracy="85" line="12422"/>
+</os>
+<uptime seconds="897235" lastboot="Sat Mar 14 09:05:12 2009" />
+<tcpsequence index="205" difficulty="Good luck!" values="1EC776D9,1E530683,1DDFDF5C,1EC2A01F,1EC74F1A,1E43CB1A" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="1000HZ" values="357995BE,35799617,3579967B,357996DF,35799743,357997A7" />
+<times srtt="210079" rttvar="1344" to="215455" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="reset"/>
+<address addr="10.47.131.205" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="999">
+<extrareasons reason="resets" count="999"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="telecom-misc" vendor="Avaya" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="96" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="96" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="96" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="95" />
+<osclass type="storage-misc" vendor="Buffalo" osfamily="embedded" accuracy="95" />
+<osclass type="firewall" vendor="Check Point" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Cisco-Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="95" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="specialized" vendor="Infoblox" osfamily="NIOS" osgen="4.X" accuracy="95" />
+<osclass type="firewall" vendor="IPCop" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="firewall" vendor="IronPort" osfamily="AsyncOS" osgen="6.X" accuracy="95" />
+<osclass type="storage-misc" vendor="Isilon" osfamily="OneFS" accuracy="95" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="Linksys" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="broadband router" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="95" />
+<osmatch name="Avaya Communication Manager (Linux 2.6.11)" accuracy="96" line="3060"/>
+<osmatch name="Check Point ZoneAlarm Z100G firewall" accuracy="96" line="4511"/>
+<osmatch name="HP OpenVMS 7.3-1" accuracy="96" line="11189"/>
+<osmatch name="ISS Proventia GX3002C firewall (Linux 2.4.18)" accuracy="96" line="12702"/>
+<osmatch name="Linux 2.6.18 (CentOS 5, x86_64, SMP)" accuracy="96" line="16017"/>
+<osmatch name="Linux 2.6.20-gentoo-r8 (Gentoo, x86, SMP)" accuracy="96" line="16706"/>
+<osmatch name="Linux 10.66.62.154-32.fc6 (x86, SMP)" accuracy="96" line="17726"/>
+<osmatch name="Linux 2.6.24 (Debian)" accuracy="96" line="18121"/>
+<osmatch name="Linux 2.6.26" accuracy="96" line="18429"/>
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="95" line="665"/>
+</os>
+<times srtt="332383" rttvar="7779" to="363499" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="echo-reply"/>
+<address addr="10.188.226.230" addrtype="ipv4" />
+<hostnames><hostname name="bpdygf-130.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="184647" rttvar="113469" to="638523" />
+</host>
+<host starttime="1237937651" endtime="1237940266"><status state="up" reason="reset"/>
+<address addr="10.27.38.204" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="846">
+<extrareasons reason="no-responses" count="846"/>
+</extraports>
+<extraports state="closed" count="154">
+<extrareasons reason="resets" count="154"/>
+</extraports>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="general purpose" vendor="Cobalt" osfamily="Linux" osgen="2.0.X" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="media device" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="100" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="100" />
+</os>
+<times srtt="179856" rttvar="5157" to="200484" />
+</host>
+<host starttime="1237937651" endtime="1237940279"><status state="up" reason="echo-reply"/>
+<address addr="10.244.249.136" addrtype="ipv4" />
+<hostnames><hostname name="akorb-729.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="107306" rttvar="69531" to="385430" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.4.89.234" addrtype="ipv4" />
+<hostnames><hostname name="ucyfgqrsa-296.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="994">
+<extrareasons reason="resets" count="994"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="telnet" product="Cisco router" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="http" product="Cisco IOS administrative httpd" ostype="IOS" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="35838" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="96" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="94" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="90" />
+<osclass type="broadband router" vendor="Cisco" osfamily="embedded" accuracy="87" />
+<osclass type="VoIP adapter" vendor="Sipura" osfamily="embedded" accuracy="86" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="85" />
+<osmatch name="Cisco 2821 router" accuracy="96" line="5341"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="94" line="5637"/>
+<osmatch name="Cisco 3560G switch (IOS 12.2)" accuracy="92" line="5620"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="91" line="5694"/>
+<osmatch name="Cisco Catalyst 1900 Switch, Software v9.00.03" accuracy="90" line="4929"/>
+<osmatch name="Cisco Catalyst 3500 XL switch (IOS 12.0)" accuracy="88" line="5747"/>
+<osmatch name="Cisco 1250 WAP, or 1811 or 2800 router (IOS 12.4)" accuracy="87" line="5219"/>
+<osmatch name="Cisco 827H ADSL router" accuracy="87" line="4738"/>
+</os>
+<distance value="23" />
+<tcpsequence index="265" difficulty="Good luck!" values="F96EB12A,8425F891,D2F310A,103194BE,FE28F3D5,13E39296" />
+<ipidsequence class="Randomized" values="FEDF,B3FA,B159,47CE,643C,AA81" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="100780" rttvar="1719" to="107656" />
+</host>
+<host starttime="1237937651" endtime="1237940293"><status state="up" reason="reset"/>
+<address addr="10.62.250.133" addrtype="ipv4" />
+<hostnames><hostname name="rcjdgszo-61.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="999">
+<extrareasons reason="resets" count="999"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="36732" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osmatch name="Apple iPod touch audio player (iPhone OS 1.1.2 - 1.1.4, Darwin 9.0.0d1)" accuracy="100" line="1630" />
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="100" line="2173" />
+<osmatch name="Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86)" accuracy="100" line="2432" />
+<osmatch name="Apple Mac OS X 10.5.5 (Leopard) (Darwin 9.5.0)" accuracy="100" line="2607" />
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="100" line="3561" />
+<osmatch name="m0n0wall FreeBSD-based embedded firewall version 1.22 - 1.23b1" accuracy="100" line="19677" />
+<osmatch name="Netgear WGR614v7 wireless broadband router" accuracy="100" line="25534" />
+</os>
+<distance value="12" />
+<times srtt="102696" rttvar="2148" to="111288" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="reset"/>
+<address addr="10.47.94.15" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="244"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="244"/><service name="telnet" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="646"><state state="open" reason="syn-ack" reason_ttl="244"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<portused state="closed" proto="tcp" portid="1" />
+<osclass type="broadband router" vendor="Efficient Networks" osfamily="embedded" accuracy="86" />
+<osmatch name="Efficient Networks 5930 ADSL router" accuracy="86" line="7399"/>
+</os>
+<tcpsequence index="17" difficulty="Good luck!" values="F7293D62,F72A3762,F72B3162,F72C2B62,F72D2562,F72F1962" />
+<ipidsequence class="Incremental" values="35A2,35A4,35A8,35AD,35B1,35B3" />
+<tcptssequence class="2HZ" values="87C75C2,87C75C2,87C75C2,87C75C2,87C75C2,87C75C3" />
+<times srtt="294973" rttvar="2205" to="303793" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.247.186.216" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="998">
+<extrareasons reason="no-responses" count="998"/>
+</extraports>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="45"/><service name="sip" extrainfo="SIP end point; Status: 500 Server Internal Error" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="65000"><state state="open" reason="syn-ack" reason_ttl="45"/><service name="http" product="Alcatel/Thomson SpeedTouch aDSL http config" version="1.0" devicetype="broadband router" tunnel="ssl" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="5060" />
+</os>
+<uptime seconds="73911" lastboot="Mon Mar 23 21:47:16 2009" />
+<tcpsequence index="264" difficulty="Good luck!" values="BDFF7662,B6C278CF,B402ADBA,D71AD45F,59D1B2C5,2B7447BB" />
+<ipidsequence class="Incremental" values="4B71,4B72,4B73,4B74,4B75,4B76" />
+<tcptssequence class="2HZ" values="24114,24114,24114,24114,24115,24115" />
+<times srtt="418792" rttvar="3826" to="434096" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="reset"/>
+<address addr="10.252.121.17" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="989">
+<extrareasons reason="resets" count="989"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="236"/><service name="telnet" product="Cisco router" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1045"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1046"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1047"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1433"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="97" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="90" />
+<osclass type="broadband router" vendor="Cisco" osfamily="embedded" accuracy="87" />
+<osmatch name="Cisco 3560G switch (IOS 12.2)" accuracy="97" line="5620"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="96" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="95" line="5694"/>
+<osmatch name="Cisco Catalyst 3500 XL switch (IOS 12.0)" accuracy="92" line="5747"/>
+<osmatch name="Cisco 2821 router" accuracy="90" line="5341"/>
+</os>
+<tcpsequence index="238" difficulty="Good luck!" values="29F9ADFB,77381698,27D47213,6F8AC6D1,B552EAC4,73CB7E8C" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="203067" rttvar="3472" to="216955" />
+</host>
+<host starttime="1237937651" endtime="1237940313"><status state="up" reason="reset"/>
+<address addr="10.251.227.170" addrtype="ipv4" />
+<hostnames><hostname name="mtceaquwb-811.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="996">
+<extrareasons reason="resets" count="996"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="50001"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="41013" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="10" accuracy="97" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="8" accuracy="97" />
+<osclass type="general purpose" vendor="HP" osfamily="HP-UX" osgen="11.X" accuracy="95" />
+<osclass type="WAP" vendor="2Wire" osfamily="embedded" accuracy="91" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="90" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="9" accuracy="89" />
+<osclass type="WAP" vendor="Acorp" osfamily="embedded" accuracy="89" />
+<osclass type="broadband router" vendor="Actiontec" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="89" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="88" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="88" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="87" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="87" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="86" />
+<osclass type="WAP" vendor="Cisco-Linksys" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="86" />
+<osmatch name="Sun Solaris 10 (x86)" accuracy="97" line="29653"/>
+<osmatch name="Sun Solaris 8 (SPARC)" accuracy="97" line="29901"/>
+<osmatch name="HP HP-UX B.11.31" accuracy="95" line="10913"/>
+<osmatch name="2Wire 1701HG wireless ADSL modem" accuracy="91" line="50"/>
+<osmatch name="2Wire 2700HG, 2700HG-B, 2701HG-B, or RG2701HG wireless ADSL modem" accuracy="91" line="87"/>
+<osmatch name="2Wire Shasta wireless broadband router" accuracy="91" line="122"/>
+<osmatch name="F5 BIG-IP Local Traffic Manager load balancer" accuracy="90" line="7700"/>
+<osmatch name="Sun Solaris 10" accuracy="89" line="29497"/>
+<osmatch name="Sun Solaris 10 (SPARC)" accuracy="89" line="29618"/>
+<osmatch name="Sun Solaris 9 (x86)" accuracy="89" line="30037"/>
+</os>
+<distance value="14" />
+<times srtt="135653" rttvar="3722" to="150541" />
+</host>
+<host starttime="1237937651" endtime="1237940313"><status state="up" reason="reset"/>
+<address addr="10.191.37.88" addrtype="ipv4" />
+<hostnames><hostname name="pvcjbh-770.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="996">
+<extrareasons reason="resets" count="996"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="50001"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="32958" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="10" accuracy="97" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="8" accuracy="97" />
+<osclass type="general purpose" vendor="HP" osfamily="HP-UX" osgen="11.X" accuracy="95" />
+<osclass type="WAP" vendor="2Wire" osfamily="embedded" accuracy="91" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="90" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="9" accuracy="89" />
+<osclass type="WAP" vendor="Acorp" osfamily="embedded" accuracy="89" />
+<osclass type="broadband router" vendor="Actiontec" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="89" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="88" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="88" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="88" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="media device" vendor="Netgear" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="87" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="87" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="87" />
+<osmatch name="Sun Solaris 10 (x86)" accuracy="97" line="29653"/>
+<osmatch name="Sun Solaris 8 (SPARC)" accuracy="97" line="29901"/>
+<osmatch name="HP HP-UX B.11.31" accuracy="95" line="10913"/>
+<osmatch name="2Wire 1701HG wireless ADSL modem" accuracy="91" line="50"/>
+<osmatch name="2Wire 2700HG, 2700HG-B, 2701HG-B, or RG2701HG wireless ADSL modem" accuracy="91" line="87"/>
+<osmatch name="2Wire Shasta wireless broadband router" accuracy="91" line="122"/>
+<osmatch name="F5 BIG-IP Local Traffic Manager load balancer" accuracy="90" line="7700"/>
+<osmatch name="Sun Solaris 10" accuracy="89" line="29497"/>
+<osmatch name="Sun Solaris 10 (SPARC)" accuracy="89" line="29618"/>
+<osmatch name="Sun Solaris 9 (x86)" accuracy="89" line="30037"/>
+</os>
+<distance value="14" />
+<times srtt="149025" rttvar="2933" to="160757" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="reset"/>
+<address addr="10.99.120.91" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="241"/><service name="telnet" product="Cisco router" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="open" reason="syn-ack" reason_ttl="241"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="241"/><service name="sip-proxy" product="Cisco SIP Gateway" extrainfo="IOS 12.x" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="36181" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="98" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="93" />
+<osclass type="broadband router" vendor="Cisco" osfamily="embedded" accuracy="91" />
+<osclass type="WAP" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="88" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="86" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="85" />
+<osclass type="broadband router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="85" />
+<osmatch name="Cisco 3560G switch (IOS 12.2)" accuracy="98" line="5620"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="97" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="97" line="5694"/>
+<osmatch name="Cisco Catalyst 3500 XL switch (IOS 12.0)" accuracy="94" line="5747"/>
+<osmatch name="Cisco 2821 router" accuracy="93" line="5341"/>
+<osmatch name="Cisco 827H ADSL router" accuracy="91" line="4738"/>
+</os>
+<distance value="15" />
+<tcpsequence index="263" difficulty="Good luck!" values="1F9E45D7,352F59F8,3CCB677E,CCBAA03B,98248265,5D13581" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="70579" rttvar="10764" to="113635" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.221.98.167" addrtype="ipv4" />
+<hostnames><hostname name="qwjvzmnsr-956.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="microsoft-rdp" product="Microsoft Terminal Service" ostype="Windows" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="3389" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="92" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="86" />
+<osmatch name="Microsoft Windows Server 2003 SP2" accuracy="92" line="21181"/>
+<osmatch name="Apple AirPort Extreme WAP v7.3.2" accuracy="86" line="1612"/>
+</os>
+<tcpsequence index="260" difficulty="Good luck!" values="A6AC1902,2C1B7079,6780FFAA,CFAD314A,E642766,292C250D" />
+<ipidsequence class="Incremental" values="973,974,975,976,977,978" />
+<tcptssequence class="zero timestamp" values="0,0,0,0,0,0" />
+<times srtt="71789" rttvar="3948" to="100000" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="echo-reply"/>
+<address addr="10.50.95.122" addrtype="ipv4" />
