OS Fingerprinting Problem

["net2004eng () yahoo com" <net2004eng () yahoo com>]

Hello Everyone,
Recently a number of co-workers and I were in the process of attempting to identify a "Linksys BEFSR41 Firmware 
Version: 1.46.02, Aug 03 2004" device using 2 different versions of nmap. I was using nmap version: Nmap 4.62 while a 
co-worker was using Nmap 4.20. The device was properly identified by running 4.20, but was unable to be identified 
while running 4.62. After performing a diff on both files, I noticed the following difference:
Scan ran: "nmap -vA x.x.x.x"
4.20:
SEQ(SP=F-16%GCD=A|14|1E|28|32|3C%ISR=4F-51%TI=I%II=I%SS=S%TS=U)
4.62:
SEQ(SP=F-16%GCD=A|14|1E|28|32|3C%ISR=4D-51%TI=I%II=I%SS=S%TS=U)
The only difference here is for "%ISR=4F-51" to "%ISR=4D-51"
I understand that the ISR accounts for the average rate of increase for the returned TCP initial sequence number. I 
wanted to know what can be done to get this included into the next update to nmap. The device that was scanned is 
accurately detected as the Linksys BEFSR41 Firmware Version: 1.46.02, Aug 03 2003 device. 
I plan on researching this more later, and will post any findings. If a packet trace is desired, I can post a scrubbed 
trace for that as well. 
Comments, input, and questions are welcome.
Thanks,
Matt

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org