The Connection Statistics data block is used in Connection Data messages. The Connection Statistics
data block for version 5.0 - 5.0.2 has a block type of 115.

For more information on the Connection Statistics Data message, see

Connection Statistics Data

Message, page 4-46

Table B-18

Operating System Fingerprint Data Block Fields

Field

Data Type

Description

Operating
System
Fingerprint Data
Block Type

uint32

Initiates the operating system data block. This value is always

Operating
System Data
Block Length

uint32

Number of bytes in the Operating System Fingerprint data block. This
value should always be

: eight bytes for the data block type and

length fields, sixteen bytes for the fingerprint UUID value, four bytes
for the fingerprint type, four bytes for the fingerprint source type, four
bytes for the fingerprint source ID, four bytes for the last seen value,
and one byte for the TTL difference.

Fingerprint
UUID

uint8[16]

Fingerprint identification number, in octets, that acts as a unique
identifier for the operating system. The fingerprint UUID maps to the
operating system name, vendor, and version in the vulnerability
database (VDB).

Fingerprint Type

uint32

Indicates the type of fingerprint.

Fingerprint
Source Type

uint32

Indicates the type (i.e., user or scanner) of the source that supplied the
operating system fingerprint.

Fingerprint
Source ID

uint32

Indicates the ID of the source that supplied the operating system
fingerprint.

Last Seen

uint32

Indicates when the fingerprint was last seen in traffic.

TTL Difference

uint8

Indicates the difference between the TTL value in the fingerprint and
the TTL value seen in the packet used to fingerprint the host.