+<hostnames><hostname name="psmtxgyh-571.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="5190"><state state="open" reason="syn-ack" reason_ttl="53"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="5190" />
+</os>
+<uptime seconds="229899" lastboot="Sun Mar 22 02:27:28 2009" />
+<tcpsequence index="193" difficulty="Good luck!" values="7448A4CF,74481000,7437EA77,74709B95,74399027,743281D0" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="15EBB08,15EBB11,15EBB1B,15EBB26,15EBB30,15EBB39" />
+<times srtt="239129" rttvar="6689" to="265885" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="syn-ack"/>
+<address addr="10.55.64.130" addrtype="ipv4" />
+<hostnames><hostname name="yrwvfudjc-415.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="998">
+<extrareasons reason="no-responses" count="998"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="243"/><service name="ftp" product="Netgear broadband router or ZyXel VoIP adapter ftpd" version="1.0" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="243"/><service name="http" product="Embedded Allegro RomPager webserver" version="4.07 UPnP/1.0" extrainfo="ZyXEL ZyWALL 2" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+</os>
+<times srtt="210909" rttvar="1071" to="215193" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="reset"/>
+<address addr="10.99.53.97" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="993">
+<extrareasons reason="resets" count="993"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="ftp" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="telnet" product="Linux telnetd" ostype="Linux" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="1" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="100" line="665" />
+</os>
+<uptime seconds="1873976" lastboot="Tue Mar 3 00:46:11 2009" />
+<tcpsequence index="202" difficulty="Good luck!" values="6B3D453E,6B397FE2,6AAA0FB1,6AEADCCC,6A7659C4,6A6D749D" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="B2B5CEB,B2B5D03,B2B5D0D,B2B5D17,B2B5D21,B2B5D2B" />
+<times srtt="208387" rttvar="1291" to="213551" />
+</host>
+<host starttime="1237937651" endtime="1237940346"><status state="up" reason="echo-reply"/>
+<address addr="10.92.202.21" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="995">
+<extrareasons reason="no-responses" count="995"/>
+</extraports>
+<port protocol="tcp" portid="1863"><state state="open" reason="syn-ack" reason_ttl="50"/><service name="msnp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1864"><state state="open" reason="syn-ack" reason_ttl="50"/><service name="paradym-31" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4443"><state state="open" reason="syn-ack" reason_ttl="50"/><service name="pharos" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5190"><state state="open" reason="syn-ack" reason_ttl="50"/><service name="aol" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5566"><state state="open" reason="syn-ack" reason_ttl="50"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="1863" />
+</os>
+<times srtt="521498" rttvar="6299" to="546694" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="syn-ack"/>
+<address addr="10.180.165.180" addrtype="ipv4" />
+<hostnames><hostname name="zvpei-603.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="989">
+<extrareasons reason="resets" count="989"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ssh" product="OpenSSH" version="4.2" extrainfo="protocol 2.0" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" product="Apache httpd" version="2.0.54" extrainfo="(Fedora)" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="199"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="smux" product="Linux SNMP multiplexer" ostype="Linux" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" product="Apache httpd" version="2.0.54" extrainfo="(Fedora)" tunnel="ssl" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3128"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http-proxy" product="Squid webproxy" version="2.5.STABLE13" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="mysql" product="MySQL" extrainfo="unauthorized" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="40259" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osmatch name="Linux 2.6.15 - 2.6.26" accuracy="100" line="15361" />
+</os>
+<uptime seconds="181318" lastboot="Sun Mar 22 15:57:09 2009" />
+<distance value="12" />
+<tcpsequence index="198" difficulty="Good luck!" values="BD8514B6,BD4D8894,BDBF3B9E,BDC542A1,BDB57DB7,BD78F6F5" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="other" values="2B0AA58,2B0AA81,2B0AA9A,2B0AAB3,2B0AACC,2B0AAE5" />
+<times srtt="213015" rttvar="2552" to="223223" />
+</host>
+<host starttime="1237937651" endtime="1237940313"><status state="up" reason="echo-reply"/>
+<address addr="10.84.208.45" addrtype="ipv4" />
+<hostnames><hostname name="reiwjyq-899.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="203764" rttvar="203764" to="1018820" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="syn-ack"/>
+<address addr="10.227.126.44" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="ftp" product="ProFTPD" version="1.3.1" ostype="Unix" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="ssh" product="OpenSSH" version="4.5p1" extrainfo="FreeBSD 20061110; protocol 2.0" ostype="FreeBSD" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="http" product="Apache httpd" version="2.2.6" extrainfo="(FreeBSD) mod_ssl/2.2.6 OpenSSL/0.9.7e-p1 DAV/2 PHP/5.2.5 with Suhosin-Patch" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="admin-prohibited" reason_ttl="242" reason_ip="10.242.51.249"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="admin-prohibited" reason_ttl="242" reason_ip="10.242.51.249"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="admin-prohibited" reason_ttl="242" reason_ip="10.242.51.249"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="mysql" product="MySQL" extrainfo="unauthorized" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="http" product="Webmin httpd" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="39585" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" accuracy="97" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="96" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="91" />
+<osclass type="general purpose" vendor="PC-BSD" osfamily="PC-BSD" accuracy="89" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="88" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="86" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="85" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="85" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="85" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="2.X" accuracy="85" />
+<osmatch name="m0n0wall 1.3b11 - 1.3b15 FreeBSD-based firewall" accuracy="97" line="19698"/>
+<osmatch name="Juniper Networks JUNOS 9.0R2.10" accuracy="96" line="12873"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="91" line="8449"/>
+<osmatch name="PC-BSD 1.3" accuracy="89" line="27089"/>
+<osmatch name="FreeBSD 7.0-RELEASE" accuracy="88" line="8892"/>
+<osmatch name="FreeBSD 7.1-PRERELEASE" accuracy="88" line="9121"/>
+<osmatch name="FreeBSD 6.3-RELEASE" accuracy="88" line="8571"/>
+</os>
+<uptime seconds="4011159" lastboot="Fri Feb 6 07:06:28 2009" />
+<distance value="23" />
+<tcpsequence index="263" difficulty="Good luck!" values="6CEE3028,1AD74BD8,175BD499,4EFB8A1A,57981DFB,E1E7309C" />
+<ipidsequence class="Incremental" values="772B,772C,772D,772E,772F,7730" />
+<tcptssequence class="1000HZ" values="EF14C10F,EF14C174,EF14C1D8,EF14C238,EF14C29A,EF14C2FD" />
+<times srtt="235631" rttvar="1112" to="240079" />
+</host>
+<host starttime="1237937651" endtime="1237940313"><status state="up" reason="echo-reply"/>
+<address addr="10.178.146.67" addrtype="ipv4" />
+<hostnames><hostname name="oxqgklja-427.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="103939" rttvar="65806" to="367163" />
+</host>
+<host starttime="1237937651" endtime="1237940293"><status state="up" reason="reset"/>
+<address addr="10.188.255.183" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="switch" vendor="Avaya" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="Motorola" osfamily="VxWorks" osgen="5.X" accuracy="100" />
+<osmatch name="Avaya P580 switch running Cajun Switch Agent v5.4.2" accuracy="100" line="2941" />
+<osmatch name="Avaya P880 switch running Cajun Switch Agent v5.3.2" accuracy="100" line="2958" />
+<osmatch name="Motorola SURFboard SB3100 cable modem (VxWorks 5.3)" accuracy="100" line="24924" />
+</os>
+<times srtt="192527" rttvar="38282" to="345655" />
+</host>
+<host starttime="1237937651" endtime="1237940313"><status state="up" reason="reset"/>
+<address addr="10.50.210.60" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Avaya" osfamily="embedded" accuracy="88" />
+<osclass type="broadband router" vendor="Motorola" osfamily="VxWorks" osgen="5.X" accuracy="88" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="87" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="87" />
+<osclass type="firewall" vendor="NetworksAOK" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="87" />
+<osclass type="VoIP gateway" vendor="Avaya" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="86" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="86" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="86" />
+<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="86" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="86" />
+<osmatch name="Cisco 2821 router" accuracy="89" line="5341"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="89" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="89" line="5694"/>
+<osmatch name="Avaya P580 switch running Cajun Switch Agent v5.4.2" accuracy="88" line="2941"/>
+<osmatch name="Avaya P880 switch running Cajun Switch Agent v5.3.2" accuracy="88" line="2958"/>
+<osmatch name="Motorola SURFboard SB3100 cable modem (VxWorks 5.3)" accuracy="88" line="24924"/>
+<osmatch name="Linksys WRT54G v8 wireless broadband router" accuracy="87" line="13947"/>
+<osmatch name="Microsoft Windows XP Home SP1 (French)" accuracy="87" line="22547"/>
+<osmatch name="NetworksAOK network monitoring applicance" accuracy="87" line="25712"/>
+<osmatch name="Nokia firewall (IPSO 4.1Build19)" accuracy="87" line="25867"/>
+</os>
+<times srtt="157367" rttvar="1215" to="162227" />
+</host>
+<host starttime="1237937651" endtime="1237940316"><status state="up" reason="reset"/>
+<address addr="10.195.149.249" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="48"/><service name="rpcbind" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="111" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="34396" />
+<osclass type="general purpose" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osmatch name="MontaVista embedded Linux 2.4.17" accuracy="100" line="24750" />
+</os>
+<uptime seconds="3074805" lastboot="Tue Feb 17 03:12:22 2009" />
+<distance value="19" />
+<tcpsequence index="194" difficulty="Good luck!" values="5034CD16,50B637C7,50F16B6F,506C0C97,50BA07A8,504EC7A3" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="1253AEF7,1253AF07,1253AF12,1253AF1C,1253AF26,1253AF30" />
+<times srtt="199764" rttvar="2706" to="210588" />
+</host>
+<host starttime="1237937651" endtime="1237940313"><status state="up" reason="echo-reply"/>
+<address addr="10.160.151.192" addrtype="ipv4" />
+<hostnames><hostname name="vjdegns-480.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="137419" rttvar="52327" to="346727" />
+</host>
+<host starttime="1237937651" endtime="1237940347"><status state="up" reason="syn-ack"/>
+<address addr="10.135.37.124" addrtype="ipv4" />
+<hostnames><hostname name="kcnjvgwu-737.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="987">
+<extrareasons reason="resets" count="987"/>
+</extraports>
+<port protocol="tcp" portid="20"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ftp-data" method="table" conf="3" /></port>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="110"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="pop3" method="table" conf="3" /></port>
+<port protocol="tcp" portid="143"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="imap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="https" method="table" conf="3" /></port>
+<port protocol="tcp" portid="587"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="submission" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1272"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4003"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="7741"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="27353"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="20" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="43503" />
+</os>
+<uptime seconds="1687606" lastboot="Thu Mar 5 04:32:21 2009" />
+<distance value="9" />
+<tcpsequence index="263" difficulty="Good luck!" values="75F6C507,6950097E,F4F58EDE,ECCDC6C,7AE157C7,241373AE" />
+<ipidsequence class="Incremental" values="A03E,A03F,A041,A044,A046,A047" />
+<tcptssequence class="100HZ" values="A0F0385,A0F038F,A0F0399,A0F03A3,A0F03AD,A0F03B7" />
+<times srtt="163740" rttvar="137498" to="713732" />
+</host>
+<host starttime="1237937651" endtime="1237940347"><status state="up" reason="reset"/>
+<address addr="10.11.39.207" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="992">
+<extrareasons reason="resets" count="992"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="116"/><service name="https" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6059"><state state="open" reason="syn-ack" reason_ttl="116"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="443" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="34778" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="94" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="94" />
+<osclass type="media device" vendor="Motorola" osfamily="Windows" osgen="PocketPC/CE" accuracy="91" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="88" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="88" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="85" />
+<osmatch name="Microsoft Windows Server 2003 SP0 or Windows XP SP2" accuracy="94" line="20773"/>
+<osmatch name="Microsoft Windows XP SP2" accuracy="94" line="23515"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (French)" accuracy="93" line="22909"/>
+<osmatch name="Microsoft Windows XP SP2 or SP3" accuracy="91" line="24158"/>
+<osmatch name="Motorola VIP1216 digital set top box (Windows CE 5.0)" accuracy="91" line="24992"/>
+<osmatch name="Microsoft Windows XP SP3" accuracy="90" line="24340"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (firewall enabled)" accuracy="89" line="22892"/>
+<osmatch name="Microsoft Windows Server 2003 SP1 or SP2" accuracy="89" line="21130"/>
+<osmatch name="Microsoft Windows Server 2003 SP2" accuracy="89" line="21181"/>
+<osmatch name="Version 5.1 (build 2600.xpsp.080125-2028:Service Pack 3, v3300)" accuracy="89" line="24528"/>
+</os>
+<distance value="16" />
+<tcpsequence index="263" difficulty="Good luck!" values="A40D64A8,C778D9AA,40961A53,601B111D,EFB59927,CAC30AB5" />
+<ipidsequence class="Incremental" values="BF12,BF13,BF14,BF15,BF16,BF17" />
+<tcptssequence class="zero timestamp" values="0,0,0,0,0,0" />
+<times srtt="294179" rttvar="3943" to="309951" />
+</host>
+<host starttime="1237937651" endtime="1237940347"><status state="up" reason="syn-ack"/>
+<address addr="10.10.245.27" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="989">
+<extrareasons reason="no-responses" count="989"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="110"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="pop3" method="table" conf="3" /></port>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="19"/><service name="auth" method="table" conf="3" /></port>
+<port protocol="tcp" portid="143"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="imap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="https" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1863"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="msnp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5050"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="mmcc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="sip" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5190"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="aol" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="113" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="90" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="88" />
+<osmatch name="DD-WRT v23 (Linux 2.4.36)" accuracy="90" line="14680"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="88" line="8449"/>
+</os>
+<uptime seconds="376348" lastboot="Fri Mar 20 09:46:39 2009" />
+<times srtt="82314" rttvar="1353" to="100000" />
+</host>
+<host starttime="1237937651" endtime="1237940293"><status state="up" reason="reset"/>
+<address addr="10.57.231.199" addrtype="ipv4" />
+<hostnames><hostname name="nqlovh-39.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="999">
+<extrareasons reason="resets" count="999"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="44154" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osmatch name="Apple iPod touch audio player (iPhone OS 1.1.2 - 1.1.4, Darwin 9.0.0d1)" accuracy="100" line="1630" />
