diff --git a/GM3/build-ant.xml b/GM3/build-ant.xml
index ef59716..2b079c7 100644
--- a/GM3/build-ant.xml
+++ b/GM3/build-ant.xml
@@ -80,7 +80,7 @@ where methods that are used in GRASSMARLIN are declared private).
     <target name="compile" depends="gensrc-Fingerprinting" description="Compile sources to .class files">
         <mkdir dir="${build.classes.dir}"/>
 
-        <javac includeantruntime="false" srcdir="${src.dir}" destdir="${build.classes.dir}" verbose="true" debug="false">
+        <javac includeantruntime="false" srcdir="${src.dir}" destdir="${build.classes.dir}" verbose="true" debug="true">
             <src path="${gen.dir}"/>
             <classpath refid="lib.classpath"/>
         </javac>
@@ -226,11 +226,11 @@ where methods that are used in GRASSMARLIN are declared private).
             <arg value="${build.dir}\temp\grassmarlin-64.wixobj" />
         </exec>
 
-        <!-- Builds with live pcap disabled -->
+        <!-- Build with live pcap disabled (works on 32- and 64-bit) -->
         <echo message="Building Windows Installer with Live PCAP Disabled..." />
         <exec executable="${exec.candle}">
             <arg value="-dStagingPath=${build.app}" />
-            <arg value="-dLauncherFile=Installers\WindowsInstallers\GrassMarlin.bat" />
+            <arg value="-dLauncherFile=Installers\WindowsInstallers\GrassMarlin_NoPcap.bat" />
             <arg value="-o" />
             <arg value="${build.dir}\temp\grassmarlin-nolive.wixobj" />
             <arg value="Installers\WindowsInstallers\Windows.wix" />
@@ -303,7 +303,7 @@ where methods that are used in GRASSMARLIN are declared private).
         <echo message="Building Windows ZIP without Live PCAP..." />
         <zip destfile="${build.dir}/GrassMarlin-Win-NoLivePcap.zip">
             <zipfileset dir="${build.app}" excludes="**\iadgov.csvimport.jar,**\iadgov.sessioneventtest.jar" />
-            <zipfileset file="Installers/WindowsInstallers/GrassMarlin.bat" />
+            <zipfileset file="Installers/WindowsInstallers/GrassMarlin_NoPcap.bat" />
         </zip>
 
         <delete dir="${build.dir}/temp" />
diff --git a/GM3/data/fingerprint/ADA Control.xml b/GM3/data/fingerprint/ADA Control.xml
index 9f7ccb6..cae936c 100644
--- a/GM3/data/fingerprint/ADA Control.xml	
+++ b/GM3/data/fingerprint/ADA Control.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>ADA Control</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of ADA Control traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of ADA Control traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="ADA-CIP" Name="DstPort">
         <DstPort>2085</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="ADA-CIP">
+		<Description>TCP/UDP ADA-CIP</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="ADA-CIP" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+				<Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">ADA-CIP</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/AIMPP.xml b/GM3/data/fingerprint/AIMPP.xml
index c235893..1c0551a 100644
--- a/GM3/data/fingerprint/AIMPP.xml
+++ b/GM3/data/fingerprint/AIMPP.xml
@@ -3,22 +3,34 @@
     <Header>
         <Name>AIMPP</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of AIMPP Hello traffic.This fingerprint looks for the evidence of AIMPP Port Req traffic.</Description>
+        <Description>This fingerprint looks for evidence of TCP/UDP AIMPP Hello traffic. This fingerprint looks for evidence of TCP/UDP AIMPP Port Req traffic.</Description>
     </Header>
-    <Filter For=" Hello">
+    <Filter For="Hello" Name="Hello 2846">
         <DstPort>2846</DstPort>
-    </Filter>
-    <Filter For=" Port Req">
+    </Filter>	
+    <Filter For="Port Req" Name="Port Req 2847">
         <DstPort>2847</DstPort>
     </Filter>
-    <Payload For=" Hello">
+    <Payload For="Hello">
+        <Description>Hello AIMPP that hits on destination port</Description>
         <Always>
-            <Return Confidence="1"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">AIMPP Hello</Detail>
+                </Details>
+            </Return>
         </Always>
-    </Payload>
-    <Payload For=" Port Req">
+	</Payload>	
+    <Payload For="Port Req">
+        <Description>Port Req AIMPP that hits on destination port</Description>
         <Always>
-            <Return Confidence="1"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">AIMPP Port Req</Detail>
+                </Details>
+            </Return>
         </Always>
-    </Payload>
+    </Payload>	
 </Fingerprint>
diff --git a/GM3/data/fingerprint/ANSI.xml b/GM3/data/fingerprint/ANSI.xml
new file mode 100644
index 0000000..0020437
--- /dev/null
+++ b/GM3/data/fingerprint/ANSI.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>ANSI</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidenece of ANSI x3.28, z39.50, and c1222-asse traffic.</Description>
+    </Header>
+    <Filter For="ANSI 1" Name="z39.50">
+        <DstPort>210</DstPort>
+    </Filter>
+    <Filter For="ANSI 2" Name="c1222-asse">
+        <DstPort>1153</DstPort>
+    </Filter>
+    <Payload For="ANSI 1">
+        <Description>Developed by Allen Bradley to communicate between stations and substations. Z39.50</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="ISCProtocol">ANSI</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="ANSI 2">
+        <Description>Developed by Allen Bradley to communicate between stations and substations. C1222-ASSE.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="ICSProtocol">ANSI</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/ASP.Net.xml b/GM3/data/fingerprint/ASP.Net.xml
new file mode 100644
index 0000000..b3370b6
--- /dev/null
+++ b/GM3/data/fingerprint/ASP.Net.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>ASP.Net</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of session states that stores data out of process.</Description>
+    </Header>
+    <Filter For="ASP.Net" Name="State Service">
+        <DstPort>42424</DstPort>
+    </Filter>
+    <Payload For="ASP.Net">
+        <Description>Payload supports asp.net state service</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">ASP.NET</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Allen Bradley.xml b/GM3/data/fingerprint/Allen Bradley.xml
new file mode 100644
index 0000000..4add90f
--- /dev/null
+++ b/GM3/data/fingerprint/Allen Bradley.xml	
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Allen Bradley</Name>
+        <Author>Default</Author>
+        <Description>This is the response seen from a device running an Allen Bradley specific web server and providing its device description via a web page. 
+This is evidence of some sort of Allen Bradley Intelligent Electronic Device (IED). 
+	This is the response seen from a device running an Allen Bradley specific web server. "Server: A-B WWW/0.1" 
+This is evidence of some sort of Allen Bradley Intelligent Electronic Device (IED). 
+	This is the response seen from a device running an Allen Bradley specific web server and providing its device name via a web page. 
+This is evidence of some sort of Allen Bradley Intelligent Electronic Device (IED). 
+	</Description>
+    </Header>
+    <Filter For="Bradley Web Server Device Description" Name="Server Device">
+        <TransportProtocol>6</TransportProtocol>
+        <Ethertype>2048</Ethertype>
+        <SrcPort>80</SrcPort>
+    </Filter>
+    <Filter For="Bradley Web Server" Name="Web Server">
+        <TransportProtocol>6</TransportProtocol>
+        <Ethertype>2048</Ethertype>
+        <SrcPort>80</SrcPort>
+    </Filter>
+    <Filter For="Bradley Web Server Device Name" Name="Server Device Name">
+        <TransportProtocol>6</TransportProtocol>
+        <Ethertype>2048</Ethertype>
+        <SrcPort>80</SrcPort>
+    </Filter>
+    <Filter For="All newer Rockwell PLC" Name="Rockwell PLC">
+        <TransportProtocol>6</TransportProtocol>
+		<DstPort>44818</DstPort>
+    </Filter>	
+    <Payload For="Bradley Web Server Device Description">
+	<Description>Bradley Web Server Device Description</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="true">
+            <Pattern>Description&lt;/td&gt;&lt;td&gt;</Pattern>
+            <AndThen>
+                <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="false">
+                    <Content Type="HEX">3C</Content>
+                    <AndThen>
+                        <Anchor Cursor="END" Position="CURSOR_MAIN" Relative="false" Offset="0"/>
+                        <Return Direction="SOURCE" Confidence="4">
+                            <Details>
+                                <Category>IED</Category>
+                                <Role>SERVER</Role>
+                                <Detail Name="ICSProtocol">Bradley Web Server Device Description</Detail>
+                            </Details>
+                        </Return>
+                    </AndThen>
+                </Match>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="Bradley Web Server">
+		<Description>Bradley Web Server</Description>
+        <Match Offset="17" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="true">
+            <Content Type="HEX">5365727665723A20412D42205757572F302E310D0A</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="4">
+                    <Details>
+                        <Category>IED</Category>
+                        <Role>SERVER</Role>
+                        <Detail Name="ICSProtocol">Bradley Web Server</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="Bradley Web Server Device Name">
+		<Description>Bradley Web Server Device Name</Description>
+        <Match Offset="184" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="true">
+            <Content Type="HEX">73733D52363E446576696365204E616D653C2F74643E3C74643E</Content>
+            <AndThen>
+                <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="false">
+                    <Content Type="HEX">3C</Content>
+                    <AndThen>
+                        <Anchor Cursor="END" Position="CURSOR_MAIN" Relative="false" Offset="0"/>
+                        <Return Direction="SOURCE" Confidence="4">
+                            <Details>
+                                <Category>IED</Category>
+                                <Role>SERVER</Role>
+                                <Detail Name="ICSProtocol">Bradely Web Server Device Name</Detail>
+                            </Details>
+                        </Return>
+                    </AndThen>
+                </Match>
+            </AndThen>
+        </Match>
+    </Payload>
+	<Payload For="All newer Rockwell PLC">
+        <Description>Allen Bradley Rockwell PLC</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="ICSProtocol">Allen Bradley Rockwell PLC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Automation Direct DirectNET.xml b/GM3/data/fingerprint/Automation Direct DirectNET.xml
new file mode 100644
index 0000000..5f553a6
--- /dev/null
+++ b/GM3/data/fingerprint/Automation Direct DirectNET.xml	
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Automation Direct DirectNET</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Automation Direct's DirectNet protocol traffic.</Description>
+    </Header>
+    <Filter For="DirectNet Master TCP" Name="MASTER TCP">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>3447</DstPort>
+    </Filter>
+    <Filter For="DirectNet Slave TCP" Name="SLAVE TCP">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>3447</SrcPort>
+    </Filter>
+    <Filter For="DirectNet Master UDP" Name="MASTER UDP">
+        <TransportProtocol>17</TransportProtocol> 
+        <DstPort>3447</DstPort>
+    </Filter>
+    <Filter For="DirectNet Slave UDP" Name="SLAVE UDP">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>3447</SrcPort>
+    </Filter>	
+    <Payload For="DirectNet Master TCP">
+        <Description>DirectNet MASTER that matches the HEX pattern</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>MTU</Category>
+                    <Role>MASTER</Role>
+                    <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">4E2105</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="DirectNet Slave TCP">
+        <Description>DirectNet SLAVE that matches the HEX pattern</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>RTU</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">4E2105</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="DirectNet Master UDP">
+        <Description>DirectNet MASTER that matches the HEX pattern</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>MTU</Category>
+                    <Role>MASTER</Role>
+                    <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">4E2105</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>	
+    <Payload For="DirectNet Slave UDP">
+        <Description>DirectNet SLAVE that matches the HEX pattern</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>RTU</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">4E2105</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Detail Name="ICSProtocol">Automation Direct DirectNet</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>		
+</Fingerprint>
diff --git a/GM3/data/fingerprint/BACNET.xml b/GM3/data/fingerprint/BACNET.xml
index 0eefdbe..c037695 100644
--- a/GM3/data/fingerprint/BACNET.xml
+++ b/GM3/data/fingerprint/BACNET.xml
@@ -1,65 +1,57 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright (C) 2011, 2012
- This file is part of GRASSMARLIN.
--->
-<Fingerprint
-    xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
-    xsi:noNamespaceSchemaLocation='../../../src/core/fingerprint/fingerprint3.xsd'>
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
     <Header>
         <Name>BACNET</Name>
         <Author>Default</Author>
-        <Description>
-            Finds BACNET traffic and attemps to extract the Device Name and Number.
