#   Define class for fingerprinting
class "class-os-fingerprint" {
    match option dhcp-parameter-request-list;
}



#   Match fingerprints and save the result in a variable.


subclass "class-os-fingerprint" 1 {
    set var-os-fingerprint = "DHCPing";
}

subclass "class-os-fingerprint" 1:2:3:6:c:f:11:17:1c:1d:1f:21:28:29:2a:2b {
    set var-os-fingerprint = "Amino Aminet Set Top Box";
}

#   25-May-2005  Keith Neufeld
#   nmap guesses Linux 2.4.0 - 2.5.20
subclass "class-os-fingerprint" 1:3:6:c:f:11:17:1c:1d:1f:21:28:29:2a {
    set var-os-fingerprint = "Linux (kernel 2.4.0 - 2.5.20 per nmap)";
}

subclass "class-os-fingerprint" 1:3:6:c:f:11:17:1c:1d:1f:21:28:29:2a:9:7:c8:2c {
    set var-os-fingerprint = "Linux 2.6.5-7.108 Suse 9.1 | Novell Desktop";
}
subclass "class-os-fingerprint" 1:3:6:c:f:17:1c:1d:1f:21:28:29:2a {
    set var-os-fingerprint = "Linux Fedora Core 1 PXE";
}
subclass "class-os-fingerprint" 1:3:6:c:f:1c:2c {
    set var-os-fingerprint = "Linksys WRT54G";
}

#   08-Apr-2005 Brad Fleming
#   BeOS 5.1
subclass "class-os-fingerprint" 1:3:6:c:f:33:36 {
    set var-os-fingerprint = "BeOS";
}

subclass "class-os-fingerprint" 1:3:6:c:f:2c:2e:2f {
    set var-os-fingerprint = "Linksys Router";
}

#   08-Apr-2005 Brad Fleming NetGear MR814-V.2 firmware v.5.3_05
subclass "class-os-fingerprint" 1:3:6:f {
    set var-os-fingerprint = "3Com NetworkJack | Apple Airport Express Basestation | NetGear broadband router";
}

subclass "class-os-fingerprint" 1:3:6:f:c:45:46:58:2a {
    set var-os-fingerprint = "NetBotz WallBotz 400C";
}

#   20-Apr-2005 Andrew Fleming
subclass "class-os-fingerprint" 1:3:6:f:1c:c:7:9:2a:30:31:89:d3:d4:d5:d6:db {
    set var-os-fingerprint = "Neoware NeoLinux Thin Client";
}

#   Andrew Fleming
subclass "class-os-fingerprint" 1:3:6:f:21:2a:2c:2d:2e:2f:45:46:47:4a:4e:4f {
    set var-os-fingerprint = "Mac OS 9.2 Open Transport 2.x";
}

#   Andrew Fleming
subclass "class-os-fingerprint" 1:3:6:f:2c:2e:2f {
    set var-os-fingerprint = "WinCE Pocket PC";
}

subclass "class-os-fingerprint" 1:3:6:f:2c:2e:2f:39 {
    set var-os-fingerprint = "Microsoft Windows 98";
}
subclass "class-os-fingerprint" 1:3:6:f:42:45:2b:b0 {
    set var-os-fingerprint = "Avaya IP Telephone";
}

#   31-Mar-2005 seen in Corbin @ 00:30:65:00:d3:ed / 156.26.149.182
#   And 00:30:65:e3:05:34 / 156.26.151.68
#   Mac with OS X 10.2.8 and wireless card
subclass "class-os-fingerprint" 1:3:6:f:70:71:4e:4f:5f {
    set var-os-fingerprint = "Macintosh OS X (10.2.8)";
}

#   06-Apr-2005  Keith Neufeld
#   seen on 156.26.66.116, 156.26.68.113, 156.26.68.210
#   fingerprinted by nmap
subclass "class-os-fingerprint" 1:3:6:f:70:71:4e:4f {
    set var-os-fingerprint = "Macintosh OS X (10.1 - 10.1.4)";
}

#   08-Apr-2005  Brad Fleming  including 10.4 beta
subclass "class-os-fingerprint" 1:3:6:f:70:71:4e:4f:5f:fc {
    set var-os-fingerprint = "Macintosh OS X (including 10.4 beta)";
}

#   25-May-2005
subclass "class-os-fingerprint" 1:3:6:36:33 {
    set var-os-fingerprint = "Fluk EtherScope handheld network analyzer";
}

subclass "class-os-fingerprint" 1:3:7:6:f:42:45:2b:b0 {
    set var-os-fingerprint = "Avaya IP Telephone";
}
subclass "class-os-fingerprint" 1:3:7:2c:33:36:3a:3b:c:f:90:12 {
    set var-os-fingerprint = "Hewlett-Packard JetDirect";
}

subclass "class-os-fingerprint" 1:3:c:2b {
    set var-os-fingerprint = "Linux Fedora Core 1 PXE";
}

subclass "class-os-fingerprint" 1:3:c:2b:11:80:81:82:a0:b0:b8:b9:ba:bb:bc:bc:be:bf:c0:c1:c2:c3:c4:c5:c6:c7:c8:c9:ca:cb:cc:cd:ce:cf {
    set var-os-fingerprint = "Linux Fedora Core 1 PXE";
}