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="100" line="2173" />
+<osmatch name="Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86)" accuracy="100" line="2432" />
+<osmatch name="Apple Mac OS X 10.5.5 (Leopard) (Darwin 9.5.0)" accuracy="100" line="2607" />
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="100" line="3561" />
+<osmatch name="m0n0wall FreeBSD-based embedded firewall version 1.22 - 1.23b1" accuracy="100" line="19677" />
+<osmatch name="Netgear WGR614v7 wireless broadband router" accuracy="100" line="25534" />
+</os>
+<distance value="14" />
+<times srtt="123449" rttvar="4337" to="140797" />
+</host>
+<runstats><finished time="1237940347" timestr="Tue Mar 24 18:19:07 2009" elapsed="2697.05"/><hosts up="55" down="945" total="1000" />
+<!-- Nmap done at Tue Mar 24 18:19:07 2009; 1000 IP addresses (55 hosts up) scanned in 2697.05 seconds -->
+</runstats></nmaprun>
diff --git a/ndiff/test-scans/random-2.xml b/ndiff/test-scans/random-2.xml
new file mode 100644
index 0000000..4363fc8
--- /dev/null
+++ b/ndiff/test-scans/random-2.xml
@@ -0,0 +1,1884 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 4.85BETA4 scan initiated Wed Mar 25 16:35:27 2009 as: nmap -T4 -sV -O -PS -PE -iL ndiff-random-hosts -oA scan -->
+<nmaprun scanner="nmap" args="nmap -T4 -sV -O -PS -PE -iL ndiff-random-hosts -oA scan" start="1238020527" startstr="Wed Mar 25 16:35:27 2009" version="4.85BETA4" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3050,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389" />
+<verbose level="0" />
+<debugging level="0" />
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.119.131.50" addrtype="ipv4" />
+<hostnames><hostname name="humrpocy-19.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="HP 4000M ProCurve switch (J4121A)" accuracy="87" line="10422"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<uptime seconds="23602" lastboot="Wed Mar 25 10:54:53 2009" />
+<tcpsequence index="154" difficulty="Good luck!" values="11A2B9FD,11A43342,11A541D2,11A69C30,11A7DDEF,11AB695A" />
+<ipidsequence class="Incremental" values="552C,552D,552E,552F,5531,5532" />
+<tcptssequence class="2HZ" values="B7BC,B7BC,B7BC,B7BC,B7BC,B7BD" />
+<times srtt="115113" rttvar="1586" to="121457" />
+</host>
+<host starttime="1238020527" endtime="1238023665"><status state="up" reason="syn-ack"/>
+<address addr="10.89.230.125" addrtype="ipv4" />
+<hostnames><hostname name="bthpafeg-852.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="968">
+<extrareasons reason="no-responses" count="967"/>
+<extrareasons reason="admin-prohibited" count="1"/>
+</extraports>
+<port protocol="tcp" portid="20"><state state="closed" reason="reset" reason_ttl="56"/><service name="ftp-data" method="table" conf="3" /></port>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="ftp" product="ProFTPD" version="1.2.8 - 1.2.9" ostype="Unix" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="ssh" product="OpenSSH" version="4.5" extrainfo="protocol 1.99" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="telnet" product="Linux telnetd" ostype="Linux" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="smtp" product="Sendmail" extrainfo="Not accepting mail" hostname="bthpafeg-852.example.com" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="domain" product="ISC BIND" version="4.X" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="110"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="pop3" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="56"/><service name="auth" method="table" conf="3" /></port>
+<port protocol="tcp" portid="143"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="imap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="https" tunnel="ssl" method="table" conf="3" /></port>
+<port protocol="tcp" portid="465"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="smtp" product="Sendmail" version="8.13.6" ostype="Unix" tunnel="ssl" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="587"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="smtp" product="Sendmail" extrainfo="Not accepting mail" hostname="bthpafeg-852.example.com" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="993"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="imaps" tunnel="ssl" method="table" conf="3" /></port>
+<port protocol="tcp" portid="995"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="pop3" tunnel="ssl" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="1755"><state state="closed" reason="reset" reason_ttl="56"/><service name="wms" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2401"><state state="closed" reason="reset" reason_ttl="56"/><service name="cvspserver" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="mysql" product="MySQL" extrainfo="unauthorized" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="3690"><state state="closed" reason="reset" reason_ttl="56"/><service name="svn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5000"><state state="closed" reason="reset" reason_ttl="56"/><service name="upnp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5432"><state state="closed" reason="reset" reason_ttl="56"/><service name="postgresql" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6789"><state state="closed" reason="reset" reason_ttl="56"/><service name="ibm-db2-admin" method="table" conf="3" /></port>
+<port protocol="tcp" portid="7070"><state state="closed" reason="reset" reason_ttl="56"/><service name="realserver" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8000"><state state="closed" reason="reset" reason_ttl="56"/><service name="http-alt" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8008"><state state="closed" reason="reset" reason_ttl="56"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8080"><state state="closed" reason="reset" reason_ttl="56"/><service name="http-proxy" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8081"><state state="closed" reason="reset" reason_ttl="56"/><service name="blackice-icecap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8082"><state state="closed" reason="reset" reason_ttl="56"/><service name="blackice-alerts" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8443"><state state="open" reason="syn-ack" reason_ttl="56"/><service name="http" product="Apache SSL-only mode httpd" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="8888"><state state="closed" reason="reset" reason_ttl="56"/><service name="sun-answerbook" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9080"><state state="closed" reason="reset" reason_ttl="56"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9090"><state state="closed" reason="reset" reason_ttl="56"/><service name="zeus-admin" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="20" />
+<osclass type="storage-misc" vendor="Buffalo" osfamily="embedded" accuracy="94" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="94" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="90" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="90" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="90" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="90" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="90" />
+<osclass type="general purpose" vendor="Linksys" osfamily="Linux" osgen="2.4.X" accuracy="90" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90" />
+<osclass type="WAP" vendor="Acorp" osfamily="embedded" accuracy="89" />
+<osclass type="broadband router" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osclass type="specialized" vendor="Infoblox" osfamily="NIOS" osgen="4.X" accuracy="85" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="85" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="85" />
+<osclass type="storage-misc" vendor="Western Digital" osfamily="Linux" osgen="2.6.X" accuracy="85" />
+<osclass type="broadband router" vendor="Linksys" osfamily="embedded" accuracy="85" />
+<osmatch name="Buffalo TeraStation NAS device" accuracy="94" line="4242"/>
+<osmatch name="Linksys WAP54G WAP" accuracy="94" line="13835"/>
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="90" line="665"/>
+<osmatch name="AVM Fritz!Box FON WLAN 7170 WAP" accuracy="90" line="3100"/>
+<osmatch name="HP 4200 PSA (Print Server Appliance) model J4117A" accuracy="90" line="9486"/>
+<osmatch name="HP Brocade 4Gb SAN switch" accuracy="90" line="10490"/>
+<osmatch name="Linksys WRT300N wireless broadband router" accuracy="90" line="13907"/>
+<osmatch name="Linux 2.4.20" accuracy="90" line="14001"/>
+<osmatch name="Linux 2.6.20 (Ubuntu 7.04 server, x86)" accuracy="90" line="16603"/>
+<osmatch name="Linux 2.6.24 (Ubuntu 8.04, x86)" accuracy="90" line="18240"/>
+</os>
+<uptime seconds="14936049" lastboot="Fri Oct 3 20:34:06 2008" />
+<tcpsequence index="255" difficulty="Good luck!" values="CF01598D,CDA76C74,923CDE6E,C32041A0,8A92376E,53583B9C" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="59067954,5906795E,59067968,59067972,5906797C,59067986" />
+<times srtt="182269" rttvar="2362" to="191717" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.142.171.151" addrtype="ipv4" />
+<hostnames><hostname name="dkepf-501.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="ftp" product="Alcatel Speedtouch aDSL router ftpd" devicetype="broadband router" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+</os>
+<uptime seconds="1433220" lastboot="Mon Mar 9 03:21:15 2009" />
+<tcpsequence index="257" difficulty="Good luck!" values="DFE24C02,2435D4C2,D9A70CAE,C342EFFB,E66ECA84,8B9BE70E" />
+<ipidsequence class="Incremental" values="785C,785D,785E,785F,7860,7861" />
+<tcptssequence class="2HZ" values="2BBC60,2BBC60,2BBC61,2BBC61,2BBC61,2BBC61" />
+<times srtt="208091" rttvar="5332" to="229419" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.11.94.39" addrtype="ipv4" />
+<hostnames><hostname name="qfjzctvd-326.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="995">
+<extrareasons reason="no-responses" count="994"/>
+<extrareasons reason="admin-prohibited" count="1"/>
+</extraports>
+<port protocol="tcp" portid="20"><state state="closed" reason="reset" reason_ttl="54"/><service name="ftp-data" method="table" conf="3" /></port>
+<port protocol="tcp" portid="21"><state state="closed" reason="reset" reason_ttl="54"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="500"><state state="closed" reason="reset" reason_ttl="54"/><service name="isakmp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1723"><state state="closed" reason="reset" reason_ttl="54"/><service name="pptp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<portused state="closed" proto="tcp" portid="20" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="89" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="88" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="Linux 2.6.25 (openSUSE 11.0)" accuracy="89" line="18343"/>
+<osmatch name="Linux 2.6.8 (x86)" accuracy="89" line="18997"/>
+<osmatch name="Linux 2.6.15 - 2.6.26" accuracy="88" line="15361"/>
+<osmatch name="Linux 2.6.20 (Ubuntu 7.04 server, x86)" accuracy="88" line="16603"/>
+<osmatch name="Thomson Symbio VoIP phone" accuracy="88" line="30687"/>
+<osmatch name="Linux 2.6.24 (Debian)" accuracy="87" line="18121"/>
+<osmatch name="Linux 2.6.22 (Debian 4.0)" accuracy="87" line="17368"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+<osmatch name="Linux 2.6.22" accuracy="85" line="17334"/>
+</os>
+<uptime seconds="2770769" lastboot="Sat Feb 21 14:48:46 2009" />
+<tcpsequence index="204" difficulty="Good luck!" values="EFF472AD,F021C3A9,F06213BD,F0494A45,F04882B0,EF838269" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="other" values="20B2E82F,20B2E842,20B2E856,20B2E86A,20B2E87F,20B2E893" />
+<times srtt="117185" rttvar="2867" to="128653" />
+</host>
+<host starttime="1238020527" endtime="1238023624"><status state="up" reason="echo-reply"/>
+<address addr="10.148.10.18" addrtype="ipv4" />
+<hostnames><hostname name="bzneg-467.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="228217" rttvar="83855" to="563637" />
+</host>
+<host starttime="1238020527" endtime="1238023605"><status state="up" reason="reset"/>
+<address addr="10.39.181.220" addrtype="ipv4" />
+<hostnames><hostname name="kfrjacts-262.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="997">
+<extrareasons reason="resets" count="997"/>
+</extraports>
+<port protocol="tcp" portid="646"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ldp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2222"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="100" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="100" />
+<osmatch name="Cisco 2821 router" accuracy="100" line="5341" />
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="100" line="5637" />
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="100" line="5694" />
+</os>
+<times srtt="210259" rttvar="4022" to="226347" />
+</host>
+<host starttime="1238020527" endtime="1238023624"><status state="up" reason="reset"/>
+<address addr="10.84.70.205" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="841">
+<extrareasons reason="resets" count="841"/>
+</extraports>
+<extraports state="filtered" count="159">
+<extrareasons reason="no-responses" count="159"/>
+</extraports>
+</ports>
+<os><portused state="closed" proto="tcp" portid="80" />
+<portused state="closed" proto="udp" portid="43499" />
+<osclass type="firewall" vendor="IronPort" osfamily="AsyncOS" osgen="6.X" accuracy="97" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="96" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="96" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="96" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="96" />
+<osclass type="storage-misc" vendor="Isilon" osfamily="OneFS" accuracy="96" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="96" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="96" />
+<osclass type="VoIP gateway" vendor="Netcomm" osfamily="embedded" accuracy="96" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="96" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="4.X" accuracy="94" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="94" />
+<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="92" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="5.X" accuracy="91" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="91" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" accuracy="91" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="91" />
+<osclass type="storage-misc" vendor="Panasas" osfamily="embedded" accuracy="91" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="90" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="2.X" accuracy="90" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.3.X" accuracy="90" />
+<osclass type="firewall" vendor="Barracuda Networks" osfamily="embedded" accuracy="90" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="90" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="90" />
+<osclass type="broadband router" vendor="Motorola" osfamily="embedded" accuracy="90" />
+<osmatch name="IronPort C150 email security appliance (AsyncOS 6.5.3)" accuracy="97" line="12650"/>
+<osmatch name="Apple iPod touch audio player (iPhone OS 1.1.2 - 1.1.4, Darwin 9.0.0d1)" accuracy="96" line="1630"/>
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="96" line="2173"/>
+<osmatch name="Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86)" accuracy="96" line="2432"/>
+<osmatch name="Apple Mac OS X 10.5.5 (Leopard) (Darwin 9.5.0)" accuracy="96" line="2607"/>
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="96" line="3561"/>
+<osmatch name="Isilon IQ 200 NAS device" accuracy="96" line="12667"/>
+<osmatch name="m0n0wall FreeBSD-based embedded firewall version 1.22 - 1.23b1" accuracy="96" line="19677"/>
+<osmatch name="Netcomm V300 VoIP gateway" accuracy="96" line="25294"/>
+<osmatch name="Netgear WGR614v7 wireless broadband router" accuracy="96" line="25534"/>
+</os>
+<distance value="17" />
+<times srtt="212850" rttvar="2744" to="223826" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.237.241.129" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="996">
+<extrareasons reason="no-responses" count="996"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="closed" reason="reset" reason_ttl="242"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="242"/><service name="telnet" method="table" conf="3" /></port>
+<port protocol="tcp" portid="179"><state state="closed" reason="reset" reason_ttl="242"/><service name="bgp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="646"><state state="closed" reason="reset" reason_ttl="242"/><service name="ldp" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="21" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="90" />
+<osclass type="VoIP phone" vendor="Polycom" osfamily="embedded" accuracy="90" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="87" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="87" />
+<osclass type="VoIP phone" vendor="Siemens" osfamily="embedded" accuracy="87" />