-        </Description>
+        <Description>Finds BACNET traffic and attemps to extract the Device Name and Number.</Description>
     </Header>
-    
-    <Filter For="BACNET">
+    <Filter For="BACNET" Name="Dst/Src">
         <DstPort>47808</DstPort>
         <SrcPort>47808</SrcPort>
     </Filter>
-    
     <Payload For="BACNET">
+        <Description>Tags BACNET traffic</Description>
         <Always>
-            <Return Confidence="1">
+            <Return Direction="SOURCE" Confidence="1">
                 <Details>
                     <Category>ICS_HOST</Category>
-                    <Detail Name="Detail">BACNET</Detail>
+                    <Detail Name="ICSProtocol">BACNET</Detail>
                 </Details>
             </Return>
         </Always>
-        <Match Offset="0" Within="65535" MoveCursors="true">
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="65535" MoveCursors="true">
             <Content Type="HEX">1007</Content>
-            <!-- if this hex is found anywhere in a packet it is a BACNET packet -->
             <AndThen>
-                <ByteJump Bytes="1" Offset="9" Relative="false">
+                <ByteJump PostOffset="0" Relative="false" Endian="BIG" Offset="9" Bytes="1">
                     <AndThen>
-                        <Return Confidence="1">
+                        <Return Direction="SOURCE" Confidence="1">
                             <Details>
+                                <Category>ICS_HOST</Category>
                                 <Role>SERVER</Role>
                             </Details>
-                            <!-- one byte limits us to 256 characters -->
-                            <Extract Name="Device Name" From="10" To="CURSOR_MAIN" MaxLength="256"/>
+                            <Extract Name="Device Name" From="10" To="CURSOR_MAIN" MaxLength="256" Endian="BIG">
+                                <Post Lookup="BACNET"/>
+                            </Extract>
                         </Return>
                     </AndThen>
                 </ByteJump>
             </AndThen>
         </Match>
-        <Match Offset="0" Within="65535">
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="65535" MoveCursors="true">
             <Content Type="HEX">1000C40200</Content>
-            <!-- if this hex is found anywhere in a packet it extracts two bytes after its occurance-->
             <AndThen>
-                <Anchor Cursor="END" Offset="2" Relative="true"/>
-                <Return Confidence="1">
+                <Anchor Cursor="END" Position="START_OF_PAYLOAD" Relative="true" Offset="2"/>
+                <Return Direction="SOURCE" Confidence="1">
                     <Details>
+                        <Category>ICS_HOST</Category>
                         <Role>CLIENT</Role>
+                        <Detail Name="ICSProtocol">BACNET</Detail>
                     </Details>
-                    <Extract Name="Device ID" From="CURSOR_MAIN" To="CURSOR_END" MaxLength="2">
+                    <Extract Name="Device ID" From="CURSOR_MAIN" To="CURSOR_END" MaxLength="2" Endian="BIG">
                         <Post Convert="INTEGER"/>
                     </Extract>
                 </Return>
             </AndThen>
         </Match>
     </Payload>
-    
 </Fingerprint>
diff --git a/GM3/data/fingerprint/BINL.xml b/GM3/data/fingerprint/BINL.xml
new file mode 100644
index 0000000..167c254
--- /dev/null
+++ b/GM3/data/fingerprint/BINL.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>BINL</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Boot Information Negotiation layer service which answers PXE requests and checks active directory for client information to and from the server.</Description>
+    </Header>
+    <Filter For="BINL" Name="Boot Information Negotiation">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>4011</DstPort>
+    </Filter>
+    <Payload For="BINL">
+        <Description>Tags UDP service that makes sure the client received correct configuration and policy settings during negotiation.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">BINL</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/Beckhoff.xml b/GM3/data/fingerprint/Beckhoff.xml
new file mode 100644
index 0000000..58eedd2
--- /dev/null
+++ b/GM3/data/fingerprint/Beckhoff.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Beckhoff</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of EtherCAT traffic.</Description>
+    </Header>
+    <Filter For="EtherCAT TCP Master" Name="TCP Master">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>34980</DstPort>
+    </Filter>
+    <Filter For="EtherCAT TCP Slave" Name="TCP Slave">
+        <TransportProtocol>6</TransportProtocol>
+        <SrcPort>34980</SrcPort>
+    </Filter>
+    <Filter For="EtherCAT UDP Master" Name="UDP Master">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>34980</DstPort>
+    </Filter>
+    <Filter For="EtherCAT UDP Slave" Name="UDP Slave">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>34980</SrcPort>
+    </Filter>	
+    <Filter For="Embedded PC" Name="PC">
+        <DstPort>48898</DstPort>
+    </Filter>		
+    <Payload For="EtherCAT TCP Master">
+        <Description>EtherCAT Master that matches TCP and port number</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>MTU</Category>
+                    <Role>MASTER</Role>
+                    <Detail Name="ICSProtocol">BECKHOFF EtherCAT</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="EtherCAT TCP Slave">
+        <Description>EtherCAT Slave that matches TCP and port number</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="ICSProtocol">BECKHOFF EtherCAT</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="EtherCAT UDP Master">
+        <Description>EtherCAT Master that matches UDP and port number</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>MTU</Category>
+                    <Role>MASTER</Role>
+                    <Detail Name="ICSProtocol">BECKHOFF EtherCAT</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="EtherCAT UDP Slave">
+        <Description>EtherCAT Slave that matches UDP and port number</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="ICSProtocol">BECKHOFF EtherCAT</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Embedded PC">
+        <Description>BECKHOFF Embedded PC over destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>PLC</Category>
+                    <Detail Name="ICSProtocol">BECKHOFF Embedded PC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Browser Protocol.xml b/GM3/data/fingerprint/Browser Protocol.xml
new file mode 100644
index 0000000..898a38c
--- /dev/null
+++ b/GM3/data/fingerprint/Browser Protocol.xml	
@@ -0,0 +1,200 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Browser Protocol</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint tags the Host Name and the OS version in the Browser protocol.</Description>
+    </Header>
+    <Filter For="Browser Protocol" Name="SrcPort">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>138</SrcPort>
+    </Filter>
+    <Filter For="Browser Protocol" Name="DstPort">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>138</DstPort>
+    </Filter>
+    <Filter For="Browser Protocol2" Name="SrcPort2">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>138</SrcPort>
+    </Filter>
+    <Filter For="Browser Protocol2" Name="DstPort2">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>138</DstPort>
+    </Filter>
+    <Filter For="Browser Protocol3" Name="SrcPort3">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>138</SrcPort>
+    </Filter>
+    <Filter For="Browser Protocol3" Name="DstPort3">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>138</DstPort>
+    </Filter>
+    <Filter For="Browser Protocol4" Name="SrcPort4">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>138</SrcPort>
+    </Filter>	
+    <Filter For="Browser Protocol4" Name="DstPort4">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>138</DstPort>
+    </Filter>	
+    <Filter For="Browser Protocol5" Name="SrcPort5">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>138</SrcPort>
+    </Filter>
+    <Filter For="Browser Protocol5" Name="DstPort5">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>138</DstPort>
+    </Filter>	
+    <Filter For="Browser Protocol6" Name="SrcPort6">
+        <TransportProtocol>17</TransportProtocol>
+        <SrcPort>138</SrcPort>
+    </Filter>
+    <Filter For="Browser Protocol6" Name="DstPort6">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>138</DstPort>
+    </Filter>	
+    <Payload For="Browser Protocol">
+        <Description>Tags 0F00C0D4 Hex pattern in payload. Extracting from bytes 174-182 for Windows Name and bytes 190-192 for Version number.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="MicrosoftProtocol">Microsoft Windows Browser Protocol</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="true" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">0F00C0D4</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="Host Name" From="174" To="182" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                    <Extract Name="Windows Version" From="190" To="192" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="Browser Protocol2">
+        <Description>Tags 0F0080FC Hex pattern in payload. Extracting from bytes 174-190 for Windows Name and bytes 190-192 for Version number.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="MicrosoftProtocol">Microsoft Windows Browser Protocol</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="true" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">0F0080FC</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="Host Name" From="174" To="190" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                    <Extract Name="Windows Version" From="190" To="192" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+	<Payload For="Browser Protocol3">
+        <Description>Tags 010080FC Hex pattern in payload. Extracting from bytes 174-189 for Windows Name and bytes 190-192 for Version number.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="MicrosoftProtocol">Microsoft Windows Browser Protocol</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="true" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">010080FC</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="Host Name" From="174" To="189" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                    <Extract Name="Windows Version" From="190" To="192" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+	<Payload For="Browser Protocol4">
+        <Description>Tags 0F162012 Hex pattern in payload. Extracting from bytes 174-189 for Windows Name and bytes 190-192 for Version number.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="MicrosoftProtocol">Microsoft Windows Browser Protocol</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="true" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">0F162012</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="Host Name" From="174" To="189" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                    <Extract Name="Windows Version" From="190" To="192" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>	
+	<Payload For="Browser Protocol5">
+        <Description>Tags 010080A9 Hex pattern in payload. Extracting from bytes 174-190 for Windows Name and bytes 190-192 for Version number.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="MicrosoftProtocol">Microsoft Windows Browser Protocol</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="true" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">010080A9</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="Host Name" From="174" To="190" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                    <Extract Name="Windows Version" From="190" To="192" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+	<Payload For="Browser Protocol6">
+        <Description>Tags the Domain/Workgroup Accouncement in the Browser Protocol and matches on 0C00A0BB Hex pattern in payload. Extracts bytes 174-190 for Domain/Workgroup and bytes 190-192 for Windows version number.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="MicrosoftProtocol">Microsoft Windows Browser Protocol</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="true" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">0C00A0BB</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="Domain/Workgroup" From="174" To="190" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                    <Extract Name="Windows Version" From="190" To="192" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>		
+</Fingerprint>
diff --git a/GM3/data/fingerprint/CAMP.xml b/GM3/data/fingerprint/CAMP.xml
index 5fff727..ea89494 100644
--- a/GM3/data/fingerprint/CAMP.xml
+++ b/GM3/data/fingerprint/CAMP.xml
@@ -3,15 +3,20 @@
     <Header>
         <Name>CAMP</Name>
         <Author>Default</Author>
-        <Description>Could indicate CAMP protocol </Description>
-        <Tag>Original</Tag>
+        <Description>Possible indication of command/response from CAMP. When a CAMP command is sent to another node, reponse is expected. This allows the application to determine whether a command was sucessfully completed.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="Common ASCII Message Protocol" Name="DstPort">
         <DstPort>4450</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="Common ASCII Message Protocol">
+        <Description>Tags the Common ASCII Message Protocol</Description>
         <Always>
-            <Return Confidence="1"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Message Protocol">Common ASCII Message Protocol</Detail>
+                </Details>
+            </Return>
         </Always>
     </Payload>
 </Fingerprint>
diff --git a/GM3/data/fingerprint/CNRP.xml b/GM3/data/fingerprint/CNRP.xml
index bbe4d8b..4a0b47a 100644
--- a/GM3/data/fingerprint/CNRP.xml
+++ b/GM3/data/fingerprint/CNRP.xml
@@ -3,15 +3,20 @@
     <Header>
         <Name>CNRP</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of CNRP traffic</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of CNRP traffic</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="Common Name Resolution Protocol" Name="DstPort">
         <DstPort>2757</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="Common Name Resolution Protocol">
+        <Description>Tags the Common Name Resolution Protocol</Description>
         <Always>
-            <Return Confidence="2"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Name Resolution Protocol">Common Name Resolution Protocol</Detail>
+                </Details>
+            </Return>
         </Always>
     </Payload>
 </Fingerprint>
diff --git a/GM3/data/fingerprint/CT Discovery Protocol.xml b/GM3/data/fingerprint/CT Discovery Protocol.xml
index 0c952c3..5d5f90d 100644
--- a/GM3/data/fingerprint/CT Discovery Protocol.xml	
+++ b/GM3/data/fingerprint/CT Discovery Protocol.xml	
@@ -3,17 +3,34 @@
     <Header>
         <Name>CT Discovery Protocol</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of CT Discovery Protocol traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of CT Discovery Protocol traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="CTDP Src" Name="SrcPort">
         <SrcPort>7022</SrcPort>
     </Filter>
-    <Payload For="default">
+    <Filter For="CTDP Dst" Name="DstPort">
+        <DstPort>7022</DstPort>
+    </Filter>	
+    <Payload For="CTDP Src">
+		<Description>Tags source traffic of CT Discovery Protocol</Description>
         <Always>
-            <Return Confidence="3">
-                <Extract Name="CTDP" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="DiscoveryProtocol">CT Discovery Protocol</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
+    <Payload For="CTDP Dst">
+		<Description>Tags destination traffic of CT Discovery Protocol</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="DiscoveryProtocol">CT Discovery Protocol</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
 </Fingerprint>
diff --git a/GM3/data/fingerprint/CTI.xml b/GM3/data/fingerprint/CTI.xml
index b689124..8f2739b 100644
--- a/GM3/data/fingerprint/CTI.xml
+++ b/GM3/data/fingerprint/CTI.xml
@@ -3,25 +3,33 @@
     <Header>
         <Name>CTI</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of CTI Program Load traffic.This fingerprint looks for the evidence of CTI System Msg traffic.</Description>
+        <Description>This fingerprint looks for evidence of CTI Program Load traffic. This fingerprint looks for evidence of CTI System Msg traffic.</Description>
     </Header>
-    <Filter For=" Program Load">
+    <Filter For="Program Load" Name="DstPort">
         <DstPort>4452</DstPort>
     </Filter>
-    <Filter For=" System Message">
+    <Filter For="System Message" Name="DstPort">
         <DstPort>4451</DstPort>
     </Filter>
-    <Payload For=" Program Load">
+    <Payload For="Program Load">
+        <Description>Tags the CTI Program Load</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="CTIPROGRAMLOAD" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">CT Program Load</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" System Message">
+    <Payload For="System Message">
+        <Description>Tags the CT Discovery Protocol</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="CTISYSTEMMSG" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">CT System Message</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/CodeSys.xml b/GM3/data/fingerprint/CodeSys.xml
new file mode 100644
index 0000000..5ef8aa3
--- /dev/null
+++ b/GM3/data/fingerprint/CodeSys.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>CodeSys</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of CodeSys traffic.</Description>
+    </Header>
+    <Filter For="Gateway Server 1" Name="Dst 2455">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>2455</DstPort>
+    </Filter>
+    <Filter For="Gateway Server 2" Name="Dst 1200">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1200</DstPort>
+    </Filter>	
+	<Payload For="Gateway Server 1">
+		<Description>Gateway Server for industrial devices running CodeSys programming interface</Description>
+        <Always>
+            <Return Confidence="5">
+                <Details>
+					<Role>SERVER</Role>
+                    <Detail Name="ICSProtocol">CodeSys</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="Gateway Server 2">
+		<Description>Gateway Server for industrial devices running CodeSys programming interface</Description>
+        <Always>
+            <Return Confidence="5">
+                <Details>
+					<Role>SERVER</Role>
+                    <Detail Name="ICSProtocol">CodeSys</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Cutler-Hammer IP Port.xml b/GM3/data/fingerprint/Cutler-Hammer IP Port.xml
index 61b715e..3419cf0 100644
--- a/GM3/data/fingerprint/Cutler-Hammer IP Port.xml	
+++ b/GM3/data/fingerprint/Cutler-Hammer IP Port.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>Cutler-Hammer IP Port</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of Cutler-Hammer IP Port traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of Cutler-Hammer IP Port traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="IPCS Command" Name="DstPort">
         <DstPort>3743</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="IPCS Command" >
+        <Description>Tags the Cutler-Hammer IP Port</Description>
         <Always>
-            <Return Confidence="3">
-                <Extract Name="IPCS-COMMAND" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSCommand">IPCS Command</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/DCERPC.xml b/GM3/data/fingerprint/DCERPC.xml
new file mode 100644
index 0000000..0c9f08b
--- /dev/null
+++ b/GM3/data/fingerprint/DCERPC.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>DCERPC</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of DCERPC traffic which is a specificiation for a remote call that defines both APIs and an over-the-network protocol. A DCE/RPC server's endpoint mapper (EPMAP) will listen for incoming calls. A client will call this endpoint mapper and ask for a specific interface, which will be accessed on a different connection.</Description>
+    </Header>
+    <Filter For="DCERPC" Name="DCERPC">
+        <DstPort>135</DstPort>
+    </Filter>
+    <Payload For="DCERPC">
+        <Description>Tags the CTX data item under the DCE/RPC payload</Description>
+        <Match Offset="28" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="true">
+            <Content Type="HEX">00000100C4</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Detail Name="Microsoft Server Product">DCE/RPC</Detail>
+                    </Details>
+                    <Extract Name="IOXIDResolver UUID" From="32" To="48" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                    <Extract Name="NDR UUID" From="52" To="68" MaxLength="1024" Endian="BIG">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/DHCP.xml b/GM3/data/fingerprint/DHCP.xml
new file mode 100644
index 0000000..ef360da
--- /dev/null
+++ b/GM3/data/fingerprint/DHCP.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>DHCP</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of DHCP communication and DHCP traffic deployed at a MADCAP server.</Description>
+    </Header>
+    <Filter For="DHCP" Name="DHCP">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>67</DstPort>
+    </Filter>
+    <Filter For="MADCAP" Name="MADCAP">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>2535</DstPort>
+    </Filter>
+    <Payload For="DHCP">
+        <Description>Tags DHCP traffic</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">DHCP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="MADCAP">
+        <Description>Tags DHCP in MADCAP server deployment</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">DHCP MADCAP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/DLIP.xml b/GM3/data/fingerprint/DLIP.xml
index 8e6a89e..802005b 100644
--- a/GM3/data/fingerprint/DLIP.xml
+++ b/GM3/data/fingerprint/DLIP.xml
@@ -3,17 +3,34 @@
     <Header>
         <Name>DLIP</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of DLIP traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of DLIP traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="DLIP Src" Name="DLIP Src">
         <SrcPort>7201</SrcPort>
     </Filter>
-    <Payload For="default">
-        <Always>
-            <Return Confidence="1">
-                <Extract Name="DLIP" From="CURSOR_START" To="CURSOR_END"/>
+    <Filter For="DLIP Dst" Name="DLIP Dst">
+        <DstPort>7201</DstPort>
+    </Filter>	
+    <Payload For="DLIP Src">
+        <Description>Tags Intelligent Data Acquisition and Control</Description>
+		<Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">DLIP</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
+    <Payload For="DLIP Dst">
+        <Description>Tags Intelligent Data Acquisition and Control</Description>
+		<Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">DLIP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
 </Fingerprint>
diff --git a/GM3/data/fingerprint/DNP3.xml b/GM3/data/fingerprint/DNP3.xml
index 278b881..cda1ec1 100644
--- a/GM3/data/fingerprint/DNP3.xml
+++ b/GM3/data/fingerprint/DNP3.xml
@@ -1,46 +1,44 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright (C) 2011, 2012
- This file is part of GRASSMARLIN.