#   06-Apr-2005  Keith Neufeld
#   seen on 156.26.53.35
#subclass "class-os-fingerprint" 1:3:c:2c {
#    set var-os-fingerprint = "";
#}

subclass "class-os-fingerprint" 1:3:f:6 {
    set var-os-fingerprint = "Sony Playstation 2";
}

#   06-Apr-2005  Keith Neufeld
#   seen on 156.26.53.35
#   fingerprinted by nmap
subclass "class-os-fingerprint" 1:3:f:6:2c:2e:2f {
    set var-os-fingerprint = "Windows NT4 or 95/98/98Se";
}

#   Andrew Fleming
subclass "class-os-fingerprint" 1:3:2a:4:6:7:c:1a:2c:33:36:3a:3b:be {
    set var-os-fingerprint = "IBM InfoPrint network printer";
}

#   06-Apr-2005  Keith Neufeld
#   seen on 156.26.72.122
subclass "class-os-fingerprint" 1:3:2b:3c {
    set var-os-fingerprint = "Okidata including OkiLAN 6200e+";
}

subclass "class-os-fingerprint" 1:3:2b:36:3c:43:80:81:82:83:84:85:86:87 {
    set var-os-fingerprint = "Microsoft Windows XP (SP1? SP2?)";
}

#   06-Apr-2005  Keith Neufeld
#   seen on 156.26.175.102, 156.26.116.146, 156.26.168.151, 156.26.171.146
#subclass "class-os-fingerprint" 1:3:6 {
#    set var-os-fingerprint = "";
#}

subclass "class-os-fingerprint" 1:3:2c:6:7:c:f:16:36:3a:3b:45:12:90 {
    set var-os-fingerprint = "Hewlett-Packard Color LaserJet";
}

subclass "class-os-fingerprint" 1:6:f:2c:3:21:96:2b {
    set var-os-fingerprint = "Cisco 1121 Wireless Access Point";
}

subclass "class-os-fingerprint" 1:6:f:2c:3:21:96:3c {
    set var-os-fingerprint = "Cisco 1100 Wireless Access Point";
}

#   Travis Cooper, Chemistry
subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:1:3:6:f:2c:2e:2f {
    set var-os-fingerprint = "Linksys BEFW11S4 WAP";
}

subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:1f:21:2b {
    set var-os-fingerprint = "Microsoft Windows 2000 Professional";
}
subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:1f:21:2b:4d {
    set var-os-fingerprint = "Microsoft Windows ME";
}
subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:1f:21:2b:fc {
    set var-os-fingerprint = "Microsoft Windows 2000";
}
subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:1f:21:f9:2b {
    set var-os-fingerprint = "Microsoft Windows XP (including SP2)";
}
subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:1f:21:f9:2b:fc {
    set var-os-fingerprint = "Microsoft Windows XP (SP1? SP2?)";
}
subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:1f:21:f9:2b:fc:c {
    set var-os-fingerprint = "Microsoft Windows XP (SP1? SP2?)";
}
subclass "class-os-fingerprint" 1:f:3:6:2c:2e:2f:2b:4d {
    set var-os-fingerprint = "Microsoft Windows 98 SE";
}
subclass "class-os-fingerprint" 1:f:3:fc:2c:6 {
    set var-os-fingerprint = "Microsoft Windows XP (SP1? SP2?)";
}
subclass "class-os-fingerprint" 1:1c:2:3:f:6:c {
    set var-os-fingerprint = "Microsoft Windows XP Workstation Only? | TiVo Series 2";
}

#   08-Apr-2005 Brad Fleming
#   including FC3
subclass "class-os-fingerprint" 1:1c:2:3:f:6:c:28:29:2a {
    set var-os-fingerprint = "Linux";
}

subclass "class-os-fingerprint" 1:1c:3:6:f:43:4:7 {
    set var-os-fingerprint = "Cisco Wireless Access Point";
}

#   Andrew Fleming
subclass "class-os-fingerprint" 1:1c:3:f:6:c:2c:4e:4f:74 {
    set var-os-fingerprint = "Xerox DocCenter";
}

#   20-Apr-2005 Andre Fleming
subclass "class-os-fingerprint" 1:42:6:3:f:96:23 {
    set var-os-fingerprint = "Cisco IP Phone";
}

subclass "class-os-fingerprint" 1:42:6:3:43:c:96 {
    set var-os-fingerprint = "Cisco 2900 Catalyst XL";
}
subclass "class-os-fingerprint" 1:42:6:3:43:96:3c {
    set var-os-fingerprint = "Cisco 1100 Wireless Access Point";
}