+<osclass type="WAP" vendor="Symbol" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="85" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="85" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="embedded" accuracy="85" />
+<osclass type="broadband router" vendor="Motorola" osfamily="embedded" accuracy="85" />
+<osmatch name="HP Brocade 1600 switch" accuracy="90" line="10473"/>
+<osmatch name="Polycom SoundPoint 501 IP phone" accuracy="90" line="27269"/>
+<osmatch name="ZyXEL ZyWALL 2 or Prestige 660HW-61 ADSL router (ZyNOS 3.62)" accuracy="87" line="31455"/>
+<osmatch name="ZyXEL Prestige 660HW-61 ADSL router (ZyNOS 3.40)" accuracy="87" line="31523"/>
+<osmatch name="Siemens HiPath optiPoint 400 VoIP phone" accuracy="87" line="28684"/>
+<osmatch name="ZyXEL Prestige 660HW-D1 wireless ADSL router" accuracy="86" line="31540"/>
+<osmatch name="Symbol WS5000 wireless switch" accuracy="86" line="30331"/>
+<osmatch name="Linksys WRT54G or WRT54G2, or Netgear WGR614 or WPN824v2 wireless broadband router" accuracy="85" line="13929"/>
+<osmatch name="SonicWALL TZ 170 Unlimited firewall" accuracy="85" line="29102"/>
+<osmatch name="Motorola SURFboard 5100i cable modem" accuracy="85" line="24838"/>
+</os>
+<tcpsequence index="17" difficulty="Good luck!" values="802D24AF,802E1EAF,803012AF,80310CAF,803206AF,803300AF" />
+<ipidsequence class="Busy server or unknown class" values="4220,4221,4222,4223,4230,423D" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="328035" rttvar="16042" to="392203" />
+</host>
+<host starttime="1238020527" endtime="1238023605"><status state="up" reason="reset"/>
+<address addr="10.94.125.247" addrtype="ipv4" />
+<hostnames><hostname name="axlrp-40.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="989">
+<extrareasons reason="resets" count="989"/>
+</extraports>
+<port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1080"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="socks" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2001"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="dc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3128"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="squid-http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8080"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-proxy" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8081"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="blackice-icecap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="cslistener" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="35921" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="media device" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="100" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="100" />
+<osmatch name="HP ProLiant BL p-Class C-Gbe2 switch" accuracy="100" line="10716" />
+<osmatch name="Netgear EVA700 Digital Entertainer set top box" accuracy="100" line="25414" />
+<osmatch name="Teltronics NET-PATH intrusion detection system" accuracy="100" line="30560" />
+<osmatch name="ZyXEL ZyWALL 10W firewall (ZyNOS 3.62)" accuracy="100" line="31437" />
+<osmatch name="ZyXEL ZyWALL 2 or Prestige 660HW-61 ADSL router (ZyNOS 3.62)" accuracy="100" line="31455" />
+<osmatch name="ZyXEL ZyWALL 70 firewall (ZyNOS 3.65)" accuracy="100" line="31472" />
+<osmatch name="ZyXEL Prestige 660HW-61 ADSL router (ZyNOS 3.40)" accuracy="100" line="31523" />
+<osmatch name="ZyXEL Prestige 660HW-D1 wireless ADSL router" accuracy="100" line="31540" />
+</os>
+<distance value="22" />
+<times srtt="191005" rttvar="3346" to="204389" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.159.62.117" addrtype="ipv4" />
+<hostnames><hostname name="crtkxbefa-121.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="4567"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="4567" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="switch" vendor="Nortel" osfamily="embedded" accuracy="86" />
+<osclass type="storage-misc" vendor="Sun" osfamily="embedded" accuracy="86" />
+<osclass type="router" vendor="Nortel" osfamily="embedded" accuracy="85" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="HP 4000M ProCurve switch (J4121A)" accuracy="87" line="10422"/>
+<osmatch name="Nortel 5520 Ethernet Routing Switch" accuracy="86" line="26084"/>
+<osmatch name="Sun StorageTek 6140 NAS device" accuracy="86" line="29480"/>
+<osmatch name="Nortel 5530 Ethernet Routing Switch" accuracy="85" line="26064"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<uptime seconds="456427" lastboot="Fri Mar 20 10:41:08 2009" />
+<tcpsequence index="153" difficulty="Good luck!" values="2B29B736,2B2D2567,2B2E9D0F,2B3012D1,2B316A3B,2B32CD3A" />
+<ipidsequence class="Incremental" values="D1E3,D1E4,D1E5,D1E6,D1E7,D1E8" />
+<tcptssequence class="2HZ" values="DED2F,DED30,DED30,DED30,DED30,DED30" />
+<times srtt="110574" rttvar="2654" to="121190" />
+</host>
+<host starttime="1238020527" endtime="1238023694"><status state="up" reason="reset"/>
+<address addr="10.252.183.253" addrtype="ipv4" />
+<hostnames><hostname name="wpntxv-442.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="993">
+<extrareasons reason="resets" count="993"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1110"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3260"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="iscsi" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3261"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="iscsi" product="StarWind iSCSI" version="3.2.3 build 20070527" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="19780"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="50300"><state state="open" reason="syn-ack" reason_ttl="109"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="1110" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="33891" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="89" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="87" />
+<osmatch name="Microsoft Windows XP SP2" accuracy="89" line="23991"/>
+<osmatch name="Microsoft Windows Server 2003 SP0 or Windows XP SP2" accuracy="87" line="20773"/>
+<osmatch name="Microsoft Windows XP SP3" accuracy="87" line="24340"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (French)" accuracy="86" line="22909"/>
+<osmatch name="Microsoft Windows Server 2003 SP1 or SP2" accuracy="85" line="21130"/>
+<osmatch name="Microsoft Windows Server 2003 SP2" accuracy="85" line="21181"/>
+</os>
+<distance value="16" />
+<tcpsequence index="260" difficulty="Good luck!" values="5D21CEF1,3CE95A99,B5BC61E0,10653775,93BC9D23,EED5E57A" />
+<ipidsequence class="Incremental" values="BFC5,BFC6,BFC7,BFC9,BFCA,BFCB" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="252564" rttvar="5630" to="275084" />
+</host>
+<host starttime="1238020527" endtime="1238023624"><status state="up" reason="reset"/>
+<address addr="10.97.106.173" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4242"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4662"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="edonkey" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="upnp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6346"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="gnutella" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="telecom-misc" vendor="Avaya" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="96" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="96" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="96" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="95" />
+<osclass type="storage-misc" vendor="Buffalo" osfamily="embedded" accuracy="95" />
+<osclass type="firewall" vendor="Check Point" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Cisco-Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="95" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="specialized" vendor="Infoblox" osfamily="NIOS" osgen="4.X" accuracy="95" />
+<osclass type="firewall" vendor="IPCop" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="firewall" vendor="IronPort" osfamily="AsyncOS" osgen="6.X" accuracy="95" />
+<osclass type="storage-misc" vendor="Isilon" osfamily="OneFS" accuracy="95" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="Linksys" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="broadband router" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="95" />
+<osmatch name="Avaya Communication Manager (Linux 2.6.11)" accuracy="96" line="3060"/>
+<osmatch name="Check Point ZoneAlarm Z100G firewall" accuracy="96" line="4511"/>
+<osmatch name="HP OpenVMS 7.3-1" accuracy="96" line="11189"/>
+<osmatch name="ISS Proventia GX3002C firewall (Linux 2.4.18)" accuracy="96" line="12702"/>
+<osmatch name="Linux 2.6.18 (CentOS 5, x86_64, SMP)" accuracy="96" line="16017"/>
+<osmatch name="Linux 2.6.20-gentoo-r8 (Gentoo, x86, SMP)" accuracy="96" line="16706"/>
+<osmatch name="Linux 10.66.62.154-32.fc6 (x86, SMP)" accuracy="96" line="17726"/>
+<osmatch name="Linux 2.6.24 (Debian)" accuracy="96" line="18121"/>
+<osmatch name="Linux 2.6.26" accuracy="96" line="18429"/>
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="95" line="665"/>
+</os>
+<times srtt="325148" rttvar="6450" to="350948" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.210.134.64" addrtype="ipv4" />
+<hostnames><hostname name="dracgiems-913.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="962">
+<extrareasons reason="resets" count="962"/>
+</extraports>
+<extraports state="filtered" count="37">
+<extrareasons reason="no-responses" count="37"/>
+</extraports>
+<port protocol="tcp" portid="50001"><state state="open" reason="syn-ack" reason_ttl="245"/><service name="http" product="2Wire HomePortal http config" devicetype="broadband router" tunnel="ssl" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="50001" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="35877" />
+<osclass type="WAP" vendor="2Wire" osfamily="embedded" accuracy="91" />
+<osclass type="general purpose" vendor="HP" osfamily="HP-UX" osgen="11.X" accuracy="88" />
+<osmatch name="2Wire 1701HG wireless ADSL modem" accuracy="91" line="50"/>
+<osmatch name="2Wire 2700HG, 2700HG-B, 2701HG-B, or RG2701HG wireless ADSL modem" accuracy="90" line="87"/>
+<osmatch name="HP HP-UX B.11.31" accuracy="88" line="10913"/>
+<osmatch name="2Wire Shasta wireless broadband router" accuracy="85" line="122"/>
+</os>
+<uptime seconds="27389" lastboot="Wed Mar 25 09:51:46 2009" />
+<distance value="12" />
+<tcpsequence index="153" difficulty="Good luck!" values="D06D4A50,D06E40B4,D06F471B,D0707D81,D07173E6,D0746A4A" />
+<ipidsequence class="Incremental" values="B9D5,B9D6,B9D7,B9D8,B9D9,B9DA" />
+<tcptssequence class="1000HZ" values="1A0A650,1A0A6B4,1A0A71B,1A0A781,1A0A7E6,1A0A84A" />
+<times srtt="119304" rttvar="2184" to="128040" />
+</host>
+<host starttime="1238020527" endtime="1238023605"><status state="up" reason="reset"/>
+<address addr="10.231.222.23" addrtype="ipv4" />
+<hostnames><hostname name="elokstm-701.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="691">
+<extrareasons reason="resets" count="691"/>
+</extraports>
+<extraports state="filtered" count="309">
+<extrareasons reason="no-responses" count="309"/>
+</extraports>
+</ports>
+<os><portused state="closed" proto="tcp" portid="3" />
+<osclass type="bridge" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2008" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="100" />
+<osclass type="broadband router" vendor="Solwise" osfamily="embedded" accuracy="100" />
+</os>
+<times srtt="87551" rttvar="1829" to="100000" />
+</host>
+<host starttime="1238020527" endtime="1238023605"><status state="up" reason="reset"/>
+<address addr="10.186.25.245" addrtype="ipv4" />
+<hostnames><hostname name="szajckt-621.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="982">
+<extrareasons reason="resets" count="982"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ssh" method="table" conf="3" /></port>
+<port protocol="tcp" portid="42"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="nameserver" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="179"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="bgp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1023"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netvenuechat" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1433"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2967"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="symantec-av" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3306"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="mysql" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4899"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="radmin" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6101"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="backupexec" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6129"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9898"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="10000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="snet-sensor-mgmt" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="general purpose" vendor="Cobalt" osfamily="Linux" osgen="2.0.X" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="media device" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="100" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="100" />
+</os>
+<times srtt="90261" rttvar="2710" to="101101" />
+</host>
+<host starttime="1238020527" endtime="1238023624"><status state="up" reason="echo-reply"/>
+<address addr="10.151.8.116" addrtype="ipv4" />
+<hostnames><hostname name="twkmzuqoe-581.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="999"/>
+<extrareasons reason="port-unreach" count="1"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="250073" rttvar="76113" to="554525" />
+</host>
+<host starttime="1238020527" endtime="1238023624"><status state="up" reason="echo-reply"/>
+<address addr="10.165.44.177" addrtype="ipv4" />
+<hostnames><hostname name="ntuhsb-272.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="274180" rttvar="101311" to="679424" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.157.26.46" addrtype="ipv4" />
+<hostnames><hostname name="zsjhwl-125.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="245"/><service name="ssh" product="Cisco SSH" version="1.25" extrainfo="protocol 1.5" ostype="IOS" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<osclass type="firewall" vendor="Cisco" osfamily="PIX OS" osgen="6.X" accuracy="89" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="88" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="4.X" accuracy="87" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="6.X" accuracy="87" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="7.X" accuracy="86" />
+<osclass type="switch" vendor="Cisco" osfamily="CatOS" osgen="8.X" accuracy="86" />
+<osclass type="WAP" vendor="D-Link" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="TRENDnet" osfamily="embedded" accuracy="86" />
+<osclass type="VoIP adapter" vendor="Sipura" osfamily="embedded" accuracy="86" />
+<osclass type="switch" vendor="Extreme Networks" osfamily="ExtremeWare" osgen="7.X" accuracy="86" />
+<osclass type="switch" vendor="Allied Telesyn" osfamily="embedded" accuracy="85" />
+<osmatch name="Cisco PIX firewall (PIX OS 6.3(5))" accuracy="89" line="5943"/>
+<osmatch name="HP ProLiant BL p-Class C-Gbe2 switch" accuracy="88" line="10716"/>
+<osmatch name="Cisco Catalyst WS-C5000 switch (CatOS 4.5(1))" accuracy="87" line="4633"/>
+<osmatch name="Cisco Catalyst WS-C6509 switch (CatOS 6.3)" accuracy="87" line="4650"/>
+<osmatch name="Cisco Catalyst 4003, 4006, or 6509 switch (CatOS 7.6(17) - 8.4(3))" accuracy="86" line="4669"/>
+<osmatch name="D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP" accuracy="86" line="6528"/>
+<osmatch name="Sipura SPA-3000 VoIP adapter" accuracy="86" line="28840"/>
+<osmatch name="Extreme Networks Summit48si switch (ExtremeWare 7.6)" accuracy="86" line="7649"/>
+<osmatch name="Allied Telesyn AT-9448Ts/XP switch" accuracy="85" line="1183"/>
+</os>
+<tcpsequence index="258" difficulty="Good luck!" values="3ACF3518,3204186F,2909F6E9,E5936D83,FD97B49C,BCF24222" />
+<ipidsequence class="Incremental" values="E56D,E56E,E56F,E570,E571,E572" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="84919" rttvar="3106" to="100000" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.66.63.252" addrtype="ipv4" />
+<hostnames><hostname name="txnmrw-353.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="998">
+<extrareasons reason="no-responses" count="998"/>
+</extraports>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="sip" product="AVM FRITZ!Box WLAN 7170" version="(UI) 29.04.67 (Nov 21 2008)" devicetype="VoIP adapter" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="54"/><service name="upnp" product="Microsoft Windows UPnP" ostype="Windows" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="5060" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="89" />
+<osclass type="general purpose" vendor="Linksys" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="89" />
+<osclass type="general purpose" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="88" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="88" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="88" />