--->
-<Fingerprint
-    xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
-    xsi:noNamespaceSchemaLocation='../../../src/core/fingerprint/fingerprint3.xsd'>
-    
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
     <Header>
         <Name>DNP3</Name>
         <Author>Default</Author>
-        <Description>Looks for evidence of DNP3 traffic typically on port 20000.</Description>
+        <Description>Looks for evidence of DNP3 traffic on src/des on port 20000</Description>
     </Header>
-    
-    <Filter For="DNP3">
+    <Filter For="DNP3_Master" Name="Master">
         <DstPort>20000</DstPort>
     </Filter>
-
-    <Payload For="DNP3">
-        <Description>
-            Finds a DNP3 Master device by matching the DNP3 header and attaches
-            details to both the SOURCE and DESTINATION in the frame.
-        </Description>
-        <Match Offset="0" Relative="false" MoveCursors="false">
+    <Filter For="DNP3_Slave" Name="Slave">
+        <SrcPort>20000</SrcPort>
+    </Filter>
+    <Payload For="DNP3_Master">
+        <Description>Finds a DNP3 Master device by matching the DNP3 header and attaches details to the DESTINATION in the frame.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="false">
             <Content Type="HEX">0564</Content>
             <AndThen>
-                <Return Confidence="5" Direction="SOURCE">
+                <Return Direction="SOURCE" Confidence="4">
                     <Details>
-                        <Category>IED</Category>
-                        <Role>SLAVE</Role>
+                        <Category>MTU</Category>
+                        <Role>MASTER</Role>
                         <Detail Name="ICSProtocol">DNP3</Detail>
                     </Details>
                 </Return>
-                <Return Confidence="4" Direction="DESTINATION">
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="DNP3_Slave">
+        <Description>Finds a DNP3 Slave device by matching the DNP3 header and attaches details to the SOURCE in the frame.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="false">
+            <Content Type="HEX">0564</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="4">
                     <Details>
-                        <Category>MTU</Category>
-                        <Role>MASTER</Role>
+                        <Category>IED</Category>
+                        <Role>SLAVE</Role>
                         <Detail Name="ICSProtocol">DNP3</Detail>
                     </Details>
                 </Return>
             </AndThen>
         </Match>
     </Payload>
-  
 </Fingerprint>
diff --git a/GM3/data/fingerprint/Danfoss.xml b/GM3/data/fingerprint/Danfoss.xml
new file mode 100644
index 0000000..0326b42
--- /dev/null
+++ b/GM3/data/fingerprint/Danfoss.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Danfoss</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Danfoss ECL Alex traffic.</Description>
+    </Header>
+    <Filter For="Danfoss ECL Apex" Name="ECL Apex">
+        <DstPort>5050</DstPort>
+    </Filter>
+    <Payload For="Danfoss ECL Apex">
+        <Description>High performance PLC runtime engine desinged to run both embedded and PC applications</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="Product">Danfoss ECL Apex</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/Data Acquisition and Control.xml b/GM3/data/fingerprint/Data Acquisition and Control.xml
index b781574..0304dde 100644
--- a/GM3/data/fingerprint/Data Acquisition and Control.xml	
+++ b/GM3/data/fingerprint/Data Acquisition and Control.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>Data Acquisition and Control</Name>
         <Author>Default</Author>
-        <Description>Data Acquisition and Control</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint identifies evidence of Data Acquisition and Control traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="IDAC" Name="Intelligent Data Acquisition and Control">
         <DstPort>3881</DstPort>
     </Filter>
-    <Payload For="default">
-        <Always>
-            <Return Confidence="1">
-                <Extract Name="IDAC" From="CURSOR_START" To="CURSOR_END"/>
+    <Payload For="IDAC">
+		<Description>Tags Intelligent Data Acquisition and Control</Description>
+		<Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Intelligent Data Acquisition and Control</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Domain Controller.xml b/GM3/data/fingerprint/Domain Controller.xml
new file mode 100644
index 0000000..714624a
--- /dev/null
+++ b/GM3/data/fingerprint/Domain Controller.xml	
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Domain Controller</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of domain controller communication including client computers, authentication, and active directory.</Description>
+    </Header>
+    <Filter For="Domain Controller" Name="Controller Traffic">
+        <DstPort>135</DstPort>
+    </Filter>	
+    <Filter For="Kerberos" Name="Authentication">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>88</DstPort>
+    </Filter>
+    <Filter For="File Replication Service" Name="UDP File Replication">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>138</DstPort>
+    </Filter>
+    <Filter For="File Replication Service" Name="TCP File Replication">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>139</DstPort>
+    </Filter>
+    <Filter For="Light Directory Application Protocol" Name="LDAP Query">
+        <DstPort>389</DstPort>
+    </Filter>
+    <Filter For="Light Directory Application Protocol" Name="LDAP SSL">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>636</DstPort>
+    </Filter>
+    <Filter For="Light Directory Application Protocol" Name="LDAP Global Catalog">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>3268</DstPort>
+    </Filter>
+	<Filter For="Light Directory Application Protocol" Name="LDAP Global Catalog SSL">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>3269</DstPort>
+    </Filter>
+	<Filter For="FRS-RPC" Name="Microsoft FRS-RPC service">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>53248</DstPort>
+    </Filter>		
+	<Filter For="DFS-R" Name="Microsoft DFS Replication Service">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>5722</DstPort>
+    </Filter>	
+    <Payload For="Domain Controller">
+        <Description>Identifies domain contoller to domain controller traffic.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Service">Authentication</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Kerberos">
+        <Description>Identifies kerberos authentication traffic.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Service">Kerberos</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="File Replication Service">
+        <Description>File replication service between domain controllers.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Service">File Replication Service</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Light Directory Application Protocol">
+        <Description>LDAP to handle normal queries from client computers to domain controllers.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Service">LDAP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="FRS-RPC">
+        <Description>Microsoft technology that replicates files and folders stored in the SYSVOL shared folder on domain controllers and distributed shared folders.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Service">FRS-RPC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+    <Payload For="DFS-R">
+        <Description>Microsoft DFS replication service that shares folders that can be kept synchronized by using methods other than FRS.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Service">DFS-R</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+</Fingerprint>
diff --git a/GM3/data/fingerprint/EGD.xml b/GM3/data/fingerprint/EGD.xml
new file mode 100644
index 0000000..7c5f378
--- /dev/null
+++ b/GM3/data/fingerprint/EGD.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>EGD</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of EGD Type:13 Version:1 traffic over 18246.</Description>
+    </Header>
+    <Filter For="EGD" Name="Ethernet Global Data">
+        <DstPort>18246</DstPort>
+        <SrcPort>18246</SrcPort>
+    </Filter>
+    <Payload For="EGD">
+        <Description>Protocol that enables producer (server) to share a portion of its memory to all the consumer (clients) at the schedule periodic rate protocol developed for GE Fanuc PLCs to change data between PLCs/GE drive systems. The protocol uses UDP over Ethernet layers for exchanging data.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="ICSProtocol">Ethernet Global Data</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="2" Relative="true" Within="0" MoveCursors="true">
+            <Content Type="HEX">0D01</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="RequestID" From="2" To="4" MaxLength="1024" Endian="LITTLE">
+                        <Post Convert="INTEGER"/>
+                    </Extract>
+                    <Extract Name="ProducerID-IP_Address" From="4" To="8" MaxLength="1024" Endian="BIG">
+                        <Post Convert="RAW_BYTES"/>
+                    </Extract>
+                    <Extract Name="ExchangeID" From="8" To="12" MaxLength="1024" Endian="LITTLE">
+                        <Post Convert="HEX"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/EtherNetIP.xml b/GM3/data/fingerprint/EtherNetIP.xml
index 9bced5f..39195f7 100644
--- a/GM3/data/fingerprint/EtherNetIP.xml
+++ b/GM3/data/fingerprint/EtherNetIP.xml
@@ -3,20 +3,21 @@
     <Header>
         <Name>EtherNetIP</Name>
         <Author>Default</Author>
-        <Description>EthernetIP Traffic</Description>
+        <Description>This fingerprint identifies evidence of EtherNetIP traffic.</Description>
         <Tag>ETHERNETIP</Tag>
     </Header>
-    <Filter For="EtherNetIP UDP List Identity Response" Name="Filter Group 0">
+    <Filter For="EtherNetIP UDP List Identity Response" Name="UDP List">
         <TransportProtocol>17</TransportProtocol>
         <SrcPort>44818</SrcPort>
     </Filter>
-    <Filter For="Replier/Requester UDP" Name="Filter Group 1">
+    <Filter For="Replier/Requester UDP" Name="Dst">
         <DstPort>44818</DstPort>
     </Filter>
-    <Filter For="Replier/Requester UDP" Name="Filter Group 2">
+    <Filter For="Replier/Requester UDP" Name="Src">
         <SrcPort>44818</SrcPort>
     </Filter>
     <Payload For="Replier/Requester UDP">
+		<Description>Tags UDP replier/requester EtherNetIP traffic.</Description>
         <Always>
             <Return Direction="SOURCE" Confidence="5">
                 <Details>
@@ -27,6 +28,7 @@
         </Always>
     </Payload>
     <Payload For="EtherNetIP UDP List Identity Response">
+		<Description>Tags UDP identity EtherNetIP response traffic.</Description>
         <Always>
             <Return Direction="SOURCE" Confidence="5">
                 <Details>
diff --git a/GM3/data/fingerprint/Extensible Automation.xml b/GM3/data/fingerprint/Extensible Automation.xml
index 9a75324..8dcddb9 100644
--- a/GM3/data/fingerprint/Extensible Automation.xml	
+++ b/GM3/data/fingerprint/Extensible Automation.xml	
@@ -3,17 +3,18 @@
     <Header>
         <Name>Extensible Automation</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of Extensible Automation traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of Extensible Automation traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="Extensible Automation" Name="xAP-HA">
         <DstPort>3639</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="Extensible Automation">
+		<Description>Supports integration of telemetry and control devices for building automation</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="XAP-HA" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+				<Category>ICS_HOST</Category>
+				<Detail Name="ICSProtocol">xAP-HA</Detail>
             </Return>
         </Always>
     </Payload>
-</Fingerprint>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/FODMS FLIP.xml b/GM3/data/fingerprint/FODMS FLIP.xml
index 051774a..906dbfd 100644
--- a/GM3/data/fingerprint/FODMS FLIP.xml	
+++ b/GM3/data/fingerprint/FODMS FLIP.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>FODMS FLIP</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of FODMS FLIP traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of FODMS FLIP traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="FODMS FLIP" Name="SrcPort">
         <SrcPort>7200</SrcPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="FODMS FLIP">
+        <Description>Fiber optics multiplexing service as per RFC 822</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="FODMS" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">FODMS FLIP</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Fagor.xml b/GM3/data/fingerprint/Fagor.xml
new file mode 100644
index 0000000..70c9b48
--- /dev/null
+++ b/GM3/data/fingerprint/Fagor.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Fagor</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence for Fagor DNC traffic.</Description>
+    </Header>
+    <Filter For="Fagor" Name="DNC">
+        <DstPort>3873</DstPort>
+    </Filter>
+    <Payload For="Fagor">
+		<Description>Fagor DNC over 3873</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">DNC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Fatek.xml b/GM3/data/fingerprint/Fatek.xml
new file mode 100644
index 0000000..1f76c2b
--- /dev/null
+++ b/GM3/data/fingerprint/Fatek.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Fatek</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of the FATEK FB Series traffic.</Description>
+    </Header>
+    <Filter For="FB Series" Name="FB Series">
+        <DstPort>500</DstPort>
+    </Filter>
+    <Payload For="FB Series">
+		<Description>Identifies Fatek FB series PLC traffic.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="Product">Fatek FB Series</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/GE.xml b/GM3/data/fingerprint/GE.xml
index a5a8daa..93fabbb 100644
--- a/GM3/data/fingerprint/GE.xml
+++ b/GM3/data/fingerprint/GE.xml
@@ -3,32 +3,112 @@
     <Header>
         <Name>GE</Name>
         <Author>Default</Author>
-        <Description>Identifies the GE 9030 devices.Identifies engineering workstations for the GE 9030 devices.</Description>
+        <Description>This fingerprint identifies evidence of GE 9030 devices. This fingerprint identifies evidence of engineering workstations for GE 9030 devices. This fingerprint identifies evidence of GE Industrial Solution SRTP Data traffic. This fingerprint identifies evidence of Ethernet Global Data traffic.</Description>
     </Header>
-    <Filter For=" 9030 Device">
+    <Filter For="9030 Device" Name="Device">
+		<TransportProtocol>6</TransportProtocol>
         <SrcPort>18245</SrcPort>
     </Filter>
-    <Filter For=" 9030 Engineering  workstation">
+    <Filter For="9030 Engineering workstation" Name="Engineering workstation">
+        <TransportProtocol>6</TransportProtocol>
         <DstPort>18245</DstPort>
     </Filter>
-    <Payload For=" 9030 Device">
-        <Match Offset="0" Within="65535" MoveCursors="true">
-            <Content Type="HEX">0200</Content>
-            <AndThen>
-                <Return Confidence="2">
-                    <Extract Name=" GE9030" From="CURSOR_START" To="CURSOR_END"/>
-                </Return>
-            </AndThen>
-        </Match>
+    <Filter For="GE-SRTP 18245" Name="18245">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>18245</DstPort>
+    </Filter>	
+    <Filter For="GE-SRTP 18246" Name="18246">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>18246</DstPort>
+    </Filter>	
+    <Filter For="Producer/Consumer" Name="Producer/Consumer">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>18246</DstPort>
+    </Filter>
