osmatch vs osclass

[Rick <cr22rc2 () gmail com>]

Hi,
Sorry if I'm bringing up the the obviously covered, if so please kindly point me 
to where I can get more details.  I'm trying to parse the xml output and make a 
determination based on the accuracy to finally pick just one type of os ( 
windows, linux..) to represent what was found.  I understand that this isn't 
guaranteed.
What's confusing me is osmatch versus the osclass and which to use to base that 
decision.  Would these ever clash differently for the top picks.  Basically, 
what I've seen from a very limited analysis if you look at the top 5 in accuracy 
you can see where they match up like at bottom (rearrange snippet).  Could these 
however be really different ?   Any pointers to info or some words of wisdom on 
these items would be greatly appreciated.


<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" 
osgen="2003" accuracy="96" />
<osmatch name="Microsoft Windows Server 2003 SP1" accuracy="96" line="12820"/>

<osclass type="general purpose" vendor="IBM" osfamily="z/OS" accuracy="94" />
<osmatch name="IBM z/OS v1r8" accuracy="94" line="7270"/>

<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="NT" 
accuracy="94" />
<osmatch name="Microsoft Windows NT 4.0 SP6" accuracy="94" line="13337"/>

<osclass type="mail server" vendor="Mirapoint" osfamily="embedded" accuracy="93" />
<osmatch name="Mirapoint Messaging Operating System 3.6.5" accuracy="93" 
line="14857"/>

<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" 
accuracy="91" />
<osmatch name="Linux 2.6.21-gentoo-r4 (PowerPC)" accuracy="91" line="10977"/>

Thanks.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org