+<osclass type="broadband router" vendor="Linksys" osfamily="embedded" accuracy="88" />
+<osclass type="firewall" vendor="NetworksAOK" osfamily="embedded" accuracy="87" />
+<osclass type="storage-misc" vendor="Buffalo" osfamily="embedded" accuracy="86" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="Acorp" osfamily="embedded" accuracy="85" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="85" />
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="89" line="665"/>
+<osmatch name="AVM Fritz!Box FON WLAN 7170 WAP" accuracy="89" line="3100"/>
+<osmatch name="Linux 2.4.20" accuracy="89" line="14001"/>
+<osmatch name="Linux 2.6.24 (Ubuntu 8.04, x86)" accuracy="89" line="18240"/>
+<osmatch name="MontaVista embedded Linux 2.4.17" accuracy="88" line="24750"/>
+<osmatch name="Telkom Mega 100 WR DSL modem (MontaVista embedded Linux 2.4.17)" accuracy="88" line="30526"/>
+<osmatch name="Thomson Symbio VoIP phone" accuracy="88" line="30687"/>
+<osmatch name="Linksys WRV200 wireless broadband router" accuracy="88" line="13579"/>
+<osmatch name="Linux 2.6.20 (Ubuntu 7.04 server, x86)" accuracy="88" line="16603"/>
+<osmatch name="HP 4000M ProCurve switch (J4121A)" accuracy="87" line="10422"/>
+</os>
+<uptime seconds="2787130" lastboot="Sat Feb 21 10:16:05 2009" />
+<tcpsequence index="206" difficulty="Good luck!" values="213CF6C7,212E7D8D,20ABFF23,2116B38D,21777682,207C3C27" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="109CB1F0,109CB1FB,109CB205,109CB20F,109CB219,109CB223" />
+<times srtt="237757" rttvar="3190" to="250517" />
+</host>
+<host starttime="1238020527" endtime="1238023605"><status state="up" reason="echo-reply"/>
+<address addr="10.96.156.60" addrtype="ipv4" />
+<hostnames><hostname name="skdwjp-884.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os><osclass type="broadband router" vendor="D-Link" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="SMC" osfamily="embedded" accuracy="100" />
+<osclass type="specialized" vendor="Digi" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="Foundry" osfamily="embedded" accuracy="100" />
+<osclass type="proxy server" vendor="Foundry" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="Foundry" osfamily="IronWare" osgen="2.X" accuracy="100" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="100" />
+<osclass type="remote management" vendor="HP" osfamily="iLO" accuracy="100" />
+<osclass type="general purpose" vendor="IBM" osfamily="OS/400" osgen="V5" accuracy="100" />
+<osclass type="general purpose" vendor="IBM" osfamily="z/OS" accuracy="100" />
+<osclass type="general purpose" vendor="IBM" osfamily="z/VM" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osclass type="specialized" vendor="Raritan" osfamily="embedded" accuracy="100" />
+<osclass type="media device" vendor="Sagem Communication" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="Symbol" osfamily="embedded" accuracy="100" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="100" />
+<osclass type="router" vendor="USRobotics" osfamily="embedded" accuracy="100" />
+</os>
+<times srtt="212392" rttvar="135696" to="755176" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.181.218.66" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="222"><state state="open" reason="syn-ack" reason_ttl="185"/><service name="rsh-spx" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8080"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-proxy" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="222" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="38365" />
+</os>
+<distance value="20" />
+<tcpsequence index="45" difficulty="Good luck!" values="BC5CFA0A,BC65C40A,BCC5780A,BCC9600A,BCEA940A,BCF16A0A" />
+<ipidsequence class="Random positive increments" values="BE74,C84A,E5C6,E5C8,EF82,EF84" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="1052043" rttvar="130696" to="1250000" />
+</host>
+<host starttime="1238020527" endtime="1238023605"><status state="up" reason="reset"/>
+<address addr="10.156.30.100" addrtype="ipv4" />
+<hostnames><hostname name="uckos-452.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="554"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rtsp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1434"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="ms-sql-m" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="admin-prohibited" reason_ttl="247" reason_ip="10.94.9.40"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="7070"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="realserver" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="100" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="broadband router" vendor="Motorola" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="Neuf" osfamily="embedded" accuracy="100" />
+<osclass type="VoIP phone" vendor="Polycom" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="SonicOS" osgen="2.X" accuracy="100" />
+</os>
+<times srtt="96347" rttvar="2708" to="107179" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="syn-ack"/>
+<address addr="10.137.81.38" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="53"/><service name="http" product="APC switched rack PDU http config" extrainfo="Allegro embedded httpd 4.04" devicetype="power-device" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="80" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="95" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="87" />
+<osclass type="power-device" vendor="APC" osfamily="AOS" osgen="3.X" accuracy="85" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="2.X" accuracy="85" />
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="95" line="8449"/>
+<osmatch name="Apple AirPort Extreme WAP v7.3.2" accuracy="87" line="1612"/>
+<osmatch name="APC Network Management Card (AOS 3.3.5)" accuracy="85" line="1410"/>
+<osmatch name="Apple iPod touch audio player (iPhone OS 2.1)" accuracy="85" line="1759"/>
+</os>
+<uptime seconds="2994902" lastboot="Thu Feb 19 00:33:13 2009" />
+<tcpsequence index="261" difficulty="Good luck!" values="7D02ABB2,84864E08,7B87DA56,A9BEDD5F,B6C9F7D4,4CCDF345" />
+<ipidsequence class="Incremental" values="37A2,37A3,37A4,37A5,37A6,37A7" />
+<tcptssequence class="1000HZ" values="B2814D2E,B2814D92,B2814DF6,B2814E5A,B2814EBE,B2814F22" />
+<times srtt="88289" rttvar="11597" to="134677" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.188.46.230" addrtype="ipv4" />
+<hostnames><hostname name="xbzpqkvw-255.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="telnet" product="Cisco or Edge-core switch telnetd" devicetype="switch" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="25"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5004"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5060"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="sip" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="33959" />
+<osclass type="phone" vendor="Nokia" osfamily="Symbian OS" accuracy="88" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="86" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="85" />
+<osclass type="switch" vendor="Allied Telesyn" osfamily="embedded" accuracy="85" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="85" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="85" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="85" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="85" />
+<osmatch name="Nokia N81 mobile phone (Symbian OS)" accuracy="88" line="26028"/>
+<osmatch name="ZyXEL ZyWALL 10W firewall (ZyNOS 3.62)" accuracy="86" line="31437"/>
+<osmatch name="Apple AirPort Extreme WAP v7.3.2" accuracy="85" line="1612"/>
+<osmatch name="Allied Telesyn Rapier G6 switch" accuracy="85" line="1217"/>
+<osmatch name="HP ProLiant BL p-Class C-Gbe2 switch" accuracy="85" line="10716"/>
+<osmatch name="Cisco Catalyst 1900 Switch, Software v9.00.03" accuracy="85" line="4929"/>
+<osmatch name="Lantronix XPort-03 embedded serial device server (firmware 1.80)" accuracy="85" line="13161"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="85" line="8449"/>
+</os>
+<distance value="18" />
+<tcpsequence index="18" difficulty="Good luck!" values="8B27,8B30,8B3A,8B44,8B4E,8B58" />
+<ipidsequence class="Incremental" values="19D,19E,19F,1A0,1A1,1A2" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="209194" rttvar="883" to="212726" />
+</host>
+<host starttime="1238020527" endtime="1238023624"><status state="up" reason="reset"/>
+<address addr="10.228.201.235" addrtype="ipv4" />
+<hostnames><hostname name="uweimhflr-969.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+</os>
+<times srtt="161755" rttvar="4716" to="180619" />
+</host>
+<host starttime="1238020527" endtime="1238023605"><status state="up" reason="echo-reply"/>
+<address addr="10.253.52.142" addrtype="ipv4" />
+<hostnames><hostname name="ysqxnovik-508.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="1503"><state state="closed" reason="reset" reason_ttl="53"/><service name="imtc-mcs" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1503" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="100" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="broadband router" vendor="Motorola" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="Neuf" osfamily="embedded" accuracy="100" />
+<osclass type="VoIP phone" vendor="Polycom" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="SonicWALL" osfamily="SonicOS" osgen="2.X" accuracy="100" />
+</os>
+<times srtt="129712" rttvar="991" to="133676" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="syn-ack"/>
+<address addr="10.196.172.89" addrtype="ipv4" />
+<hostnames><hostname name="cdgzhwik-216.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="995">
+<extrareasons reason="no-responses" count="995"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="ftp" product="Dreambox ftpd" ostype="Linux" devicetype="media device" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="http" product="Dreambox httpd" devicetype="media device" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="48"/><service name="sip" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8080"><state state="closed" reason="reset" reason_ttl="47"/><service name="http-proxy" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8089"><state state="open" reason="syn-ack" reason_ttl="48"/><service name="upnp" product="Microsoft Windows UPnP" ostype="Windows" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="8080" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="88" />
+<osclass type="VoIP phone" vendor="Thomson" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="85" />
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="88" line="8449"/>
+<osmatch name="Thomson Symbio VoIP phone" accuracy="86" line="30687"/>
+<osmatch name="Linux 2.6.9 - 2.6.24" accuracy="85" line="19279"/>
+</os>
+<uptime seconds="980560" lastboot="Sat Mar 14 09:05:35 2009" />
+<tcpsequence index="185" difficulty="Good luck!" values="999E5F77,997AABE6,994F6F8A,996BD1C1,99655158,998DFAB5" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="1000HZ" values="3A70E21E,3A70E27F,3A70E2E4,3A70E348,3A70E3AC,3A70E414" />
+<times srtt="210824" rttvar="2347" to="220212" />
+</host>
+<host starttime="1238020527" endtime="1238023665"><status state="up" reason="syn-ack"/>
+<address addr="10.205.3.4" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="994">
+<extrareasons reason="no-responses" count="994"/>
+</extraports>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1723"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="pptp" product="DrayTek" version="(Firmware: 1)" hostname="tfwvcq-611.example.com" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="8080"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="8081"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="blackice-icecap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="8083"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="8084"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="tcpwrapped" tunnel="ssl" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="80" />
+<portused state="closed" proto="udp" portid="42905" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="94" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="92" />
+<osclass type="WAP" vendor="D-Link" osfamily="embedded" accuracy="91" />
+<osclass type="WAP" vendor="TRENDnet" osfamily="embedded" accuracy="91" />
+<osclass type="webcam" vendor="Sony" osfamily="embedded" accuracy="91" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="89" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="89" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="89" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="88" />
+<osclass type="PBX" vendor="Vodavi" osfamily="embedded" accuracy="87" />
+<osclass type="webcam" vendor="D-Link" osfamily="embedded" accuracy="87" />
+<osclass type="router" vendor="Linksys" osfamily="embedded" accuracy="87" />
+<osclass type="media device" vendor="Denon" osfamily="embedded" accuracy="87" />
+<osclass type="WAP" vendor="Planet" osfamily="embedded" accuracy="87" />
+<osclass type="broadband router" vendor="Solwise" osfamily="embedded" accuracy="87" />
+<osclass type="phone" vendor="Nokia" osfamily="Symbian OS" accuracy="86" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="86" />
+<osclass type="switch" vendor="3Com" osfamily="embedded" accuracy="85" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="85" />
+<osclass type="general purpose" vendor="Novell" osfamily="NetWare" osgen="4.X" accuracy="85" />
+<osmatch name="ZyXEL ZyWALL 2 or Prestige 660HW-61 ADSL router (ZyNOS 3.62)" accuracy="94" line="31455"/>
+<osmatch name="ZyXEL Prestige 660HW-D1 wireless ADSL router" accuracy="92" line="31540"/>
+<osmatch name="ZyXEL ZyWALL 10W firewall (ZyNOS 3.62)" accuracy="92" line="31437"/>
+<osmatch name="D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP" accuracy="91" line="6528"/>
+<osmatch name="Sony PCS-TL30 video conferencing system" accuracy="91" line="29394"/>
+<osmatch name="Cisco Catalyst 1900 Switch, Software v9.00.03" accuracy="89" line="4929"/>
+<osmatch name="HP ProLiant BL p-Class C-Gbe2 switch" accuracy="89" line="10716"/>
+<osmatch name="Teltronics NET-PATH intrusion detection system" accuracy="89" line="30560"/>
+<osmatch name="ZyXEL Prestige 660HW-61 ADSL router (ZyNOS 3.40)" accuracy="89" line="31523"/>
+<osmatch name="ZyXEL ZyWALL 70 firewall (ZyNOS 3.65)" accuracy="89" line="31472"/>
+</os>
+<distance value="14" />
+<ipidsequence class="Incremental" values="1BBD,1BBE,1BC0" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="226826" rttvar="3407" to="240454" />
+</host>
+<host starttime="1238020527" endtime="1238023624"><status state="up" reason="reset"/>
+<address addr="10.47.131.205" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="999">
+<extrareasons reason="resets" count="999"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="telecom-misc" vendor="Avaya" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="96" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="96" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="96" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="96" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="95" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="95" />
+<osclass type="storage-misc" vendor="Buffalo" osfamily="embedded" accuracy="95" />
+<osclass type="firewall" vendor="Check Point" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Cisco-Linksys" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="95" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="95" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="95" />
+<osclass type="specialized" vendor="Infoblox" osfamily="NIOS" osgen="4.X" accuracy="95" />
+<osclass type="firewall" vendor="IPCop" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="firewall" vendor="IronPort" osfamily="AsyncOS" osgen="6.X" accuracy="95" />
+<osclass type="storage-misc" vendor="Isilon" osfamily="OneFS" accuracy="95" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="95" />
+<osclass type="general purpose" vendor="Linksys" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="95" />
+<osclass type="broadband router" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="95" />
+<osmatch name="Avaya Communication Manager (Linux 2.6.11)" accuracy="96" line="3060"/>
+<osmatch name="Check Point ZoneAlarm Z100G firewall" accuracy="96" line="4511"/>
+<osmatch name="HP OpenVMS 7.3-1" accuracy="96" line="11189"/>
+<osmatch name="ISS Proventia GX3002C firewall (Linux 2.4.18)" accuracy="96" line="12702"/>
+<osmatch name="Linux 2.6.18 (CentOS 5, x86_64, SMP)" accuracy="96" line="16017"/>
+<osmatch name="Linux 2.6.20-gentoo-r8 (Gentoo, x86, SMP)" accuracy="96" line="16706"/>
+<osmatch name="Linux 10.66.62.154-32.fc6 (x86, SMP)" accuracy="96" line="17726"/>
+<osmatch name="Linux 2.6.24 (Debian)" accuracy="96" line="18121"/>
+<osmatch name="Linux 2.6.26" accuracy="96" line="18429"/>
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="95" line="665"/>
+</os>
+<times srtt="323436" rttvar="2214" to="332292" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="syn-ack"/>
+<address addr="10.2.53.130" addrtype="ipv4" />