+    <Filter For="Command Service" Name="Service">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>7937</DstPort>
+    </Filter>	
+    <Filter For="QuickPanels" Name="QuickPanels">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>57176</DstPort>
+    </Filter>	
+    <Payload For="9030 Device">
+        <Description>PLC GE9030 device</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Role>SLAVE</Role>
+                </Details>
+            </Return>
+        </Always>
     </Payload>
-    <Payload For=" 9030 Engineering  workstation">
-        <Match Offset="0" Within="65535" MoveCursors="true">
+    <Payload For="9030 Engineering workstation">
+        <Description>Engineering workstation for GE9030</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
             <Content Type="HEX">0200</Content>
             <AndThen>
-                <Return Confidence="5">
-                    <Extract Name="Engineering workstation for GE9030" From="CURSOR_START" To="CURSOR_END"/>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Category>WORKSTATION</Category>
+                        <Role>ENGINEER</Role>
+                    </Details>
                 </Return>
             </AndThen>
         </Match>
     </Payload>
+    <Payload For="GE-SRTP 18245">
+        <Description>The protocol was developed by GE Intelligent Platforms after GE Fanuc to tranfer data of PLCs</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">GE-STRP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+    <Payload For="GE-SRTP 18246">
+        <Description>The protocol was developed by GE Intelligent Platforms after GE Fanuc to tranfer data of PLCs</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">GE-STRP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+	<Payload For="Producer/Consumer">
+        <Description>The EGD supports both the producer/consumer service port and the command service port using UDP over an IP network.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="ICSProtocol">GE Fanuc EGD Producer/Consumer</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="Command Service">
+        <Description>The EGD supports both the producer/consumer service port and the command service port using UDP over an IP network.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="ICSProtocol">GE Fanuc EGD Command Service</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="QuickPanels">
+        <Description>Multi functional interface that integrates process control, views, runs data historian communication.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">GE Fanuc QuickPanels</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
 </Fingerprint>
diff --git a/GM3/data/fingerprint/HMS HICP Port.xml b/GM3/data/fingerprint/HMS HICP Port.xml
index 144cfe1..0f5b5a1 100644
--- a/GM3/data/fingerprint/HMS HICP Port.xml	
+++ b/GM3/data/fingerprint/HMS HICP Port.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>HMS HICP Port</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence ofHMS HICP Port traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of HMS HICP Port traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="HICP" Name="HMC HICP Port">
         <DstPort>3250</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="HICP">
+        <Description>Acts as a translator between industrial control systems. It also detects any Ethernet device on a local network.</Description>
         <Always>
-            <Return Confidence="2">
-                <Extract Name="HICP" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">HMS HICP</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Hitachi.xml b/GM3/data/fingerprint/Hitachi.xml
new file mode 100644
index 0000000..c140e3e
--- /dev/null
+++ b/GM3/data/fingerprint/Hitachi.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Hitachi</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Hitachi EHV Series traffic.</Description>
+    </Header>
+    <Filter For="Hitachi" Name="EHV Series">
+        <DstPort>3004</DstPort>
+    </Filter>
+    <Payload For="Hitachi">
+        <Description>General purpose PLC that uses Codesys</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="Product">Hitachi EHV Series</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/I-NET 2000-NPR.xml b/GM3/data/fingerprint/I-NET 2000-NPR.xml
index 46f02b7..85779e9 100644
--- a/GM3/data/fingerprint/I-NET 2000-NPR.xml	
+++ b/GM3/data/fingerprint/I-NET 2000-NPR.xml	
@@ -4,15 +4,18 @@
         <Name>I-NET 2000-NPR</Name>
         <Author>Default</Author>
         <Description>This fingerprint looks for the evidence of I/NET 2000-NPR traffic.</Description>
-        <Tag>Original</Tag>
     </Header>
-    <Filter For="default">
+    <Filter For="I-NET 2000-NPR" Name="DstPort">
         <DstPort>5069</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="I-NET 2000-NPR">
+        <Description>This fingerprint looks for the evidence of I/NET 2000-NPR traffic.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="I-NET-2000-NPR" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">I-NET 2000-NPR</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/IEC 60870-5-104.xml b/GM3/data/fingerprint/IEC 60870-5-104.xml
new file mode 100644
index 0000000..e87a453
--- /dev/null
+++ b/GM3/data/fingerprint/IEC 60870-5-104.xml	
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>IEC 60870-5-104</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of IEC 60870-5-104 traffic.</Description>
+    </Header>
+    <Filter For="60870-5-104" Name="60870-5-104">
+        <DstPort>2404</DstPort>
+    </Filter>
+    <Payload For="60870-5-104">
+        <Description>Set of standards which define systems used for SCADA in electrical engineering and power systems</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">IEC 60870-5-104</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/IMAP.xml b/GM3/data/fingerprint/IMAP.xml
new file mode 100644
index 0000000..2fbbcc1
--- /dev/null
+++ b/GM3/data/fingerprint/IMAP.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>IMAP</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of communication between the exchange server.</Description>
+    </Header>
+    <Filter For="IMAP" Name="IMAP">
+        <DstPort>143</DstPort>
+    </Filter>
+    <Payload For="IMAP">
+        <Description>Tags IMAP exchange server communication used to manage email server/receive email.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">IMAP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/IP Control Systems Ltd.xml b/GM3/data/fingerprint/IP Control Systems Ltd.xml
index 268bbc3..f725218 100644
--- a/GM3/data/fingerprint/IP Control Systems Ltd.xml	
+++ b/GM3/data/fingerprint/IP Control Systems Ltd.xml	
@@ -3,17 +3,20 @@
     <Header>
         <Name>IP Control Systems Ltd</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of IP Control Systems  traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of IP Control Systems traffic. Write standard input info about active interprocess communication facilities.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="ICS Command" Name="DstPort">
         <DstPort>3743</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="ICS Command">
+        <Description>This fingerprint looks for the evidence of IP Control Systems traffic.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="IPCS COMMAND" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">IP Control Systems Ltd</Detail>
+                </Details>
             </Return>
         </Always>
-    </Payload>
+	</Payload>	
 </Fingerprint>
diff --git a/GM3/data/fingerprint/IT Environmental Monitor.xml b/GM3/data/fingerprint/IT Environmental Monitor.xml
index 884b0fa..c07c8b5 100644
--- a/GM3/data/fingerprint/IT Environmental Monitor.xml	
+++ b/GM3/data/fingerprint/IT Environmental Monitor.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>IT Environmental Monitor</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of IT Environmental Monitor traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of IT Environmental Monitor traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="Item Service" Name="DstPort">
         <DstPort>3848</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="Item Service">
+        <Description>Gateway Server for industrial devices running CodeSys programming interface.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="ITEM" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">IT Environmental Monitor</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Intelligent Instrumentation EDAS units.xml b/GM3/data/fingerprint/Intelligent Instrumentation EDAS units.xml
new file mode 100644
index 0000000..fcece84
--- /dev/null
+++ b/GM3/data/fingerprint/Intelligent Instrumentation EDAS units.xml	
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Intelligent Instrumentation EDAS units</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for the evidence of Undocumented usage by Intelligent Instrumentation EDAS units, models EDAS-1001E, -1002E, -1024E, 1031E traffic.</Description>
+    </Header>
+    <Filter For="Intelligent Instrumentation" Name="Undocumented EDAS unites">
+        <SrcPort>5891</SrcPort>
+    </Filter>
+    <Payload For="Intelligent Instrumentation">
+        <Description>Tags Undocumented usage by Intelligent Instrumentation EDAS unites by incoming source port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Intelligent Instrumentation EDAS</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/JAUS Robots.xml b/GM3/data/fingerprint/JAUS Robots.xml
index 421b313..4cba709 100644
--- a/GM3/data/fingerprint/JAUS Robots.xml	
+++ b/GM3/data/fingerprint/JAUS Robots.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>JAUS Robots</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of JAUS Robots traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of JAUS Robots traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="JAUS Robots" Name="DstPort">
         <DstPort>3794</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="JAUS Robots">
+        <Description>This fingerprint looks for evidence of JAUS Robots traffic.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="JAUS" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">JAUS Robots</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Keyence.xml b/GM3/data/fingerprint/Keyence.xml
new file mode 100644
index 0000000..9ca8260
--- /dev/null
+++ b/GM3/data/fingerprint/Keyence.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Keyence</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Keyence KV-5000 series traffic over 8501.</Description>
+    </Header>
+    <Filter For="Keyence" Name="KV-5000">
+        <DstPort>8501</DstPort>
+    </Filter>
+    <Payload For="Keyence">
+        <Description>PLC traffic for real time control over 8501.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="Product">Keyence KV-5000</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/Korenix.xml b/GM3/data/fingerprint/Korenix.xml
new file mode 100644
index 0000000..068a6b8
--- /dev/null
+++ b/GM3/data/fingerprint/Korenix.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Korenix</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Korenix 6550 traffic.</Description>
+    </Header>
+    <Filter For="Korenix" Name="6550">
+        <DstPort>502</DstPort>
+    </Filter>
+    <Payload For="Korenix">
+        <Description>Korenix 6550 PLC series for communication monitoring.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">Korenix 6550</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Koyo Ethernet.xml b/GM3/data/fingerprint/Koyo Ethernet.xml
new file mode 100644
index 0000000..1783040
--- /dev/null
+++ b/GM3/data/fingerprint/Koyo Ethernet.xml	
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Koyo Ethernet</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Koyo Ethernet traffic over 28784.</Description>
+    </Header>
+    <Filter For="Koyo Ethernet" Name="Ethernet DstPort">
+        <DstPort>28784</DstPort>
+    </Filter>
+    <Payload For="Koyo Ethernet">
+        <Description>PLC that uses IEC/JIS standards under the Direct Logic PLC.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="ICSProtocol">Koyo Ethernet</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/LDAP.xml b/GM3/data/fingerprint/LDAP.xml
new file mode 100644
index 0000000..abb0823
--- /dev/null
+++ b/GM3/data/fingerprint/LDAP.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>LDAP</Name>
+        <Author>Default</Author>
+        <Description>Local Security Authority/Distributed File System.</Description>
+    </Header>
+    <Filter For="LDAP" Name="LDAP">
+        <DstPort>389</DstPort>
+    </Filter>
+    <Payload For="LDAP">
+        <Description>Tags LDAP communication to the server</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">LDAP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/LS.xml b/GM3/data/fingerprint/LS.xml
new file mode 100644
index 0000000..fd21bc7
--- /dev/null
+++ b/GM3/data/fingerprint/LS.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>LS</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of LS GLOFA FEnet traffic over 2004. This fingerprint identifies evidence of LS XGB fenet over 2004. This fingerprint identifies evidence of LS XGK FEnet over 2004.</Description>
+    </Header>
+    <Filter For="LS" Name="GLOFA FEnet">
+        <DstPort>2004</DstPort>
+    </Filter>
+    <Filter For="LS" Name="XGB FEnet">
+        <DstPort>2004</DstPort>
+    </Filter>
+    <Filter For="LS" Name="XGK FEnet">
+        <DstPort>2004</DstPort>
+    </Filter>	
+    <Payload For="LS">
+        <Description>PLCs with built in master/slave capability via MODBUS. Depending on the PLC, the device can handle high processing in large networks.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="ICSProtocol">Koyo Ethernet</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/LonWorks.xml b/GM3/data/fingerprint/LonWorks.xml
index 3356ff6..746e838 100644
--- a/GM3/data/fingerprint/LonWorks.xml
+++ b/GM3/data/fingerprint/LonWorks.xml
@@ -4,16 +4,27 @@
         <Name>LonWorks</Name>
         <Author>Default</Author>
         <Description>This fingerprint looks for the evidence of LonWorks traffic.</Description>
-        <Tag>Original</Tag>
     </Header>
-    <Filter For="default">
+    <Filter For="LonWorks 1" Name="DstPort">
         <DstPort>2540</DstPort>
     </Filter>
-    <Payload For="default">
+    <Filter For="LonWorks 2" Name="DstPort">
+        <DstPort>2541</DstPort>
+    </Filter>	
+    <Payload For="LonWorks 1">
         <Always>
-            <Return Confidence="3">
-                <Extract Name="LONWORKS" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+				<Category>ICS_HOST</Category>
+				<Detail Name="ICSProtocol">LonWorks</Detail>
             </Return>
         </Always>
     </Payload>
+    <Payload For="LonWorks 2">
+        <Always>
+            <Return Confidence="5">
+				<Category>ICS_HOST</Category>
+				<Detail Name="ICSProtocol">LonWorks</Detail>
+            </Return>
+        </Always>
+    </Payload>	
 </Fingerprint>
diff --git a/GM3/data/fingerprint/MMS.xml b/GM3/data/fingerprint/MMS.xml
new file mode 100644
index 0000000..1b5f5fb
--- /dev/null
+++ b/GM3/data/fingerprint/MMS.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>MMS</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Microsoft media Server as part of a service.</Description>
+    </Header>
+    <Filter For="MMS" Name="MMS">
+        <DstPort>1755</DstPort>
+    </Filter>
+    <Payload For="MMS">
+        <Description>Tags Microsoft Media Server</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Micrsoft Server Product">Microsoft Media Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/MODBUS.xml b/GM3/data/fingerprint/MODBUS.xml
index c4cbaf8..c886612 100644
--- a/GM3/data/fingerprint/MODBUS.xml
+++ b/GM3/data/fingerprint/MODBUS.xml
@@ -1,48 +1,36 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright (C) 2011, 2012
- This file is part of GRASSMARLIN.
--->
-<Fingerprint
-    xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
-    xsi:noNamespaceSchemaLocation='../../../src/core/fingerprint/fingerprint3.xsd'>
-    
+<Fingerprint>
     <Header>
         <Name>MODBUS</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of MODBUS traffic on port 502.</Description>
+        <Description>This fingerprint looks for evidence of MODBUS traffic on port 502.</Description>
     </Header>
-    
-    <Filter For="TCP Slave Unit Number">
+    <Filter For="TCP Slave Unit Number" Name="TCP Slave">
         <TransportProtocol>6</TransportProtocol>
         <SrcPort>502</SrcPort>
     </Filter>
-    
-    <Filter For="UDP Client/Server Unit Number">
+    <Filter For="UDP Client/Server Unit Number" Name="UDP Client/Server">
         <TransportProtocol>17</TransportProtocol>
         <SrcPort>502</SrcPort>
     </Filter>
-    
-    <Filter For="TCP Master">
+    <Filter For="TCP Master" Name="TCP Master">
         <TransportProtocol>6</TransportProtocol>
         <DstPort>502</DstPort>
     </Filter>
-
     <Payload For="TCP Master">
+		<Description>MODBUS TCP Master</Description>
         <Always>
             <Return Confidence="4">
                 <Details>
                     <Category>MTU</Category>
+					<Role>MASTER</Role>
                     <Detail Name="ICSProtocol">MODBUS</Detail>
                 </Details>
             </Return>
         </Always>
-    </Payload>    
-    
+    </Payload>
     <Payload For="UDP Client/Server Unit Number">
-        <Description>
-            MODBUS UDP Client or Server
-        </Description>
+        <Description>MODBUS UDP Client or Server</Description>
         <Always>
             <Return Confidence="4">
                 <Details>
@@ -52,11 +40,8 @@
             </Return>
         </Always>
     </Payload>
-    
     <Payload For="TCP Slave Unit Number">
-        <Description>
-            MODBUS TCP Slave Unit Number
-        </Description>
+        <Description>MODBUS TCP Slave Unit Number</Description>
         <Always>
             <Return Confidence="4">
                 <Details>
@@ -64,11 +49,8 @@
                     <Role>SLAVE</Role>
                     <Detail Name="ICSProtocol">MODBUS</Detail>
                 </Details>
+				<Extract Name="Unit" From="6" To="7"/>
             </Return>
         </Always>
-        <Return Confidence="4">
-            <Extract Name="Unit" From="6" To="7"/>
-        </Return>
     </Payload>
-    
 </Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/MOM.xml b/GM3/data/fingerprint/MOM.xml
new file mode 100644
index 0000000..ce37ec8
--- /dev/null
+++ b/GM3/data/fingerprint/MOM.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>MOM</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Microsoft's Operation Manager framework that provides event driven operation for monitoring and performance tracking, policy enforcement, and auditing.</Description>
+    </Header>
+    <Filter For="MOM" Name="MOM">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>1270</DstPort>
+    </Filter>
+    <Payload For="MOM">
+        <Description>Tags MOM encrypted traffic</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">MOM</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/MSMQ.xml b/GM3/data/fingerprint/MSMQ.xml
new file mode 100644
index 0000000..5370208
--- /dev/null
+++ b/GM3/data/fingerprint/MSMQ.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>MSMQ</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of the Microsoft messaging queuing system for the messaging infrastructure and development tool for creating distributed messaging applications for Windows.</Description>
+    </Header>
+    <Filter For="MSMQ" Name="MSMQ">
+        <DstPort>1801</DstPort>
+    </Filter>
+    <Filter For="MSMQ-DCs" Name="DCs TCP">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>2101</DstPort>
+    </Filter>
+    <Filter For="MSMQ-Mgmt" Name="Mgmt TCP">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>27107</DstPort>
+    </Filter>
+    <Filter For="MSMQ-Ping" Name="Ping UDP">
+		<TransportProtocol>17</TransportProtocol>
+        <DstPort>3527</DstPort>
+    </Filter>
+    <Filter For="MSMQ-RPC" Name="RPC TCP">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>2105</DstPort>
+    </Filter>
+    <Filter For="MSMQ-RPC2" Name="RPC2 TCP">
+		<TransportProtocol>17</TransportProtocol>
+        <DstPort>2103</DstPort>
+    </Filter>	
+    <Payload For="MSMQ">
+        <Description>MSMQ UDP/TCP over 1801</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">MSMQ</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="MSMQ-DCs">
+        <Description>MSMQ-DCs TCP over 2101</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">MSMQ-DCs</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="MSMQ-Mgmt">
+        <Description>MSMQ-Mgmt TCP over 2107</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">MSMQ-Mgmt</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="MSMQ-Ping">
+        <Description>MSMQ-Ping UDP over 3527</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">MSMQ-Ping</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+    <Payload For="MSMQ-RPC">
+        <Description>MSMQ-RPC TCP over 2105</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">MSMQ-RPC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="MSMQ-RPC2">
+        <Description>MSMQ-RPC2 TCP over 2103</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">MSMQ-RPC2</Detail>
+                </Details>
+            </Return>
+        </Always>	
+	</Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Memobus.xml b/GM3/data/fingerprint/Memobus.xml
new file mode 100644
index 0000000..4e10575
--- /dev/null
+++ b/GM3/data/fingerprint/Memobus.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Memobus</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Memobus traffic.</Description>
+    </Header>
+    <Filter For="Memobus" Name="Yashawa MP Series Controllers">
+        <DstPort>502</DstPort>
+    </Filter>
+    <Payload For="Memobus">
+		<Description>Alternative for those who require a non-ieController</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">Memobus</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Mitsubishi Electronic.xml b/GM3/data/fingerprint/Mitsubishi Electronic.xml
new file mode 100644
index 0000000..5fd9690
--- /dev/null
+++ b/GM3/data/fingerprint/Mitsubishi Electronic.xml	
@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Mitsubishi Electronic</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of MELSEC-Q network protocol communication. The devices are used by equipment and manufacturing facilities to provide high-speed, large volume data processing and machine control.</Description>
+    </Header>
+    <Filter For="MELSEC-Q MASTER 5006" Name="MASTER 5006">
+        <DstPort>5006</DstPort>
+    </Filter>
+    <Filter For="MELSEC-Q MASTER 5007" Name="MASTER 5007">
+        <DstPort>5007</DstPort>
+    </Filter>
+    <Filter For="MELSEC-Q SLAVE 5006" Name="SLAVE 5006">
+        <SrcPort>5007</SrcPort>
+    </Filter>
+    <Filter For="MELSEC-Q SLAVE 5007" Name="SLAVE 5007">
+        <SrcPort>5007</SrcPort>
+    </Filter>
+    <Filter For="MELSEC-Q" Name="4999">
+        <DstPort>4999</DstPort>
+    </Filter>
+    <Filter For="QJ71E71" Name="4999">
+        <DstPort>4999</DstPort>
+    </Filter>		
+    <Filter For="FX" Name="FX 1025">
+        <DstPort>1025</DstPort>
+    </Filter>
+    <Filter For="FX3u" Name="Fx3u 5001">
+        <DstPort>5001</DstPort>
+    </Filter>
+    <Filter For="FL-Net Cyclic Transmission" Name="Cyclic Transmission">
+        <DstPort>55000</DstPort>
+    </Filter>
+    <Filter For="FL-Net Message Transmission" Name="Message Transmission">
+        <DstPort>55001</DstPort>
+    </Filter>	
+    <Filter For="FL-Net Participation Request Frame" Name="Participation Request Frame">
+        <DstPort>55002</DstPort>
+    </Filter>
+    <Filter For="FL-Net Sending Service" Name="Sending Service">
+        <DstPort>55003</DstPort>
+    </Filter>		
+    <Payload For="MELSEC-Q MASTER 5006">
+        <Description>MELSEC-Q payload that tags the destination port and always returns details.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>MTU</Category>
+					<Role>MASTER</Role>
+                    <Detail Name="Product">MELSEC-Q</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="MELSEC-Q MASTER 5007">
+        <Description>MELSEC-Q payload that tags the destination port and always returns details.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>MTU</Category>
+                    <Role>MASTER</Role>
+                    <Detail Name="Product">MELSEC-Q</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="MELSEC-Q SLAVE 5006">
+        <Description>MELSEC-Q payload that tags the destination port and always returns details.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>PLC</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="Product">MELSEC-Q</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="MELSEC-Q SLAVE 5007">
+        <Description>MELSEC-Q payload that tags the destination port and always returns details.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>PLC</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="Product">MELSEC-Q</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="MELSEC-Q">
+        <Description>MELSEC-Q payload that tags the destination port and always returns details.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>PLC</Category>
+                    <Detail Name="Product">MELSEC-Q</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+    <Payload For="QJ71E71">
+        <Description>QJ71E71 payload that tags the destination port and always returns details.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>PLC</Category>
+                    <Detail Name="Product">QJ71E71</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="FX">
+        <Description>PLC that incorporates power supply, cpu, I/O into a single unit.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>PLC</Category>
+                    <Detail Name="Product">FX</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="FX3u">
+        <Description>Part of the MELSEC-F PLCs, that has exchangable communication boards that mount directly into the main unit (Ethernet or Serial).</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+					<Category>PLC</Category>
+                    <Detail Name="Product">FX3u</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="FL-Net Cyclic Transmission">
+        <Description>FA link protocol is a standardized by the Japan FA Open System Promotion Group of the manufacturing Science and Technology Center. The FL link protocol is intended for the FL net to be used for data exchange between various control modules.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">Cyclic Transmission</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="FL-Net Message Transmission">
+        <Description>FA link protocol is a standardized by the Japan FA Open System Promotion Group of the manufacturing Science and Technology Center. The FL link protocol is intended for the FL net to be used for data exchange between various control modules.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">Message Transmission</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="FL-Net Participation Request Frame">
+        <Description>FA link protocol is a standardized by the Japan FA Open System Promotion Group of the manufacturing Science and Technology Center. The FL link protocol is intended for the FL net to be used for data exchange between various control modules.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">Message Transmission</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="FL-Net Sending Service">
+        <Description>FA link protocol is a standardized by the Japan FA Open System Promotion Group of the manufacturing Science and Technology Center. The FL link protocol is intended for the FL net to be used for data exchange between various control modules.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">Message Transmission</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+</Fingerprint>
diff --git a/GM3/data/fingerprint/MocanaSSH2.xml b/GM3/data/fingerprint/MocanaSSH2.xml
index 926d883..86d1899 100644
--- a/GM3/data/fingerprint/MocanaSSH2.xml
+++ b/GM3/data/fingerprint/MocanaSSH2.xml
@@ -3,19 +3,22 @@
     <Header>
         <Name>MocanaSSH2</Name>
         <Author>Default</Author>
-        <Description>This device is running Mocana SSH 2, it is commonly used on industrial  systems and is at least seen in ruggedcom routers.</Description>
-        <Tag>Original</Tag>
+        <Description>This device is running Mocana SSH2, it is commonly used on industrial  systems and is at least seen in ruggedcom routers.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="MocanaSSH2" Name="SSH2">
         <TransportProtocol>6</TransportProtocol>
         <SrcPort>22</SrcPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="MocanaSSH2">
+		<Description>Tags Mocana SSH2 traffic with HEX pattern and destination port match.</Description>
         <Match Offset="0" MoveCursors="true">
             <Content Type="HEX">5353482D322E302D4D6F63616E612053534820</Content>
             <AndThen>
-                <Return Confidence="2">
-                    <Extract Name="This device is running Mocana SSH 2, it is commonly used on industrial  systems and is at least seen in ruggedcom routers." From="CURSOR_START" To="CURSOR_END"/>
+                <Return Confidence="4">
+					<Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">MocanaSSH2</Detail>
+                </Details>
                 </Return>
             </AndThen>
         </Match>
diff --git a/GM3/data/fingerprint/Network Time Protocol.xml b/GM3/data/fingerprint/Network Time Protocol.xml
index f01637c..2d92369 100644
--- a/GM3/data/fingerprint/Network Time Protocol.xml	
+++ b/GM3/data/fingerprint/Network Time Protocol.xml	
@@ -3,16 +3,21 @@
     <Header>
         <Name>Network Time Protocol</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of Network Time Protocol traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of Network Time Protocol traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="NTP" Name="Ports">
         <SrcPort>0</SrcPort>
         <DstPort>123</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="NTP">
+        <Description>This fingerprint looks for the evidence of Network Time Protocol traffic.</Description>
         <Always>
-            <Return Confidence="2"/>
+            <Return Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">NTP</Detail>
+                </Details>
+            </Return>
         </Always>
     </Payload>
 </Fingerprint>
diff --git a/GM3/data/fingerprint/Novar.xml b/GM3/data/fingerprint/Novar.xml
index c12b88e..c2b7344 100644
--- a/GM3/data/fingerprint/Novar.xml
+++ b/GM3/data/fingerprint/Novar.xml
@@ -3,36 +3,48 @@
     <Header>
         <Name>Novar</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of Novar Alarm traffic.This fingerprint looks for the evidence of Novar Global traffic.This fingerprint looks for the evidence of Novar Data traffic.</Description>
+        <Description>This fingerprint looks for evidence of Novar Alarm traffic. This fingerprint looks for evidence of Novar Global traffic. This fingerprint looks for evidence of Novar Data traffic.</Description>
     </Header>
-    <Filter For=" Alarm">
+    <Filter For="Novar Alarm" Name="Alarm">
         <SrcPort>23401</SrcPort>
     </Filter>
-    <Filter For=" Global">
+    <Filter For="Novar Global" Name="Global">
         <SrcPort>23402</SrcPort>
     </Filter>
-    <Filter For=" Data">
+    <Filter For="Novar Data" Name="Data">
         <SrcPort>23400</SrcPort>
     </Filter>
-    <Payload For=" Alarm">
+    <Payload For="Novar Alarm">
+		<Description>This fingerprint looks for evidence of Novar Alarm traffic.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="NOVAR-ALARM" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Novar Alarm</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" Global">
+	<Payload For="Novar Global">
+		<Description>This fingerprint looks for evidence of Novar Global traffic.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="NOVAR-GLOBAL" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Novar Global</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" Data">
+	<Payload For="Novar Data">
+		<Description>This fingerprint looks for evidence of Novar Data traffic.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="NOVAR-DBASE" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Novar Data</Detail>
+                </Details>
             </Return>
         </Always>
-    </Payload>
+    </Payload>	
 </Fingerprint>
diff --git a/GM3/data/fingerprint/OLAP.xml b/GM3/data/fingerprint/OLAP.xml
new file mode 100644
index 0000000..5109d8d
--- /dev/null
+++ b/GM3/data/fingerprint/OLAP.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>OLAP</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of OLAP service which provides SQL service client support for answering multi dimensional analytical queries.</Description>
+    </Header>
+    <Filter For="OLAP 1" Name="DstPort">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>2393</DstPort>
+    </Filter>
+    <Filter For="OLAP 2" Name="DstPort">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>2394</DstPort>
+    </Filter>
+    <Payload For="OLAP 1">
+        <Description>Tags OLAP SQL services</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">OLAP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="OLAP 2">
+        <Description>Tags OLAP SQL services</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">OLAP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/OMF.xml b/GM3/data/fingerprint/OMF.xml
index 4fa4b32..9a0f655 100644
--- a/GM3/data/fingerprint/OMF.xml
+++ b/GM3/data/fingerprint/OMF.xml
@@ -3,45 +3,61 @@
     <Header>
         <Name>OMF</Name>
         <Author>Default</Author>
-        <Description>OMF Data B	This fingerprint looks for the evidence of OMF Data M traffic.This fingerprint looks for the evidence of OMF Data H traffic.This fingerprint looks for the evidence of OMF Data l traffic</Description>
+        <Description>This fingerprint looks for evidence of OMF Data B traffic. This fingerprint looks for evidence of OMF Data M traffic. This fingerprint looks for evidence of OMF Data H traffic. This fingerprint looks for evidence of OMF Data L traffic</Description>
     </Header>
-    <Filter For=" Data b">
+    <Filter For="Data B" Name="ANET-B">
         <DstPort>3338</DstPort>
     </Filter>
-    <Filter For=" Data M">
+    <Filter For="Data M" Name="ANET-M">
         <DstPort>3340</DstPort>
     </Filter>
-    <Filter For=" data h">
+    <Filter For="Data H" Name="ANET-H">
         <DstPort>3341</DstPort>
     </Filter>
-    <Filter For=" data l">
+    <Filter For="Data L" Name="ANET-L">
         <DstPort>0</DstPort>
     </Filter>
-    <Payload For=" Data b">
+    <Payload For="Data B">
+       <Description>OMF Data B ANET-B</Description>
         <Always>
             <Return Confidence="5">
-                <Extract Name="Anet-b" From="CURSOR_START" To="CURSOR_END"/>
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">ANET-B</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" Data M">
+    <Payload For="Data M">
+        <Description>OMF Data M ANET-M</Description>
         <Always>
             <Return Confidence="5">
-                <Extract Name="ANET-M" From="CURSOR_START" To="CURSOR_END"/>
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">ANET-M</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" data h">
+    <Payload For="Data H">
+        <Description>OMF Data H ANET-H</Description>
         <Always>
             <Return Confidence="5">
-                <Extract Name="ANET-H" From="CURSOR_START" To="CURSOR_END"/>
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">ANET-H</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" data l">
+    <Payload For="Data L">
+        <Description>OMF Data L ANET-L</Description>
         <Always>
             <Return Confidence="5">
-                <Extract Name="ANET-L" From="CURSOR_START" To="CURSOR_END"/>
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">ANET-L</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/OPC.xml b/GM3/data/fingerprint/OPC.xml
new file mode 100644
index 0000000..0bcd92d
--- /dev/null
+++ b/GM3/data/fingerprint/OPC.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>OPC</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of OPC traffic. OPC is a series of standard specifications designed to simplify integration of various forms of data on systems from different vendors.</Description>
+    </Header>
+    <Filter For="OLE for Process Control" Name="OPC">
+        <DstPort>135</DstPort>
+    </Filter>
+    <Payload For="OLE for Process Control">
+        <Description>Devices running OPC client trying to connect an OPC server on a different computer would reply on DCOM for the communication.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">OPC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/OSI Monarch.xml b/GM3/data/fingerprint/OSI Monarch.xml
new file mode 100644
index 0000000..ff4ca26
--- /dev/null
+++ b/GM3/data/fingerprint/OSI Monarch.xml	
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>OSI Monarch</Name>
+        <Author>Default</Author>
+        <Description>Identifies the Application layer header for the FEPSI protocol (version 2) from a client. This protocol is used within the OSI Monarch SCADA system. This fingerprint looks for the start byte value, the function code, and version number within their dedicated position in the payload.