+<hostnames><hostname name="sqeirug-465.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="telnet" product="Conexant Access Runner adsl router telnetd" devicetype="router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="http" product="Home Gateway router http config" extrainfo="runs WindWeb 2.0" devicetype="broadband router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="30352" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="90" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="90" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="VoIP phone" vendor="Polycom" osfamily="embedded" accuracy="87" />
+<osmatch name="Linksys WRT54G or WRT54G2, or Netgear WGR614 or WPN824v2 wireless broadband router" accuracy="90" line="13929"/>
+<osmatch name="HP Brocade 1600 switch" accuracy="87" line="10473"/>
+<osmatch name="Polycom SoundPoint 501 IP phone" accuracy="87" line="27269"/>
+<osmatch name="Linksys WRT54G v8 wireless broadband router" accuracy="85" line="13947"/>
+</os>
+<uptime seconds="100413" lastboot="Tue Mar 24 13:34:42 2009" />
+<distance value="15" />
+<tcpsequence index="25" difficulty="Good luck!" values="76F9E7BD,76FAE1BD,76FDCFBD,76FEC9BD,76FFC3BD,7700BDBD" />
+<ipidsequence class="Incremental" values="DA1A,DA1C,DA1E,DA20,DA24,DA26" />
+<tcptssequence class="2HZ" values="30FD3,30FD3,30FD4,30FD4,30FD4,30FD4" />
+<times srtt="196830" rttvar="9599" to="235226" />
+</host>
+<host starttime="1238020527" endtime="1238023641"><status state="up" reason="reset"/>
+<address addr="10.27.38.204" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="846">
+<extrareasons reason="no-responses" count="846"/>
+</extraports>
+<extraports state="closed" count="154">
+<extrareasons reason="resets" count="154"/>
+</extraports>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="general purpose" vendor="Cobalt" osfamily="Linux" osgen="2.0.X" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="media device" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="100" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="100" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="100" />
+</os>
+<times srtt="180171" rttvar="3484" to="194107" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="echo-reply"/>
+<address addr="10.244.249.136" addrtype="ipv4" />
+<hostnames><hostname name="akorb-729.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="107911" rttvar="66518" to="373983" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="reset"/>
+<address addr="10.18.191.9" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="161"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="snmp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1433"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4899"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="radmin" method="table" conf="3" /></port>
+<port protocol="tcp" portid="7070"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="realserver" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Avaya" osfamily="embedded" accuracy="88" />
+<osclass type="broadband router" vendor="Motorola" osfamily="VxWorks" osgen="5.X" accuracy="88" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="87" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="87" />
+<osclass type="firewall" vendor="NetworksAOK" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="87" />
+<osclass type="VoIP gateway" vendor="Avaya" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="86" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="86" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="86" />
+<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="86" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="86" />
+<osmatch name="Cisco 2821 router" accuracy="89" line="5341"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="89" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="89" line="5694"/>
+<osmatch name="Avaya P580 switch running Cajun Switch Agent v5.4.2" accuracy="88" line="2941"/>
+<osmatch name="Avaya P880 switch running Cajun Switch Agent v5.3.2" accuracy="88" line="2958"/>
+<osmatch name="Motorola SURFboard SB3100 cable modem (VxWorks 5.3)" accuracy="88" line="24924"/>
+<osmatch name="Linksys WRT54G v8 wireless broadband router" accuracy="87" line="13947"/>
+<osmatch name="Microsoft Windows XP Home SP1 (French)" accuracy="87" line="22547"/>
+<osmatch name="NetworksAOK network monitoring applicance" accuracy="87" line="25712"/>
+<osmatch name="Nokia firewall (IPSO 4.1Build19)" accuracy="87" line="25867"/>
+</os>
+<times srtt="91674" rttvar="5635" to="114214" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="syn-ack"/>
+<address addr="10.4.89.234" addrtype="ipv4" />
+<hostnames><hostname name="ucyfgqrsa-296.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="994">
+<extrareasons reason="resets" count="994"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="telnet" product="Cisco router" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="238"/><service name="http" product="Cisco IOS administrative httpd" ostype="IOS" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="43086" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="96" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="94" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="90" />
+<osclass type="broadband router" vendor="Cisco" osfamily="embedded" accuracy="87" />
+<osclass type="VoIP adapter" vendor="Sipura" osfamily="embedded" accuracy="86" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="85" />
+<osmatch name="Cisco 2821 router" accuracy="96" line="5341"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="94" line="5637"/>
+<osmatch name="Cisco 3560G switch (IOS 12.2)" accuracy="92" line="5620"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="91" line="5694"/>
+<osmatch name="Cisco Catalyst 1900 Switch, Software v9.00.03" accuracy="90" line="4929"/>
+<osmatch name="Cisco Catalyst 3500 XL switch (IOS 12.0)" accuracy="88" line="5747"/>
+<osmatch name="Cisco 1250 WAP, or 1811 or 2800 router (IOS 12.4)" accuracy="87" line="5219"/>
+<osmatch name="Cisco 827H ADSL router" accuracy="87" line="4738"/>
+</os>
+<distance value="23" />
+<tcpsequence index="263" difficulty="Good luck!" values="DEF885B8,63CADB82,6C7D3D48,A0B03E44,9B3CF9C3,82FCF6F2" />
+<ipidsequence class="Randomized" values="CEE3,D628,63A6,4C07,4379,1B53" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="100965" rttvar="1781" to="108089" />
+</host>
+<host starttime="1238020527" endtime="1238023641"><status state="up" reason="reset"/>
+<address addr="10.62.250.133" addrtype="ipv4" />
+<hostnames><hostname name="rcjdgszo-61.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="999">
+<extrareasons reason="resets" count="999"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="31016" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osmatch name="Apple iPod touch audio player (iPhone OS 1.1.2 - 1.1.4, Darwin 9.0.0d1)" accuracy="100" line="1630" />
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="100" line="2173" />
+<osmatch name="Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86)" accuracy="100" line="2432" />
+<osmatch name="Apple Mac OS X 10.5.5 (Leopard) (Darwin 9.5.0)" accuracy="100" line="2607" />
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="100" line="3561" />
+<osmatch name="m0n0wall FreeBSD-based embedded firewall version 1.22 - 1.23b1" accuracy="100" line="19677" />
+<osmatch name="Netgear WGR614v7 wireless broadband router" accuracy="100" line="25534" />
+</os>
+<distance value="12" />
+<times srtt="105000" rttvar="6033" to="129132" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.47.94.15" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="244"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="244"/><service name="telnet" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="646"><state state="open" reason="syn-ack" reason_ttl="244"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<portused state="closed" proto="tcp" portid="1" />
+<osclass type="broadband router" vendor="Efficient Networks" osfamily="embedded" accuracy="86" />
+<osmatch name="Efficient Networks 5930 ADSL router" accuracy="86" line="7399"/>
+</os>
+<tcpsequence index="12" difficulty="Worthy challenge" values="DC7AD62,DC8A762,DC9A162,DCB9562,DCC8F62,DCD8962" />
+<ipidsequence class="Incremental" values="AF66,AF67,AF6C,AF72,AF78,AF7E" />
+<tcptssequence class="2HZ" values="87EFA21,87EFA21,87EFA21,87EFA22,87EFA22,87EFA22" />
+<times srtt="293246" rttvar="1458" to="299078" />
+</host>
+<host starttime="1238020527" endtime="1238023641"><status state="up" reason="echo-reply"/>
+<address addr="10.122.179.196" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="956">
+<extrareasons reason="resets" count="956"/>
+</extraports>
+<extraports state="filtered" count="44">
+<extrareasons reason="no-responses" count="44"/>
+</extraports>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="32195" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="100" />
+<osclass type="media device" vendor="Motorola" osfamily="Windows" osgen="PocketPC/CE" accuracy="100" />
+</os>
+<distance value="12" />
+<times srtt="273314" rttvar="1190" to="278074" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.252.121.17" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="989">
+<extrareasons reason="resets" count="989"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="236"/><service name="telnet" product="Cisco router" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1045"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1046"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1047"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1433"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-s" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1434"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="ms-sql-m" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="99" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="91" />
+<osclass type="broadband router" vendor="Cisco" osfamily="embedded" accuracy="87" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="85" />
+<osmatch name="Cisco 3560G switch (IOS 12.2)" accuracy="99" line="5620"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="96" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="96" line="5694"/>
+<osmatch name="Cisco Catalyst 3500 XL switch (IOS 12.0)" accuracy="92" line="5747"/>
+<osmatch name="Cisco 2821 router" accuracy="91" line="5341"/>
+</os>
+<tcpsequence index="259" difficulty="Good luck!" values="AC23DB1F,D9E038F1,AC093319,2E6F8B0E,DD87AE3B,440364E1" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="199573" rttvar="1630" to="206093" />
+</host>
+<host starttime="1238020527" endtime="1238023641"><status state="up" reason="reset"/>
+<address addr="10.121.150.154" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="981">
+<extrareasons reason="resets" count="981"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1000"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="cadlock" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1028"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1030"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="iad1" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1032"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="iad3" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1034"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="zincite-a" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1043"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="boinc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1046"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1049"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1259"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1723"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="pptp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="2869"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="9900"><state state="filtered" reason="admin-prohibited" reason_ttl="243" reason_ip="10.65.88.41"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="44501"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="98" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="100" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="100" />
+<osclass type="media device" vendor="Motorola" osfamily="Windows" osgen="PocketPC/CE" accuracy="100" />
+<osclass type="firewall" vendor="NetworksAOK" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Planet" osfamily="embedded" accuracy="100" />
+</os>
+<times srtt="248552" rttvar="2043" to="256724" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="reset"/>
+<address addr="10.251.227.170" addrtype="ipv4" />
+<hostnames><hostname name="mtceaquwb-811.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="996">
+<extrareasons reason="resets" count="996"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="50001"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="31275" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="10" accuracy="97" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="8" accuracy="97" />
+<osclass type="general purpose" vendor="HP" osfamily="HP-UX" osgen="11.X" accuracy="95" />
+<osclass type="WAP" vendor="2Wire" osfamily="embedded" accuracy="91" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="90" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="9" accuracy="89" />
+<osclass type="WAP" vendor="Acorp" osfamily="embedded" accuracy="89" />
+<osclass type="broadband router" vendor="Actiontec" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="89" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="88" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="88" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="87" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="87" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="86" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="86" />
+<osclass type="WAP" vendor="Cisco-Linksys" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="86" />
+<osmatch name="Sun Solaris 10 (x86)" accuracy="97" line="29653"/>
+<osmatch name="Sun Solaris 8 (SPARC)" accuracy="97" line="29901"/>
+<osmatch name="HP HP-UX B.11.31" accuracy="95" line="10913"/>
+<osmatch name="2Wire 1701HG wireless ADSL modem" accuracy="91" line="50"/>
+<osmatch name="2Wire 2700HG, 2700HG-B, 2701HG-B, or RG2701HG wireless ADSL modem" accuracy="91" line="87"/>
+<osmatch name="2Wire Shasta wireless broadband router" accuracy="91" line="122"/>
+<osmatch name="F5 BIG-IP Local Traffic Manager load balancer" accuracy="90" line="7700"/>
+<osmatch name="Sun Solaris 10" accuracy="89" line="29497"/>
+<osmatch name="Sun Solaris 10 (SPARC)" accuracy="89" line="29618"/>
+<osmatch name="Sun Solaris 9 (x86)" accuracy="89" line="30037"/>
+</os>
+<distance value="14" />
+<times srtt="136664" rttvar="2969" to="148540" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="reset"/>
+<address addr="10.191.37.88" addrtype="ipv4" />
+<hostnames><hostname name="pvcjbh-770.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="996">
+<extrareasons reason="resets" count="996"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="50001"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="41424" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="10" accuracy="97" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="8" accuracy="97" />
+<osclass type="general purpose" vendor="HP" osfamily="HP-UX" osgen="11.X" accuracy="95" />
+<osclass type="WAP" vendor="2Wire" osfamily="embedded" accuracy="91" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="90" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="9" accuracy="89" />
+<osclass type="WAP" vendor="Acorp" osfamily="embedded" accuracy="89" />
+<osclass type="broadband router" vendor="Actiontec" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="AVM" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="89" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="88" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="88" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="88" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="87" />
+<osclass type="media device" vendor="Netgear" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Teltronics" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="ZyXEL" osfamily="ZyNOS" osgen="3.X" accuracy="87" />
+<osclass type="broadband router" vendor="ZyXEL" osfamily="ZyNOS" accuracy="87" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="87" />
+<osmatch name="Sun Solaris 10 (x86)" accuracy="97" line="29653"/>
+<osmatch name="Sun Solaris 8 (SPARC)" accuracy="97" line="29901"/>
+<osmatch name="HP HP-UX B.11.31" accuracy="95" line="10913"/>
+<osmatch name="2Wire 1701HG wireless ADSL modem" accuracy="91" line="50"/>
+<osmatch name="2Wire 2700HG, 2700HG-B, 2701HG-B, or RG2701HG wireless ADSL modem" accuracy="91" line="87"/>
+<osmatch name="2Wire Shasta wireless broadband router" accuracy="91" line="122"/>
+<osmatch name="F5 BIG-IP Local Traffic Manager load balancer" accuracy="90" line="7700"/>
+<osmatch name="Sun Solaris 10" accuracy="89" line="29497"/>
+<osmatch name="Sun Solaris 10 (SPARC)" accuracy="89" line="29618"/>