+
+The second payload looks for the start byte value, server response byte value, the function code, and version number within their dedicated position in the payload.
+
+The third payload identifies the Network header for the Fepcontrol protocol (header type 1). This protocol is used within the OSI Monarch SCADA system. This fingerprint looks for the start byte, the header type, the Application ID, and the Control Type values within their dedicated positions in the payload.</Description>
+    </Header>
+    <Filter For="OSI Monarch FEPSI Client" Name="FEPSI Client">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>11999</DstPort>
+    </Filter>
+    <Filter For="OSI Monarch FEPSI Server" Name="FEPSI Server">
+        <TransportProtocol>6</TransportProtocol>
+        <SrcPort>11999</SrcPort>
+    </Filter>
+    <Filter For="OSI Monarch Fepcontrol Client" Name="Fepcontrol Client">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>16002</DstPort>
+    </Filter>
+    <Payload For="OSI Monarch FEPSI Client">
+        <Description>Identifies the Application layer header for the FEPSI protocol (version 2) from a client. This protocol is used within the OSI Monarch SCADA system.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Pattern>\x03(.{7}[\x00\x10\x20\x30\x40]{1})\x02</Pattern>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Category>ICS_HOST</Category>
+                        <Role>CLIENT</Role>
+                        <Detail Name="ICSProtocol">OSI Monarch FEPSI Client</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="OSI Monarch FEPSI Server">
+        <Description>Identifies the Application layer header for the FEPSI protocol (version 2) from a server. This protocol is used within the OSI Monarch SCADA system.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Pattern>\x03(.{2}\x03)(.{4}[\x00\x10\x20\x30\x40]{1})\x02</Pattern>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Category>ICS_HOST</Category>
+                        <Role>SERVER</Role>
+                        <Detail Name="ICSProtocol">OSI Monarch FEPSI Server</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="OSI Monarch Fepcontrol Client">
+        <Description>Identifies the Network header for the Fepcontrol protocol (header type 1). This protocol is used within the OSI Monarch SCADA system.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Pattern>\x03(.{11}\x01)(.{16}[\x00\x01\x02\x03])(.{1}[\s3-7e-l]{1,20})</Pattern>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Category>ICS_HOST</Category>
+                        <Role>CLIENT</Role>
+                        <Detail Name="ICSProtocol">OSI Monarch Fepcontrol Client</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Omron.xml b/GM3/data/fingerprint/Omron.xml
new file mode 100644
index 0000000..6ba541e
--- /dev/null
+++ b/GM3/data/fingerprint/Omron.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Omron</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Omron Factory Interface Network (FIN) Service traffic. Protocol is used by Omron PLCs over physical networks.</Description>
+    </Header>
+    <Filter For="Factory Interface Network Service" Name="Network Service">
+        <DstPort>9600</DstPort>
+    </Filter>
+    <Payload For="Factory Interface Network Service">
+        <Description>This network protocol is used by Omron PLCs and it looks for the response code over the port.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="ICSProtocol">FIN (Factory Interface Network) Service</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/OneHome.xml b/GM3/data/fingerprint/OneHome.xml
index 09abfe3..34365f3 100644
--- a/GM3/data/fingerprint/OneHome.xml
+++ b/GM3/data/fingerprint/OneHome.xml
@@ -3,25 +3,33 @@
     <Header>
         <Name>OneHome</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of OneHome Remote Access traffic.This fingerprint looks for the evidence of OneHome Service Port traffic.</Description>
+        <Description>This fingerprint looks for evidence of OneHome Remote Access traffic. This fingerprint looks for evidence of OneHome Service Port traffic.</Description>
     </Header>
-    <Filter For=" Remote Access">
+    <Filter For=" Remote Access" Name="Remote Access">
         <DstPort>2198</DstPort>
     </Filter>
-    <Filter For=" Service Port">
+    <Filter For=" Service Port" Name="Service Port">
         <DstPort>2199</DstPort>
     </Filter>
     <Payload For=" Remote Access">
+		<Description>OneHome Remote Access</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="onehome-remote" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+				<Details>
+					<Category>HMI</Category>
+					<Detail Name="Product">OneHome Remote Access</Detail>
+				</Details>
             </Return>
         </Always>
     </Payload>
     <Payload For=" Service Port">
+		<Description>OneHome Remote Access Service port</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="ONEHOME-HELP" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Confidence="5">
+				<Details>
+					<Category>HMI</Category>
+					<Detail Name="Product">OneHome Remote Access Service port</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Operating System.xml b/GM3/data/fingerprint/Operating System.xml
new file mode 100644
index 0000000..176e1b1
--- /dev/null
+++ b/GM3/data/fingerprint/Operating System.xml	
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Operating System</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Operating system by TCP default Window_Size and IP header TTL values. Various Payloads include XP, Vista, 7...</Description>
+    </Header>
+    <Filter For="Windows" Name="95">
+        <TTLWithin Min="17" Max="32"/>
+    </Filter>
+    <Filter For="Windows" Name="98">
+        <TTLWithin Min="113" Max="128"/>
+    </Filter>	
+    <Filter For="Windows" Name="2000">
+        <TTLWithin Min="113" Max="128"/>
+    </Filter>	
+    <Filter For="Windows" Name="XP">
+        <TTLWithin Min="113" Max="128"/>
+    </Filter>
+    <Filter For="Windows" Name="Vista/7/10/Server">
+        <TTLWithin Min="113" Max="128"/>
+    </Filter>
+    <Filter For="Windows" Name="7">
+        <TTLWithin Min="113" Max="128"/>
+    </Filter>
+    <Filter For="Windows" Name="10">
+        <TTLWithin Min="113" Max="128"/>
+    </Filter>
+    <Filter For="Windows" Name="Server">
+        <TTLWithin Min="113" Max="128"/>
+    </Filter>	
+    <Filter For="Linux" Name="2.4/2.7">
+        <TTLWithin Min="49" Max="64"/>
+    </Filter>
+    <Filter For="Google Linux" Name="Google Nix">
+        <TTLWithin Min="49" Max="64"/>
+    </Filter>	
+    <Filter For="FreeBSD" Name="BSD">
+        <TTLWithin Min="49" Max="64"/>
+    </Filter>
+    <Filter For="CISCO Router" Name="IOS 12.4">
+        <TTLWithin Min="140" Max="255"/>
+    </Filter>
+    <Filter For="Solaris" Name="2.8">
+        <TTLWithin Min="49" Max="64"/>
+    </Filter>	
+    <Filter For="Solaris" Name="7.0">
+        <TTLWithin Min="140" Max="255"/>
+    </Filter>	
+    <Filter For="Stratus" Name="14.2">
+        <TTLWithin Min="15" Max="30"/>
+    </Filter>
+    <Filter For="Stratus" Name="14.3">
+        <TTLWithin Min="49" Max="64"/>
+    </Filter>	
+    <Filter For="SunOS" Name="4.1.3">
+        <TTLWithin Min="45" Max="60"/>
+    </Filter>	
+    <Filter For="SunOS" Name="4.1.4">
+        <TTLWithin Min="45" Max="60"/>
+    </Filter>
+    <Filter For="Ultrix" Name="4.1, 4.1A">
+		<TransportProtocol>6</TransportProtocol>
+        <TTLWithin Min="45" Max="60"/>
+    </Filter>	
+    <Filter For="Ultrix" Name="4.2, 4.2A">
+		<TransportProtocol>17</TransportProtocol>
+        <TTLWithin Min="15" Max="30"/>
+    </Filter>	
+    <Payload For="Windows">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">Windows 2000, XP, Vista, 7, 10, Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Linux">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">Linux 2.4/2.6</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Google Linux">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">Google Linux</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="FreeBSD">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">FreeBSD</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="CISCO Router">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">CISCO Router IOS 12.4</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Solaris">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">Solaris</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Stratus">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">Stratus</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="SunOS">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">SunOS</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Ultrix">
+        <Description>Tags TTL value in the IP header</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="OS">Ultrix</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+</Fingerprint>
diff --git a/GM3/data/fingerprint/PNBSCADA.xml b/GM3/data/fingerprint/PNBSCADA.xml
index 1377686..4124b56 100644
--- a/GM3/data/fingerprint/PNBSCADA.xml
+++ b/GM3/data/fingerprint/PNBSCADA.xml
@@ -3,15 +3,20 @@
     <Header>
         <Name>PNBSCADA</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of PNBSCADA traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of PNBSCADA traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="PNBSCADA" Name="DstPort">
         <DstPort>3875</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="PNBSCADA">
+        <Description>Tags PNBSCADA by TCP/UDP destination port</Description>
         <Always>
-            <Return Confidence="1"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">PNBSCADA</Detail>
+                </Details>
+            </Return>
         </Always>
     </Payload>
 </Fingerprint>
diff --git a/GM3/data/fingerprint/PROFInet.xml b/GM3/data/fingerprint/PROFInet.xml
index 81bb106..3ded1a7 100644
--- a/GM3/data/fingerprint/PROFInet.xml
+++ b/GM3/data/fingerprint/PROFInet.xml
@@ -3,35 +3,47 @@
     <Header>
         <Name>PROFInet</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of PROFInet RT Multicast traffic.This fingerprint looks for the evidence of PROFInet RT Unicast traffic.This fingerprint looks for the evidence of PROFInet Context Manager traffic.</Description>
+        <Description>This fingerprint looks for evidence of PROFInet RT Multicast traffic. This fingerprint looks for the evidence of PROFInet RT Unicast traffic. This fingerprint looks for the evidence of PROFInet Context Manager traffic.</Description>
     </Header>
-    <Filter For=" RT Multicast">
+    <Filter For="RT Multicast" Name="Multicast">
         <SrcPort>34963</SrcPort>
     </Filter>
-    <Filter For=" RT Unicast">
+    <Filter For="RT Unicast" Name="Unicast">
         <DstPort>34962</DstPort>
     </Filter>
-    <Filter For=" Context Manager">
+    <Filter For="Context Manager" Name="Manager">
         <SrcPort>34964</SrcPort>
     </Filter>
-    <Payload For=" RT Multicast">
+    <Payload For="RT Multicast">
+        <Description>PROFInet RT Multicast over source port</Description>
         <Always>
-            <Return Confidence="5">
-                <Extract Name="PROFINET-RTM" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">RT Multicast</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" RT Unicast">
+    <Payload For="RT Unicast">
+        <Description>PROFInet RT Unicast over destination port</Description>
         <Always>
-            <Return Confidence="5">
-                <Extract Name="PROFINET-RT" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">RT Unicast</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" Context Manager">
+    <Payload For="Context Manager">
+        <Description>PROFInet Context Manager over source port</Description>
         <Always>
-            <Return Confidence="5">
-                <Extract Name="PROFINET-CM" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Context Manager</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Panasonic.xml b/GM3/data/fingerprint/Panasonic.xml
new file mode 100644
index 0000000..8c540d8
--- /dev/null
+++ b/GM3/data/fingerprint/Panasonic.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Panasonic</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Panasonic FP and FP2 ethernet traffic.</Description>
+    </Header>
+    <Filter For="Panasonic" Name="FP">
+        <DstPort>9094</DstPort>
+    </Filter>
+    <Filter For="Panasonic" Name="FP2">
+        <DstPort>8500</DstPort>
+    </Filter>	
+    <Payload For="Panasonic">
+		<Description>PLC that has the ability to do higher processing with optimizing communication.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="Product">Pansonic FP/FP2</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Phoenix Contact PCWorx.xml b/GM3/data/fingerprint/Phoenix Contact PCWorx.xml
new file mode 100644
index 0000000..e8c3fc4
--- /dev/null
+++ b/GM3/data/fingerprint/Phoenix Contact PCWorx.xml	
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Phoenix Contact PCWorx</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Phoenix contact data traffic.</Description>
+    </Header>
+    <Filter For="PCWorx" Name="ENGINEERING WORKSTATION 1962">
+        <DstPort>1962</DstPort>
+    </Filter>
+    <Payload For="PCWorx">
+        <Description>Looks for PCWorx data communication of engineering workstation over the port specified.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>WORKSTATION</Category>
+                    <Role>ENGINEER</Role>
+                    <Detail Name="Product">PCWorx</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/ProconOS.xml b/GM3/data/fingerprint/ProconOS.xml
new file mode 100644
index 0000000..7f5a4ab
--- /dev/null
+++ b/GM3/data/fingerprint/ProconOS.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>ProconOS</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of ProconOS traffic.</Description>
+    </Header>
+    <Filter For="ProconOS" Name="DstPort">
+        <DstPort>20547</DstPort>
+    </Filter>
+    <Payload For="ProconOS">
+        <Description>High performance PLC runtime engine desinged to run both embedded and PC applications</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="ICSProtocol">ProconOS</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/RADIUS.xml b/GM3/data/fingerprint/RADIUS.xml
new file mode 100644
index 0000000..03c7236
--- /dev/null
+++ b/GM3/data/fingerprint/RADIUS.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>RADIUS</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of RADIUS services including internet authentication and accounting.</Description>
+    </Header>
+    <Filter For="RADIUS Authentication" Name="Authentication">
+		<TransportProtocol>17</TransportProtocol>
+        <DstPort>1812</DstPort>
+    </Filter>
+    <Filter For="RADIUS Accounting" Name="Accounting">
+		<TransportProtocol>17</TransportProtocol>
+        <DstPort>1813</DstPort>
+    </Filter>
+    <Payload For="RADIUS Authentication">
+        <Description>Tags RADIUS authentication internet service</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Micrsoft Server Product">RADIUS-Authentication</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="RADIUS Accounting">
+        <Description>Tags RADIUS accounting internet service.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Micrsoft Server Product">RADIUS - Accounting</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/RNRP.xml b/GM3/data/fingerprint/RNRP.xml
index a18a23a..0e74db9 100644
--- a/GM3/data/fingerprint/RNRP.xml
+++ b/GM3/data/fingerprint/RNRP.xml
@@ -3,15 +3,20 @@
     <Header>
         <Name>RNRP</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of RNRP traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of RNRP traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="Redundant Network Routing" Name="RNRP">
         <DstPort>2423</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="Redundant Network Routing">
+		<Description>Tags RNRP TCP/UDP destination port</Description>
         <Always>
-            <Return Confidence="3"/>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">RNRP</Detail>
+                </Details>
+            </Return>
         </Always>
     </Payload>
 </Fingerprint>
diff --git a/GM3/data/fingerprint/RTP.xml b/GM3/data/fingerprint/RTP.xml
new file mode 100644
index 0000000..d02ef7c
--- /dev/null
+++ b/GM3/data/fingerprint/RTP.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>RTP</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of real time streaming communicating with media servers in conjunction with real time control protocol for media delivery.</Description>
+    </Header>
+    <Filter For="RTSP" Name="Streaming Protocol">
+        <DstPort>554</DstPort>
+    </Filter>
+    <Filter For="RTP" Name="Time Transport">
+        <DstPort>5004</DstPort>
+    </Filter>
+    <Payload For="RTSP">
+        <Description>Real time streaming protocol</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">RTSP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="RTP">
+        <Description>Real Time Transport</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Micosoft Server Product">RTP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Red Lion.xml b/GM3/data/fingerprint/Red Lion.xml
new file mode 100644
index 0000000..802a78d
--- /dev/null
+++ b/GM3/data/fingerprint/Red Lion.xml	
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Red Lion</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Red Lion traffic running the CrimsonV3 software for HMI.</Description>
+    </Header>
+    <Filter For="Red Lion CrimsonV3" Name="CrimsonV3">
+        <DstPort>789</DstPort>
+    </Filter>
+    <Payload For="Red Lion CrimsonV3">
+        <Description>Red Lion traffic running the CrimsonV3 software for HMI.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Red Lion CrimsonV3</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Review_Comments.txt b/GM3/data/fingerprint/Review_Comments.txt
new file mode 100644
index 0000000..96cf398
--- /dev/null
+++ b/GM3/data/fingerprint/Review_Comments.txt
@@ -0,0 +1,11 @@
+Fingerprint XML Notes
+DCERPC.xml Line 6, near end "..which whill...", remove h. - Fixed
+EDG.xml Line 13, several places - Fixed
+Fatek.xml Line 12 - Fixed
+GE.xml Line 6, 62, 73 - Fixed
+HMS HICP Port.xml Line 6, space between "of" & "HMS" - Fixed
+Invensys Sigma Port.xml Line 12 "Schneider" - Fixed
+LonWorks Line 18, 26 not LongWorks - Fixed
+Mitsubishi Electronic.xml Line 115 - Fixed
+Rockwell AADvance.xml Line 72, 83, 95, 107, 118, 129: destination, not "destiantion" - Fixed
+Who_Login.xml Line 6 near end, several items - Fixed
\ No newline at end of file
diff --git a/GM3/data/fingerprint/Rockwell AADvance.xml b/GM3/data/fingerprint/Rockwell AADvance.xml
new file mode 100644
index 0000000..40417d5
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell AADvance.xml	
@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell AADvance</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Rockwell AADvance traffic.</Description>
+    </Header>
+    <Filter For="ModbusTCP" Name="ModbusTCP">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>502</DstPort>
+    </Filter>
+    <Filter For="SNCP" Name="SNCP">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1132</DstPort>
+    </Filter>
+    <Filter For="ModbusRTU" Name="ModbusRTU">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1132</DstPort> 
+    </Filter>