+<osmatch name="Sun Solaris 9 (x86)" accuracy="89" line="30037"/>
+</os>
+<distance value="14" />
+<times srtt="149327" rttvar="2250" to="158327" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.210.225.168" addrtype="ipv4" />
+<hostnames><hostname name="mtlhxcs-302.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="990">
+<extrareasons reason="resets" count="990"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="netbios-ssn" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="netbios-ssn" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="49152"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="49153"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="49154"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="49155"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="49156"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="49158"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="135" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="35385" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2008" accuracy="97" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="97" />
+<osmatch name="Microsoft Windows Server 2008 Beta 3" accuracy="97" line="21419"/>
+<osmatch name="Microsoft Windows Vista SP0 or SP1" accuracy="97" line="22280"/>
+<osmatch name="Microsoft Windows Vista Business SP1" accuracy="93" line="22208"/>
+<osmatch name="Microsoft Windows Vista or Windows Server 2008 SP1" accuracy="92" line="22261"/>
+<osmatch name="Microsoft Windows Vista Home Premium" accuracy="90" line="22243"/>
+</os>
+<uptime seconds="16675" lastboot="Wed Mar 25 12:50:20 2009" />
+<distance value="18" />
+<tcpsequence index="262" difficulty="Good luck!" values="FE859D16,FEDA2A88,58413C10,E9319FD7,71916A12,D6553810" />
+<ipidsequence class="Incremental" values="7169,716A,716B,716C,716D,716E" />
+<tcptssequence class="100HZ" values="195FAB,195FB5,195FC5,195FCF,195FDD,195FE7" />
+<times srtt="224386" rttvar="4279" to="241502" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.99.120.91" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="241"/><service name="telnet" product="Cisco router" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="open" reason="syn-ack" reason_ttl="241"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="241"/><service name="sip-proxy" product="Cisco SIP Gateway" extrainfo="IOS 12.x" ostype="IOS" devicetype="router" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="23" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="43789" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="99" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="94" />
+<osclass type="broadband router" vendor="Cisco" osfamily="embedded" accuracy="91" />
+<osclass type="WAP" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="88" />
+<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="86" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="85" />
+<osmatch name="Cisco 3560G switch (IOS 12.2)" accuracy="99" line="5620"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="97" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="97" line="5694"/>
+<osmatch name="Cisco Catalyst 3500 XL switch (IOS 12.0)" accuracy="94" line="5747"/>
+<osmatch name="Cisco 2821 router" accuracy="94" line="5341"/>
+<osmatch name="Cisco 827H ADSL router" accuracy="91" line="4738"/>
+</os>
+<distance value="15" />
+<tcpsequence index="255" difficulty="Good luck!" values="8E24D063,50729E0D,ACECDA55,9FA345A3,C8E1CA1A,C52CC45" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="none returned (unsupported)" />
+<times srtt="66390" rttvar="6471" to="100000" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="echo-reply"/>
+<address addr="10.221.98.167" addrtype="ipv4" />
+<hostnames><hostname name="qwjvzmnsr-956.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="microsoft-rdp" product="Microsoft Terminal Service" ostype="Windows" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="3389" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="88" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="86" />
+<osmatch name="Microsoft Windows Server 2003 SP2" accuracy="88" line="21181"/>
+<osmatch name="Apple AirPort Extreme WAP v7.3.2" accuracy="86" line="1612"/>
+</os>
+<tcpsequence index="252" difficulty="Good luck!" values="1FC75758,37FE0AB5,75899DF2,9786C820,594F820A,99B0F893" />
+<ipidsequence class="Incremental" values="E2F7,E2F8,E2F9,E2FA,E2FB,E2FC" />
+<tcptssequence class="zero timestamp" values="0,0,0,0,0,0" />
+<times srtt="69375" rttvar="3411" to="100000" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.41.155.126" addrtype="ipv4" />
+<hostnames><hostname name="xqkndy-203.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="997">
+<extrareasons reason="resets" count="997"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="117"/><service name="microsoft-rdp" product="Microsoft Terminal Service" ostype="Windows" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="135" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="41489" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="94" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="94" />
+<osclass type="media device" vendor="Motorola" osfamily="Windows" osgen="PocketPC/CE" accuracy="91" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="88" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="88" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="85" />
+<osmatch name="Microsoft Windows Server 2003 SP0 or Windows XP SP2" accuracy="94" line="20773"/>
+<osmatch name="Microsoft Windows XP SP2" accuracy="94" line="23515"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (French)" accuracy="93" line="22909"/>
+<osmatch name="Microsoft Windows XP SP2 or SP3" accuracy="91" line="24158"/>
+<osmatch name="Motorola VIP1216 digital set top box (Windows CE 5.0)" accuracy="91" line="24992"/>
+<osmatch name="Microsoft Windows XP SP3" accuracy="90" line="24289"/>
+<osmatch name="Microsoft Windows Small Business Server 2003" accuracy="89" line="21402"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (firewall enabled)" accuracy="89" line="22892"/>
+<osmatch name="Microsoft Windows Server 2003 SP1 or SP2" accuracy="89" line="21130"/>
+<osmatch name="Version 5.1 (build 2600.xpsp.080125-2028:Service Pack 3, v3300)" accuracy="89" line="24528"/>
+</os>
+<distance value="11" />
+<tcpsequence index="264" difficulty="Good luck!" values="56F359E5,4D8AE25C,382AC322,BE3755C2,14F673B1,13B4B8B0" />
+<ipidsequence class="Incremental" values="B7DB,B7DC,B7DF,B7E0,B7E2,B7E3" />
+<tcptssequence class="zero timestamp" values="0,0,0,0,0,0" />
+<times srtt="312434" rttvar="9993" to="352406" />
+</host>
+<host starttime="1238020527" endtime="1238023641"><status state="up" reason="reset"/>
+<address addr="10.131.201.36" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="993">
+<extrareasons reason="no-responses" count="993"/>
+</extraports>
+<port protocol="tcp" portid="23"><state state="closed" reason="reset" reason_ttl="54"/><service name="telnet" method="table" conf="3" /></port>
+<port protocol="tcp" portid="80"><state state="closed" reason="reset" reason_ttl="54"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4001"><state state="closed" reason="reset" reason_ttl="54"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4002"><state state="closed" reason="reset" reason_ttl="54"/><service name="mlchat-proxy" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4003"><state state="closed" reason="reset" reason_ttl="54"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4004"><state state="closed" reason="reset" reason_ttl="54"/><service name="unknown" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4005"><state state="closed" reason="reset" reason_ttl="54"/><service name="unknown" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="23" />
+<osclass type="VoIP gateway" vendor="Avaya" osfamily="embedded" accuracy="100" />
+<osclass type="general purpose" vendor="SCO" osfamily="UnixWare" osgen="8.X" accuracy="100" />
+<osmatch name="Avaya G350 Media Gateway (VoIP gateway)" accuracy="100" line="2991" />
+<osmatch name="SCO UnixWare 8.0.0" accuracy="100" line="28234" />
+</os>
+<times srtt="1208029" rttvar="566550" to="1250000" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="echo-reply"/>
+<address addr="10.121.45.17" addrtype="ipv4" />
+<hostnames><hostname name="ythgexqc-207.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="220872" rttvar="82609" to="551308" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.99.53.97" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="993">
+<extrareasons reason="resets" count="993"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="ftp" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="47"/><service name="telnet" product="Linux telnetd" ostype="Linux" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="1" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="100" line="665" />
+</os>
+<uptime seconds="1957299" lastboot="Tue Mar 3 00:46:36 2009" />
+<tcpsequence index="204" difficulty="Good luck!" values="E6112CE6,E601B2BC,E5D8712B,E68985C7,E5FB6277,E60C3D57" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="BAA800A,BAA801D,BAA8028,BAA8032,BAA803C,BAA8046" />
+<times srtt="208922" rttvar="1829" to="216238" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="syn-ack"/>
+<address addr="10.180.165.180" addrtype="ipv4" />
+<hostnames><hostname name="zvpei-603.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="989">
+<extrareasons reason="resets" count="989"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ssh" product="OpenSSH" version="4.2" extrainfo="protocol 2.0" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" product="Apache httpd" version="2.0.54" extrainfo="(Fedora)" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="111"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="rpcbind" method="table" conf="3" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="199"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="smux" product="Linux SNMP multiplexer" ostype="Linux" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" product="Apache httpd" version="2.0.54" extrainfo="(Fedora)" tunnel="ssl" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3128"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http-proxy" product="Squid webproxy" version="2.5.STABLE13" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="mysql" product="MySQL" extrainfo="unauthorized" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="37382" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osmatch name="Linux 2.6.15 - 2.6.26" accuracy="100" line="15361" />
+</os>
+<uptime seconds="266040" lastboot="Sun Mar 22 15:34:15 2009" />
+<distance value="12" />
+<tcpsequence index="189" difficulty="Good luck!" values="3A43D2EF,39E875A1,39EE36A2,3A238781,39EE7991,3A243B43" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="other" values="3EE7DE9,3EE7E1B,3EE7E34,3EE7E4D,3EE7E67,3EE7E80" />
+<times srtt="213864" rttvar="4292" to="231032" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="echo-reply"/>
+<address addr="10.84.208.45" addrtype="ipv4" />
+<hostnames><hostname name="reiwjyq-899.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="233553" rttvar="93227" to="606461" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="syn-ack"/>
+<address addr="10.227.126.44" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="991">
+<extrareasons reason="resets" count="991"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="ftp" product="ProFTPD" version="1.3.1" ostype="Unix" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="ssh" product="OpenSSH" version="4.5p1" extrainfo="FreeBSD 20061110; protocol 2.0" ostype="FreeBSD" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="http" product="Apache httpd" version="2.2.6" extrainfo="(FreeBSD) mod_ssl/2.2.6 OpenSSL/0.9.7e-p1 DAV/2 PHP/5.2.5 with Suhosin-Patch" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="135"><state state="filtered" reason="admin-prohibited" reason_ttl="243" reason_ip="10.242.51.249"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="admin-prohibited" reason_ttl="243" reason_ip="10.242.51.249"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="mysql" product="MySQL" extrainfo="unauthorized" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="10000"><state state="open" reason="syn-ack" reason_ttl="55"/><service name="http" product="Webmin httpd" method="probed" conf="10" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="38882" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" accuracy="97" />
+<osclass type="router" vendor="Juniper" osfamily="JUNOS" osgen="9.X" accuracy="96" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="92" />
+<osclass type="general purpose" vendor="PC-BSD" osfamily="PC-BSD" accuracy="90" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="90" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="88" />
+<osclass type="storage-misc" vendor="Isilon" osfamily="OneFS" accuracy="86" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="86" />
+<osclass type="remote management" vendor="Lantronix" osfamily="embedded" accuracy="86" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="86" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="86" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="2.X" accuracy="85" />
+<osmatch name="m0n0wall 1.3b11 - 1.3b15 FreeBSD-based firewall" accuracy="97" line="19698"/>
+<osmatch name="Juniper Networks JUNOS 9.0R2.10" accuracy="96" line="12873"/>
+<osmatch name="FreeBSD 6.2-RELEASE" accuracy="92" line="8449"/>
+<osmatch name="PC-BSD 1.3" accuracy="90" line="27089"/>
+<osmatch name="FreeBSD 7.0-RELEASE" accuracy="90" line="8892"/>
+<osmatch name="FreeBSD 6.3-RELEASE" accuracy="89" line="8571"/>
+<osmatch name="FreeBSD 7.1-PRERELEASE" accuracy="89" line="9121"/>
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="88" line="3561"/>
+</os>
+<uptime seconds="4093188" lastboot="Fri Feb 6 07:28:27 2009" />
+<distance value="23" />
+<tcpsequence index="258" difficulty="Good luck!" values="3092D51,290AF9D0,8131A593,6CD2C212,505C684E,A1E0060F" />
+<ipidsequence class="Incremental" values="659A,659B,659C,659D,659E,659F" />
+<tcptssequence class="1000HZ" values="F3F861AE,F3F86211,F3F86275,F3F862D6,F3F8633B,F3F863A1" />
+<times srtt="246109" rttvar="2581" to="256433" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="echo-reply"/>
+<address addr="10.178.146.67" addrtype="ipv4" />
+<hostnames><hostname name="oxqgklja-427.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="97395" rttvar="54971" to="317279" />
+</host>
+<host starttime="1238020527" endtime="1238023641"><status state="up" reason="reset"/>
+<address addr="10.188.255.183" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="53"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="domain" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="switch" vendor="Avaya" osfamily="embedded" accuracy="100" />
+<osclass type="broadband router" vendor="Motorola" osfamily="VxWorks" osgen="5.X" accuracy="100" />
+<osmatch name="Avaya P580 switch running Cajun Switch Agent v5.4.2" accuracy="100" line="2941" />
+<osmatch name="Avaya P880 switch running Cajun Switch Agent v5.3.2" accuracy="100" line="2958" />
+<osmatch name="Motorola SURFboard SB3100 cable modem (VxWorks 5.3)" accuracy="100" line="24924" />
+</os>
+<times srtt="114093" rttvar="23571" to="208377" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="reset"/>
+<address addr="10.50.210.60" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="995">
+<extrareasons reason="resets" count="995"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Avaya" osfamily="embedded" accuracy="88" />
+<osclass type="broadband router" vendor="Motorola" osfamily="VxWorks" osgen="5.X" accuracy="88" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="87" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="87" />
+<osclass type="firewall" vendor="NetworksAOK" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="87" />
+<osclass type="VoIP gateway" vendor="Avaya" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="86" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="86" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="86" />
+<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="86" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="86" />
+<osmatch name="Cisco 2821 router" accuracy="89" line="5341"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="89" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="89" line="5694"/>
+<osmatch name="Avaya P580 switch running Cajun Switch Agent v5.4.2" accuracy="88" line="2941"/>
+<osmatch name="Avaya P880 switch running Cajun Switch Agent v5.3.2" accuracy="88" line="2958"/>
+<osmatch name="Motorola SURFboard SB3100 cable modem (VxWorks 5.3)" accuracy="88" line="24924"/>
+<osmatch name="Linksys WRT54G v8 wireless broadband router" accuracy="87" line="13947"/>
+<osmatch name="Microsoft Windows XP Home SP1 (French)" accuracy="87" line="22547"/>
+<osmatch name="NetworksAOK network monitoring applicance" accuracy="87" line="25712"/>
+<osmatch name="Nokia firewall (IPSO 4.1Build19)" accuracy="87" line="25867"/>
+</os>