+    <Filter For="Discover Tool" Name="Discover Tool 2010">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>2010</DstPort>
+    </Filter>
+    <Filter For="Discover Tool" Name="Discover Tool 2011">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>2011</DstPort>
+    </Filter>
+    <Filter For="Peer to Peer" Name="P2P">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>5000</DstPort>
+    </Filter>	
+    <Filter For="Serial Data" Name="Serial 10001">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>10001</DstPort>
+    </Filter>	
+    <Filter For="Serial Data" Name="Serial 10002">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>10002</DstPort>
+    </Filter>	
+    <Filter For="Serial Data" Name="Serial 10003">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>10003</DstPort>
+    </Filter>	
+    <Filter For="Serial Data" Name="Serial 10004">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>10004</DstPort>
+    </Filter>	
+    <Filter For="Serial Data" Name="Serial 10005">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>10005</DstPort>
+    </Filter>	
+    <Filter For="Serial Data" Name="Serial 10006">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>10006</DstPort>
+    </Filter>		
+    <Filter For="Telnet" Name="Telnet">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>55555</DstPort>
+    </Filter>		
+    <Payload For="ModbusTCP">
+        <Description>Rockwell AADvance ModbusTCP that tags the destination port.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Protocol">Rockwell AADvance ModbusTCP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="SNCP">
+        <Description>Rockwell AADvance tagged via destination port. Safely network control protocol, used by opc, workbench debugger and binding networks.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell AADvance SNCP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="ModbusRTU">
+        <Description>Rockwell AADvance tagged via destination port. RTU packaged in serial stream. Other ports may be assigned.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>RTU</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="Product">Rockwell AADvance ModbusRTU</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Discover Tool">
+        <Description>Rockwell AADvance tagged via destination port. Used to configure systems. the tool sends broadcast to 2010 and systems reply to port 2011.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>RTU</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="Product">Rockw ell AADvance Discovery Tool</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Peer to Peer">
+        <Description>Rockwell AADvance tagged via destination port.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell AADvance Peer to Peer</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+	<Payload For="Serial Data">
+        <Description>Rockwell AADvance tagged via destination port. Transparent communication interface, where an Ethernet host can talk through AADvance to a serial port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell AADvance Serial Data</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+	<Payload For="Telnet">
+        <Description>Rockwell AADvance tagged via destination port. Diagnostic command line interface</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell AADvance Telnet</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell Bizware.xml b/GM3/data/fingerprint/Rockwell Bizware.xml
new file mode 100644
index 0000000..85221b8
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell Bizware.xml	
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell Bizware</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Bizware Task Manager traffic. This fingerprint looks for evidence of Bizware Production Server traffic. This fingerprint looks for evidence of Bizware Server Manager traffic. This fingerprint looks for evidence of Bizware CTP Server traffic. This fingerprint looks for evidence of Bizware PlantMetrics Server traffic.</Description>
+    </Header>
+    <Filter For=" Task Manager" Name="Task Manager">
+        <DstPort>4123</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" Production Server" Name="Production">
+        <DstPort>4120</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" Server Manager" Name="Server">
+        <DstPort>4121</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" CTP Server" Name="CTP">
+        <DstPort>4125</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" PlantMetrics Server" Name="PlantMetrics">
+        <DstPort>4122</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" Scheduler" Name="Scheduler">
+        <DstPort>4124</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" HTTP Product Server" Name="HTTP Product">
+        <DstPort>8080</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" HTTP Server Manager" Name="HTTP Server">
+        <DstPort>8081</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For=" HTTP CTP Server" Name="HTTP CTP">
+        <DstPort>8083</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Payload For=" Task Manager">
+        <Description>Rockwell Bizware Task Manager payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware Task Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" Production Server">
+        <Description>Rockwell Bizware Production Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware Production Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" Server Manager">
+        <Description>Rockwell Bizware Server Manager payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware Server Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" CTP Server">
+        <Description>Rockwell Bizware CTP Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware CTP Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" PlantMetrics Server">
+        <Description>Rockwell Bizware Server Manager payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware PlanMetrics Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" Scheduler">
+        <Description>Rockwell Bizware Scheduler payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware Task Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" HTTP Product Server">
+        <Description>Rockwell Bizware HTTP Product Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware HTTP Product Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" HTTP Server Manager">
+        <Description>Rockwell Bizware HTTP Server Manager payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware HTTP Server Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For=" HTTP CTP Server">
+        <Description>Rockwell Bizware HTTP CTP Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Bizware HTTP CTP Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell CSP.xml b/GM3/data/fingerprint/Rockwell CSP.xml
new file mode 100644
index 0000000..84d8a51
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell CSP.xml	
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell CSP</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for the evidence of Rockwell CSP1, CSP2, and CSP3 traffic.</Description>
+    </Header>
+    <Filter For="CSP1" Name="CSP1 Src">
+        <SrcPort>2221</SrcPort>
+    </Filter>
+    <Filter For="CSP1" Name="CSP1 Dst">
+        <DstPort>2221</DstPort>
+    </Filter>
+    <Filter For="CSP2" Name="CSP2 Src">
+        <SrcPort>2222</SrcPort>
+    </Filter>
+    <Filter For="CSP2" Name="CSP2 Dst">
+        <DstPort>2222</DstPort>
+    </Filter>
+    <Filter For="CSP3" Name="CSP3 Src">
+        <SrcPort>2223</SrcPort>
+    </Filter>
+    <Filter For="CSP3" Name="CSP3 Dst">
+        <DstPort>2223</DstPort>
+    </Filter>
+    <Payload For="CSP1">
+        <Description>Rockwell CSP1 that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell CSP1</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="CSP2">
+        <Description>Rockwell CSP2 that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell CSP2</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="CSP3">
+        <Description>Rockwell CSP3 that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell CSP3</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell Encapsulation.xml b/GM3/data/fingerprint/Rockwell Encapsulation.xml
new file mode 100644
index 0000000..75d5241
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell Encapsulation.xml	
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell Encapsulation</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Rockwell Encapsulation traffic.</Description>
+    </Header>
+    <Filter For="Encapsulation" Name="Src">
+        <SrcPort>44818</SrcPort>
+    </Filter>
+    <Filter For="Encapsulation" Name="Dst">
+        <DstPort>44818</DstPort>
+    </Filter>
+    <Payload For="Encapsulation">
+        <Description>Rockwell encapsulation that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell Encapsulation</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell FF.xml b/GM3/data/fingerprint/Rockwell FF.xml
new file mode 100644
index 0000000..d881c58
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell FF.xml	
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell FF</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of FF LAN Redundancy Port traffic. This fingerprint looks for evidence of FF Fieldbus traffic. This fingerprint looks for evidence of FF System Management traffic. This fingerprint looks for evidence of FF Annunciation traffic.</Description>
+    </Header>
+    <Filter For="LAN Redundancy Port" Name="LAN Redundancy">
+        <DstPort>3622</DstPort>
+    </Filter>
+    <Filter For="Fieldbus Message Specification" Name="Fieldbus Message Specification">
+        <DstPort>1090</DstPort>
+    </Filter>
+    <Filter For="System Management" Name="System Management">
+        <DstPort>1091</DstPort>
+    </Filter>
+    <Filter For="Annunciation" Name="Annunciation">
+        <DstPort>1089</DstPort>
+    </Filter>
+    <Payload For="LAN Redundancy Port">
+        <Description>Rockwell LAN Redundancy payload that tags the source port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell FF-LR-PORT</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Fieldbus Message Specification">
+        <Description>Rockwell Fieldbus Message Specification payload that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell FF-FMS</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="System Management">
+        <Description>Rockwell System Management payload that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell FF-SM</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Annunciation">
+        <Description>Rockwell Annuciation payload that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell FF-ANNUNC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell FactoryTalk.xml b/GM3/data/fingerprint/Rockwell FactoryTalk.xml
new file mode 100644
index 0000000..dcced61
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell FactoryTalk.xml	
@@ -0,0 +1,347 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell FactoryTalk</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of FactoryTalk Event Server traffic. This fingerprint looks for evidence of FactoryTalk Directory Server File transfer traffic. This fingerprint looks for evidence of FactoryTalk Directory Server traffic. This fingerprint looks for evidence of FactoryTalk Alarming  traffic. This fingerprint looks for evidence of FactoryTalk Object RPC traffic.This fingerprint looks for evidence of FactoryTalk Event Multiplexor traffic.This fingerprint looks for evidence of FactoryTalk Service control traffic.This fingerprint looks for evidence of FactoryTalk Server Health traffic. This fingerprint looks for evidence of FactoryTalk Historian Site Edition which includes PI Network Manager, Analysis Framework v1.x, ACE2 scheduler, Asset Framework Server, PI Notifications, Asset Framework to OLEDB Enterprise. This fingerprint looks for evidence of FactoryTalk Asset Centre Services traffic. This fingerprint looks for evidence of FactoryTalk Asset Centre Server/ VantagePoint SQL or MSSQL. This fingerprint looks for evidence of FactoryTalk Live Data/SE HMI Tag Server. This fingerprint looks for evidence of FactoryTalk Diagnostics. This fingerprint looks for evidence of FactoryTalk Diagnostics VantagePoint Incuity Server Advertiser.</Description>
+    </Header>
+    <Filter For="Alarming Server" Name="Alarming">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>6543</DstPort>
+    </Filter>
+    <Filter For="Object RPC" Name="RPC">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1330</DstPort>
+    </Filter>
+    <Filter For="Event Multiplexor" Name="Multiplexor">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>7600</DstPort>
+    </Filter>
+    <Filter For="Service Control" Name="Control">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1331</DstPort>
+    </Filter>
+    <Filter For="Server Health" Name="Server Health">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1332</DstPort>
+    </Filter>
+    <Filter For="Event Server" Name="Event Server">
+        <TransportProtocol>6</TransportProtocol>
+        <SrcPort>7700</SrcPort>
+    </Filter>
+    <Filter For="Directory Server File Transfer" Name="File Transfer">
+        <DstPort>3060</DstPort>
+    </Filter>
+    <Filter For="Directory Server" Name="Directory Server">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>7710</DstPort>
+    </Filter>	
+    <Filter For="PI Network Manager" Name="PI Network">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>5450</DstPort>
+    </Filter>
+    <Filter For="Analysis Framework 5454" Name="5454">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>5454</DstPort>
+    </Filter>
+    <Filter For="Analysis Framework 5455" Name="5455">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>5455</DstPort>
+    </Filter>
+    <Filter For="ACE2 Scheduler" Name="ACE2">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>5456</DstPort>
+    </Filter>
+    <Filter For="Asset Framework Server" Name="Asset Framework">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>5457</DstPort>
+    </Filter>
+    <Filter For="PI Notification" Name="PI">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>5458</DstPort>
+    </Filter>
+    <Filter For="Asset Centre Services 7002" Name="7002">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>7002</DstPort>
+    </Filter>
+    <Filter For="Asset Centre Services 7003" Name="7003">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>7003</DstPort>
+    </Filter>
+    <Filter For="Asset Centre Services 7004" Name="7004">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>7004</DstPort>
+    </Filter>	
+    <Filter For="Asset Centre Server/VantagePoint SQL" Name="SQL">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1433</DstPort>
+    </Filter>	
+    <Filter For="Asset Centre Server/VantagePoint MSSQL" Name="MSSQL">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>1434</DstPort>
+    </Filter>	
+    <Filter For="Live Data/SE HMI Tag Server" Name="Data/SE HMI">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>49281</DstPort>
+    </Filter>	
+    <Filter For="Diagnostics" Name="Diagnostics">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>60093</DstPort>
+    </Filter>	
+    <Filter For="VantagePoint Incuity Server Advertiser" Name="Incuity Server">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>65207</DstPort>
+    </Filter>		
+    <Payload For="Alarming Server">
+        <Description>Rockwell FactoryTalk Alarming Server</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Alarming Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Object RPC">
+        <Description>Rockwell FactoryTalk Object RPC</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="2">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Object RPC</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Event Multiplexor">
+        <Description>Rockwell FactoryTalk Object RPC</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Event Multiplexor</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Service Control">
+        <Description>Rockwell FactoryTalk Service Control</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="2">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Service Control</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Server Health">
+        <Description>Rockwell FactoryTalk Server Health</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="2">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Server Health</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Event Server">
+        <Description>Rockwell FactoryTalk Event Server</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="2">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Event Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Directory Server File Transfer">
+        <Description>Rockwell FactoryTalk Directory Server File Transfer</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Directory Server File Transfer</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Directory Server">
+        <Description>Rockwell FactoryTalk Directory Server</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Directory Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="PI Network Manager">
+        <Description>Rockwell FactoryTalk Historian Site Edition - PI Network Manager</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>ENGINEER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk PI Network Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Analysis Framework 5454">
+        <Description>Rockwell FactoryTalk Historian Site Edition - Analysis Framework 5454</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Analysis Framework 5454</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Analysis Framework 5455">
+        <Description>Rockwell FactoryTalk Historian Site Edition - Analysis Framework 5455</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Analysis Framework 5455</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="ACE2 Scheduler">
+        <Description>Rockwell FactoryTalk Historian Site Edition - ACE2 Scheduler</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk ACE2 Scheduler</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Asset Framework Server">
+        <Description>Rockwell FactoryTalk Historian Site Edition - Asset Framework Server</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Asset Framework Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="PI Notification">
+        <Description>Rockwell FactoryTalk Historian Site Edition - PI Notification</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk PI Notification</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Asset Centre Services 7002">
+        <Description>Rockwell FactoryTalk Historian Site Edition - Asset Centre Services 7002</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Asset Centre Services 7002</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Asset Centre Services 7003">
+        <Description>Rockwell FactoryTalk Asset Centre Services 7003</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Asset Centre Services 7003</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Asset Centre Services 7004">