+<times srtt="157263" rttvar="1392" to="162831" />
+</host>
+<host starttime="1238020527" endtime="1238023664"><status state="up" reason="reset"/>
+<address addr="10.195.149.249" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="48"/><service name="rpcbind" method="probed" conf="10" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="111" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="37213" />
+<osclass type="general purpose" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="100" />
+<osmatch name="MontaVista embedded Linux 2.4.17" accuracy="100" line="24750" />
+<osmatch name="Telkom Mega 100 WR DSL modem (MontaVista embedded Linux 2.4.17)" accuracy="100" line="30526" />
+</os>
+<uptime seconds="3158131" lastboot="Tue Feb 17 03:12:44 2009" />
+<distance value="19" />
+<tcpsequence index="199" difficulty="Good luck!" values="CCE2E567,CD7D84C5,CCB8CABF,CD410B1E,CD011A2E,CD7D1D7D" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="100HZ" values="12D2D2C8,12D2D2D3,12D2D2DE,12D2D2E8,12D2D2F2,12D2D2FC" />
+<times srtt="198396" rttvar="3150" to="210996" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="echo-reply"/>
+<address addr="10.160.151.192" addrtype="ipv4" />
+<hostnames><hostname name="vjdegns-480.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="1000">
+<extrareasons reason="no-responses" count="1000"/>
+</extraports>
+</ports>
+<os></os>
+<times srtt="131044" rttvar="49548" to="329236" />
+</host>
+<host starttime="1238020527" endtime="1238023694"><status state="up" reason="syn-ack"/>
+<address addr="10.135.37.124" addrtype="ipv4" />
+<hostnames><hostname name="kcnjvgwu-737.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="992">
+<extrareasons reason="no-responses" count="992"/>
+</extraports>
+<port protocol="tcp" portid="20"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ftp-data" method="table" conf="3" /></port>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="110"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="pop3" method="table" conf="3" /></port>
+<port protocol="tcp" portid="143"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="imap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="https" method="table" conf="3" /></port>
+<port protocol="tcp" portid="587"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="submission" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="20" />
+<osclass type="general purpose" vendor="Sun" osfamily="Solaris" osgen="9" accuracy="87" />
+<osmatch name="Sun Solaris 9 (x86)" accuracy="87" line="30037"/>
+<osmatch name="Sun Solaris 9" accuracy="87" line="29986"/>
+</os>
+<uptime seconds="1770933" lastboot="Thu Mar 5 04:32:42 2009" />
+<tcpsequence index="258" difficulty="Good luck!" values="E5FD35BD,27F0E5BC,BEB5049,7D41AD23,C1B526F1,72E060D5" />
+<ipidsequence class="Incremental" values="863,864,865,866,867,86B" />
+<tcptssequence class="100HZ" values="A8E2865,A8E286F,A8E2879,A8E2883,A8E288E,A8E2898" />
+<times srtt="76643" rttvar="1771" to="100000" />
+</host>
+<host starttime="1238020527" endtime="1238023695"><status state="up" reason="reset"/>
+<address addr="10.11.39.207" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="closed" count="992">
+<extrareasons reason="resets" count="992"/>
+</extraports>
+<port protocol="tcp" portid="135"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="msrpc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="139"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="netbios-ssn" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="116"/><service name="https" method="table" conf="3" /></port>
+<port protocol="tcp" portid="445"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3" /></port>
+<port protocol="tcp" portid="593"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="http-rpc-epmap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+<port protocol="tcp" portid="4444"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="krb524" method="table" conf="3" /></port>
+<port protocol="tcp" portid="6059"><state state="open" reason="syn-ack" reason_ttl="116"/><service name="tcpwrapped" method="probed" conf="8" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="443" />
+<portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="36255" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="94" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="94" />
+<osclass type="media device" vendor="Motorola" osfamily="Windows" osgen="PocketPC/CE" accuracy="91" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="88" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="88" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="85" />
+<osmatch name="Microsoft Windows Server 2003 SP0 or Windows XP SP2" accuracy="94" line="20773"/>
+<osmatch name="Microsoft Windows XP SP2" accuracy="94" line="23515"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (French)" accuracy="93" line="22909"/>
+<osmatch name="Microsoft Windows XP SP2 or SP3" accuracy="91" line="24158"/>
+<osmatch name="Motorola VIP1216 digital set top box (Windows CE 5.0)" accuracy="91" line="24992"/>
+<osmatch name="Microsoft Windows XP SP3" accuracy="90" line="24340"/>
+<osmatch name="Microsoft Windows XP Professional SP2 (firewall enabled)" accuracy="89" line="22892"/>
+<osmatch name="Microsoft Windows Server 2003 SP1 or SP2" accuracy="89" line="21130"/>
+<osmatch name="Microsoft Windows Server 2003 SP2" accuracy="89" line="21181"/>
+<osmatch name="Version 5.1 (build 2600.xpsp.080125-2028:Service Pack 3, v3300)" accuracy="89" line="24528"/>
+</os>
+<distance value="16" />
+<tcpsequence index="258" difficulty="Good luck!" values="60C1BB15,6ACAF200,A97CEBEB,58598A68,1ACFBD74,A7ACC2CE" />
+<ipidsequence class="Incremental" values="4CCC,4CCD,4CCE,4CD0,4CD1,4CD3" />
+<tcptssequence class="zero timestamp" values="0,0,0,0,0,0" />
+<times srtt="293609" rttvar="2851" to="305013" />
+</host>
+<host starttime="1238020527" endtime="1238023661"><status state="up" reason="echo-reply"/>
+<address addr="10.222.150.13" addrtype="ipv4" />
+<hostnames><hostname name="ljcinguw-119.example.com" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="999">
+<extrareasons reason="no-responses" count="999"/>
+</extraports>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="20"/><service name="auth" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="113" />
+<osclass type="router" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89" />
+<osclass type="switch" vendor="Avaya" osfamily="embedded" accuracy="88" />
+<osclass type="broadband router" vendor="Motorola" osfamily="VxWorks" osgen="5.X" accuracy="88" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="87" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="87" />
+<osclass type="firewall" vendor="NetworksAOK" osfamily="embedded" accuracy="87" />
+<osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="87" />
+<osclass type="VoIP gateway" vendor="Avaya" osfamily="embedded" accuracy="86" />
+<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="86" />
+<osclass type="firewall" vendor="ISS" osfamily="Linux" osgen="2.4.X" accuracy="86" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="86" />
+<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="Vista" accuracy="86" />
+<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="86" />
+<osclass type="firewall" vendor="WatchGuard" osfamily="embedded" accuracy="86" />
+<osmatch name="Cisco 2821 router" accuracy="89" line="5341"/>
+<osmatch name="Cisco 3750 switch (IOS 12.2)" accuracy="89" line="5637"/>
+<osmatch name="Cisco Catalyst 2960 or 3600 switch" accuracy="89" line="5694"/>
+<osmatch name="Avaya P580 switch running Cajun Switch Agent v5.4.2" accuracy="88" line="2941"/>
+<osmatch name="Avaya P880 switch running Cajun Switch Agent v5.3.2" accuracy="88" line="2958"/>
+<osmatch name="Motorola SURFboard SB3100 cable modem (VxWorks 5.3)" accuracy="88" line="24924"/>
+<osmatch name="Linksys WRT54G v8 wireless broadband router" accuracy="87" line="13947"/>
+<osmatch name="Microsoft Windows XP Home SP1 (French)" accuracy="87" line="22547"/>
+<osmatch name="NetworksAOK network monitoring applicance" accuracy="87" line="25712"/>
+<osmatch name="Nokia firewall (IPSO 4.1Build19)" accuracy="87" line="25867"/>
+</os>
+<times srtt="128696" rttvar="2278" to="137808" />
+</host>
+<host starttime="1238020527" endtime="1238023694"><status state="up" reason="syn-ack"/>
+<address addr="10.10.245.27" addrtype="ipv4" />
+<hostnames />
+<ports><extraports state="filtered" count="989">
+<extrareasons reason="no-responses" count="989"/>
+</extraports>
+<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="ftp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="http" method="table" conf="3" /></port>
+<port protocol="tcp" portid="110"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="pop3" method="table" conf="3" /></port>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="19"/><service name="auth" method="table" conf="3" /></port>
+<port protocol="tcp" portid="143"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="imap" method="table" conf="3" /></port>
+<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="https" method="table" conf="3" /></port>
+<port protocol="tcp" portid="1863"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="msnp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5050"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="mmcc" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5060"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="sip" method="table" conf="3" /></port>
+<port protocol="tcp" portid="5190"><state state="open" reason="syn-ack" reason_ttl="51"/><service name="aol" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="21" />
+<portused state="closed" proto="tcp" portid="113" />
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="97" />
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="89" />
+<osclass type="broadband router" vendor="Actiontec" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Actiontec" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="switch" vendor="HP" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="89" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="89" />
+<osclass type="load balancer" vendor="F5 Networks" osfamily="embedded" accuracy="89" />
+<osclass type="print server" vendor="HP" osfamily="embedded" accuracy="89" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="89" />
+<osclass type="general purpose" vendor="MontaVista" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="broadband router" vendor="Telkom" osfamily="Linux" osgen="2.4.X" accuracy="89" />
+<osclass type="WAP" vendor="Apple" osfamily="embedded" accuracy="89" />
+<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="87" />
+<osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="87" />
+<osmatch name="DD-WRT v23 (Linux 2.4.36)" accuracy="97" line="14680"/>
+<osmatch name="Check Point ZoneAlarm Z100G firewall" accuracy="89" line="4511"/>
+<osmatch name="Actiontec GT701 DSL modem" accuracy="89" line="625"/>
+<osmatch name="HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router" accuracy="89" line="665"/>
+<osmatch name="F5 BIG-IP Local Traffic Manager load balancer" accuracy="89" line="7700"/>
+<osmatch name="HP 4200 PSA (Print Server Appliance) model J4117A" accuracy="89" line="9486"/>
+<osmatch name="DD-WRT v23 (Linux 2.4.34)" accuracy="89" line="14663"/>
+<osmatch name="Linux 2.6.18 (OSSIM)" accuracy="89" line="16137"/>
+<osmatch name="MontaVista embedded Linux 2.4.17" accuracy="89" line="24750"/>
+<osmatch name="Telkom Mega 100 WR DSL modem (MontaVista embedded Linux 2.4.17)" accuracy="89" line="30526"/>
+</os>
+<times srtt="82520" rttvar="2644" to="100000" />
+</host>
+<host starttime="1238020527" endtime="1238023641"><status state="up" reason="reset"/>
+<address addr="10.57.231.199" addrtype="ipv4" />
+<hostnames><hostname name="nqlovh-39.example.com" type="PTR" /></hostnames>
+<ports><extraports state="closed" count="999">
+<extrareasons reason="resets" count="999"/>
+</extraports>
+<port protocol="tcp" portid="1720"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="H.323/Q.931" method="table" conf="3" /></port>
+</ports>
+<os><portused state="closed" proto="tcp" portid="1" />
+<portused state="closed" proto="udp" portid="39829" />
+<osclass type="media device" vendor="Apple" osfamily="iPhone OS" osgen="1.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.4.X" accuracy="100" />
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.5.X" accuracy="100" />
+<osclass type="proxy server" vendor="Blue Coat" osfamily="SGOS" osgen="5.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="4.X" accuracy="100" />
+<osclass type="firewall" vendor="m0n0wall" osfamily="FreeBSD" osgen="5.X" accuracy="100" />
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="100" />
+<osmatch name="Apple iPod touch audio player (iPhone OS 1.1.2 - 1.1.4, Darwin 9.0.0d1)" accuracy="100" line="1630" />
+<osmatch name="Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC)" accuracy="100" line="2173" />
+<osmatch name="Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86)" accuracy="100" line="2432" />
+<osmatch name="Apple Mac OS X 10.5.5 (Leopard) (Darwin 9.5.0)" accuracy="100" line="2607" />
+<osmatch name="Blue Coat SG200 proxy server (SGOS 10.145.57.16)" accuracy="100" line="3561" />
+<osmatch name="m0n0wall FreeBSD-based embedded firewall version 1.22 - 1.23b1" accuracy="100" line="19677" />
+<osmatch name="Netgear WGR614v7 wireless broadband router" accuracy="100" line="25534" />
+</os>
+<distance value="14" />
+<times srtt="124588" rttvar="5891" to="148152" />
+</host>
+<runstats><finished time="1238023695" timestr="Wed Mar 25 17:28:15 2009" elapsed="3168.54"/><hosts up="61" down="939" total="1000" />
+<!-- Nmap done at Wed Mar 25 17:28:15 2009; 1000 IP addresses (61 hosts up) scanned in 3168.54 seconds -->
+</runstats></nmaprun>
diff --git a/ndiff/test-scans/simple.xml b/ndiff/test-scans/simple.xml
new file mode 100644
index 0000000..cf5b373
--- /dev/null
+++ b/ndiff/test-scans/simple.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- This simple scan has one scaninfo and no extraports. -->
+<!-- Nmap 4.90RC2 scan initiated Fri Jul 10 17:23:30 2009 as: nmap -oX simple.xml -p 22,113 scanme.nmap.org -->
+<nmaprun scanner="nmap" args="nmap -oX simple.xml -p 22,113 scanme.nmap.org" start="1247268210" startstr="Fri Jul 10 17:23:30 2009" version="4.90RC2" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="2" services="22,113" />
+<verbose level="0" />
+<debugging level="0" />
+<host starttime="1247268210" endtime="1247268210"><status state="up" reason="echo-reply"/>
+<address addr="64.13.134.52" addrtype="ipv4" />
+<hostnames><hostname name="scanme.nmap.org" type="PTR" /></hostnames>
+<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ssh" method="table" conf="3" /></port>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="52"/><service name="auth" method="table" conf="3" /></port>
+</ports>
+<times srtt="91167" rttvar="51529" to="297283" />
+</host>
+<runstats><finished time="1247268210" timestr="Fri Jul 10 17:23:30 2009" elapsed="0.56"/><hosts up="1" down="0" total="1" />
+<!-- Nmap done at Fri Jul 10 17:23:30 2009; 1 IP address (1 host up) scanned in 0.56 seconds -->
+</runstats></nmaprun>
diff --git a/ndiff/test-scans/single.xml b/ndiff/test-scans/single.xml
new file mode 100644
index 0000000..f326566
--- /dev/null
+++ b/ndiff/test-scans/single.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- This scan has one scaninfo and one extraports. -->
+<!-- Nmap 4.90RC2 scan initiated Fri Jul 10 17:24:04 2009 as: nmap -oX single.xml -p 1-100 scanme.nmap.org -->
+<nmaprun scanner="nmap" args="nmap -oX single.xml -p 1-100 scanme.nmap.org" start="1247268244" startstr="Fri Jul 10 17:24:04 2009" version="4.90RC2" xmloutputversion="1.03">
+<scaninfo type="syn" protocol="tcp" numservices="100" services="1-100" />
+<verbose level="0" />
+<debugging level="0" />
+<host starttime="1247268244" endtime="1247268247"><status state="up" reason="echo-reply"/>
+<address addr="64.13.134.52" addrtype="ipv4" />
+<hostnames><hostname name="scanme.nmap.org" type="PTR" /></hostnames>
+<ports><extraports state="filtered" count="95">
+<extrareasons reason="no-responses" count="95"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="ssh" method="table" conf="3" /></port>
+<port protocol="tcp" portid="25"><state state="closed" reason="reset" reason_ttl="52"/><service name="smtp" method="table" conf="3" /></port>
+<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="domain" method="table" conf="3" /></port>
+<port protocol="tcp" portid="70"><state state="closed" reason="reset" reason_ttl="52"/><service name="gopher" method="table" conf="3" /></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="52"/><service name="http" method="table" conf="3" /></port>
+</ports>
+<times srtt="92757" rttvar="19456" to="170581" />
+</host>
+<runstats><finished time="1247268247" timestr="Fri Jul 10 17:24:07 2009" elapsed="2.96"/><hosts up="1" down="0" total="1" />
+<!-- Nmap done at Fri Jul 10 17:24:07 2009; 1 IP address (1 host up) scanned in 2.96 seconds -->
+</runstats></nmaprun>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-04 01:10:04 +0000