+        <Description>Rockwell FactoryTalk Asset Centre Services 7004</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Asset Centre Services 7004</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>		
+    <Payload For="Asset Centre Server/VantagePoint SQL">
+        <Description>Rockwell FactoryTalk Asset Centre Server/ VantagePoint SQL</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Asset Centre Server. SQL server communication over default port.</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Asset Centre Server/VantagePoint MSSQL">
+        <Description>Rockwell FactoryTalk Asset Centre Server/ VantagePoint MSSQL</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Asset Centre Server. Recommended static destination port for MSSQL to minimize the number of ports open to a firewall.</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Live Data/SE HMI Tag Server">
+        <Description>Rockwell FactoryTalk Live Data/SE HMI Tag Server</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk Live Data/SE HMI Tag Server.</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+    <Payload For="Diagnostics">
+        <Description>Rockwell FactoryTalk Diagnostics</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="Product">Rockwell FactoryTalk Diagnostics.</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="VantagePoint Incuity Server Advertiser">
+        <Description>Rockwell FactoryTalk VantagePoint Incuity Server Advertiser</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FactoryTalk VantagePoint Incuity Server Advertiser.</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell FlexLM Server.xml b/GM3/data/fingerprint/Rockwell FlexLM Server.xml
new file mode 100644
index 0000000..51d1e3b
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell FlexLM Server.xml	
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell FlexLM Server</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of FlexLM server traffic.</Description>
+        <Tag>Original</Tag>
+    </Header>
+    <Filter For="FlexLM Server 1" Name="Server 1">
+        <DstPort>27000</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For="FlexLM Server 2" Name="Server 2">
+        <DstPort>27001</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 3" Name="Server 3">
+        <DstPort>27002</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 4" Name="Server 4">
+        <DstPort>27003</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 5" Name="Server 5">
+        <DstPort>27004</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 6" Name="Server 6">
+        <DstPort>27005</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 7" Name="Server 7">
+        <DstPort>27006</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 8" Name="Server 8">
+        <DstPort>27007</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 9" Name="Server 9">
+        <DstPort>27008</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>	
+    <Filter For="FlexLM Server 10" Name="Server 10">
+        <DstPort>27009</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>		
+    <Payload For="FlexLM Server 1">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 2">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 3">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 4">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 5">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 6">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 7">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 8">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 9">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="FlexLM Server 10">
+        <Description>Rockwell FlexLM Server payload that tags the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell FlexLM Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell RSBizWare.xml b/GM3/data/fingerprint/Rockwell RSBizWare.xml
new file mode 100644
index 0000000..61134e9
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell RSBizWare.xml	
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell RSBizWare</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of RSBizWare traffic.</Description>
+    </Header>
+    <Filter For="RPC Production Server" Name="RPC Production">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>4120</DstPort>
+    </Filter>
+    <Filter For="RPC Server Manager" Name="RPC Server Manager">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>4121</DstPort>
+    </Filter>	
+    <Filter For="RPC PlantMetrics Server" Name="RPC PlantMetrics">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>4122</DstPort>
+    </Filter>	
+    <Filter For="RPC Task Manager" Name="RPC Task Manager">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>4123</DstPort>
+    </Filter>	
+    <Filter For="RPC Scheduler Server" Name="RPC Scheduler">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>4124</DstPort>
+    </Filter>	
+    <Filter For="RPC Scheduler CTP Server" Name="RPC Scheduler CTP">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>4125</DstPort>
+    </Filter>		
+    <Filter For="HTTP Production Server" Name="HTTP Production">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>8080</DstPort>
+    </Filter>
+    <Filter For="HTTP Server Manager" Name="HTTP Server Manager">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>8081</DstPort>
+    </Filter>	
+    <Payload For="RPC Production Server">
+        <Description>Rockwell RSBizWare Production Server payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Production Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="RPC Server Manager">
+        <Description>Rockwell RSBizWare Server Manager payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>OPERATOR</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Server Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="RPC PlantMetrics Server">
+        <Description>Rockwell RSBizWare PlantMetrics Server payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Production Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="RPC Task Manager">
+        <Description>Rockwell RSBizWare Task Manager payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>OPERATOR</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Task Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="RPC Scheduler Server">
+        <Description>Rockwell RSBizWare Scheduler Server payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Scheduler Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="RPC Scheduler CTP Server">
+        <Description>Rockwell RSBizWare Scheduler CTP Server payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Scheduler CTP Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+		<Payload For="HTTP Production Server">
+        <Description>Rockwell RSBizWare Production Server payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Scheduler CTP Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+		<Payload For="HTTP Server Manager">
+        <Description>Rockwell RSBizWare Server Manager payload that tags TCP traffic over the destination port</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Role>OPERATOR</Role>
+                    <Detail Name="Product">Rockwell RSBizWare-Scheduler CTP Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell RSSql.xml b/GM3/data/fingerprint/Rockwell RSSql.xml
new file mode 100644
index 0000000..ebf3ad0
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell RSSql.xml	
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell RSSql</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of Rockwell RSSql Transaction Manager, Compression Server, and Configuration Server traffic.</Description>
+    </Header>
+    <Filter For="RSSql Transaction Manager" Name="RSSql Transaction">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>400</DstPort>
+    </Filter>
+    <Filter For="RSSql Compression Server" Name="RSSql Compression">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>401</DstPort>
+    </Filter>
+    <Filter For="RSSql Configuration Server" Name="RSSql Configuration">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>402</DstPort>
+    </Filter>
+    <Payload For="RSSql Transaction Manager">
+        <Description>Rockwell RSSql transaction that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell RSSql Transaction Manager</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="RSSql Compression Server">
+        <Description>Rockwell RSSql compression server that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell RSSql Compression Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="RSSql Configuration Server">
+        <Description>Rockwell RSSql Configuration server that tags the source and destination ports</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">Rockwell RSSql Configuration Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Rockwell RSViewSE.xml b/GM3/data/fingerprint/Rockwell RSViewSE.xml
new file mode 100644
index 0000000..4b32b76
--- /dev/null
+++ b/GM3/data/fingerprint/Rockwell RSViewSE.xml	
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Rockwell RSViewSE</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of RSviewSE HMI Server traffic. This fingerprint looks for evidence of RSViewSE Server Framework traffic. This fingerprint looks for evidence of RSViewSE HMI Activation traffic. This fingerprint looks for evidence of RSViewSE Directory Serve traffic. </Description>
+    </Header>
+    <Filter For="HMI Server" Name="HMI Server">
+        <SrcPort>7720</SrcPort>
+    </Filter>
+    <Filter For="Server Framework" Name="Server Framework">
+        <SrcPort>7721</SrcPort>
+    </Filter>
+    <Filter For="HMI Activation" Name="HMI Activation">
+        <SrcPort>7721</SrcPort>
+    </Filter>
+    <Filter For="Directory Server" Name="Directory Server">
+        <SrcPort>7721</SrcPort>
+    </Filter>	
+    <Payload For="HMI Server">
+		<Description>Rockwell FactoryTalk RSView SE HMI Server</Description>
+        <Always>
+            <Return Confidence="5">
+				<Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell RSView SE HMI Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Server Framework">
+		<Description>Rockwell FactoryTalk RSView SE Server Framework</Description>
+        <Always>
+            <Return Confidence="5">
+				<Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell RSView SE Server Framework</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="HMI Activation">
+		<Description>Rockwell FactoryTalk RSView SE HMI Activation</Description>
+        <Always>
+            <Return Confidence="5">
+				<Details>
+                    <Category>HMI</Category>
+                    <Role>OTHER</Role>
+                    <Detail Name="Product">Rockwell HMI Activation</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Directory Server">
+		<Description>Rockwell FactoryTalk RSView SE Directory Server</Description>
+        <Always>
+            <Return Confidence="5">
+				<Details>
+                    <Category>HMI</Category>
+                    <Role>SERVER</Role>
+                    <Detail Name="Product">Rockwell Directory Server</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+</Fingerprint>
diff --git a/GM3/data/fingerprint/SAIA.xml b/GM3/data/fingerprint/SAIA.xml
new file mode 100644
index 0000000..9591abd
--- /dev/null
+++ b/GM3/data/fingerprint/SAIA.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>SAIA S-BUS</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of SAIA S-BUS traffic.</Description>
+    </Header>
+    <Filter For="SAIA" Name="S-BUS">
+        <DstPort>5050</DstPort>
+    </Filter>
+    <Payload For="SAIA">
+		<Description>Communication Protocol between PDC and PLC by Saia-Burgess Controls.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">SAIA</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload> 
+</Fingerprint>
diff --git a/GM3/data/fingerprint/SEL-351A.xml b/GM3/data/fingerprint/SEL-351A.xml
new file mode 100644
index 0000000..9d862b2
--- /dev/null
+++ b/GM3/data/fingerprint/SEL-351A.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>SEL-351A</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint pulls out the version info transmitted from a SEL-351A ID command over telnet.</Description>
+    </Header>
+    <Filter For="SEL-351A" Name="Device Info From ID Cmd">
+        <TransportProtocol>6</TransportProtocol>
+        <Ethertype>2048</Ethertype>
+        <SrcPort>23</SrcPort>
+    </Filter>
+    <Payload For="SEL-351A">
+        <Description>Tags SEL-351A return traffic that is sending IP commands over telnet.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="true">
+            <Content Type="HEX">49440D0A020D0A224649443D</Content>
+            <AndThen>
+                <Anchor Cursor="START" Position="START_OF_PAYLOAD" Relative="false" Offset="12"/>
+                <Anchor Cursor="END" Position="START_OF_PAYLOAD" Relative="false" Offset="46"/>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Category>ICS_HOST</Category>
+                        <Detail Name="ICSProtocol">SEL-351A</Detail>
+                    </Details>
+                    <Extract Name="Version" From="12" To="CURSOR_END" MaxLength="1024" Endian="BIG">
+                        <Post Convert="INTEGER"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/SNMP.xml b/GM3/data/fingerprint/SNMP.xml
new file mode 100644
index 0000000..f6aa0f2
--- /dev/null
+++ b/GM3/data/fingerprint/SNMP.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>SNMP</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for evidence of the Simple Network Management Protocol traffic.</Description>
+    </Header>
+    <Filter For="SNMP" Name="SNMP">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>161</DstPort>
+    </Filter>
+    <Filter For="SNMP" Name="SNMPTRAP">
+        <TransportProtocol>17</TransportProtocol>
+        <DstPort>162</DstPort>
+    </Filter>
+    <Payload For="SNMP">
+		<Description>Tags Simple Network Management Protocol over UDP port 161 and 162 for SNMPTRAP services. The payload looks for SNMP HEX pattern match that will extract the CommunityID and the RequestID from the DATA GET request header.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="InternetStandardProtocol">SNMP</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="true">
+            <Content Type="HEX">302E02</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="CommunityID" From="7" To="15" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                    <Extract Name="RequestID" From="19" To="23" MaxLength="1024" Endian="BIG">
+                        <Post Convert="INTEGER"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Schleicher.xml b/GM3/data/fingerprint/Schleicher.xml
new file mode 100644
index 0000000..8714cbc
--- /dev/null
+++ b/GM3/data/fingerprint/Schleicher.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Schleicher</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Schleicher XCX 300 traffic over 20547. This fingerprint identifies evidence of Invensys Sigma Port traffic.</Description>
+    </Header>
+    <Filter For="XCX 300" Name="XCX 300">
+        <DstPort>20547</DstPort>
+    </Filter>
+    <Filter For="Satchwell Sigma port" Name="Sigma Port">
+        <DstPort>3614</DstPort>
+    </Filter>	
+    <Payload For="XCX 300">
+        <Description>Tags destination port known to the Schleicher XCX 300 PLC.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Detail Name="Product">XCX 300</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Satchwell Sigma port">
+        <Description>Tags Schleicher Electric Invensys Sigma port trafifc.</Description>
+        <Always>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Invensys Sigma Port</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/Server View.xml b/GM3/data/fingerprint/Server View.xml
new file mode 100644
index 0000000..8db1f93
--- /dev/null
+++ b/GM3/data/fingerprint/Server View.xml	
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Server View</Name>
+        <Author>Default</Author>
+        <Description>This tries to find Server view dmbs access traffic.</Description>
+    </Header>
+    <Filter For="Server View" Name="DBMS Access">
+        <SrcPort>9212</SrcPort>
+    </Filter>
+    <Payload For="Server View">
+        <Description>Tags the DBMS access from Server View.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Server View DBMS access</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/ServerStart RemoteControl.xml b/GM3/data/fingerprint/ServerStart RemoteControl.xml
index 381f643..eae6965 100644
--- a/GM3/data/fingerprint/ServerStart RemoteControl.xml	
+++ b/GM3/data/fingerprint/ServerStart RemoteControl.xml	
@@ -1,19 +1,22 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <Fingerprint>
     <Header>
-        <Name>ServerStart RemoteControl</Name>
+        <Name>ServerStart</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of ServerStart RemoteControl traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of ServerStart RemoteControl traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="ServerStart" Name="RemoteControl">
         <SrcPort>9213</SrcPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="ServerStart">
+        <Description>Tags inbound ServerStart RemoteControl traffic by source port</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="SERVERSTART" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">ServerStart RemoteControl</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-</Fingerprint>
+</Fingerprint>
\ No newline at end of file
diff --git a/GM3/data/fingerprint/Siemens APOGEE.xml b/GM3/data/fingerprint/Siemens APOGEE.xml
new file mode 100644
index 0000000..b606434
--- /dev/null
+++ b/GM3/data/fingerprint/Siemens APOGEE.xml	
@@ -0,0 +1,403 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Siemens APOGEE</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint finds the version number of the device in the APOGEE network. This fingerprint finds the AEM (APOGEE Ethernet Microserver). This fingerprint finds the hardware type of the device in the APOGEE network. This fingerprint finds the hardware type of the device in the APOGEE network. This fingerprint finds the last link date of the device in the APOGEE network. This fingerprint finds the Ethernet field nael traffic. This fingerprint finds the AEM device. This fingerprint finds the AEM device. This fingerprint finds the AEM device. This fingerprint finds the AEM device. This fingerprint finds the AEM device. This fingerprint finds the License Manager. This fingerprint finds the Device Field Panel. This fingerprint finds the Device Field Panel. This fingerprint finds the Insight Async Service. This fingerprint finds the Objectivity Database 1 and 2. This fingerprint finds the Objectivity Insight 1. This fingerprint finds the AMS Service and Lock server and AEM200. This fingerprint finds Dialogic Board. This fingerprint finds the utility cast manager. This fingerprint finds the UDP BACnet</Description>
+    </Header>
+    <Filter For="Network-Version Number" Name="Version Number">
+        <TransportProtocol>6</TransportProtocol>
+        <SrcPort>5033</SrcPort>
+    </Filter>
+    <Filter For="Network-Hardware Type" Name="Hardware Type">
+        <TransportProtocol>6</TransportProtocol>
+        <SrcPort>5033</SrcPort>
+    </Filter>
+    <Filter For="Network-Panel Name" Name="Panel Name">
+        <TransportProtocol>6</TransportProtocol>
+        <SrcPort>5033</SrcPort>
+    </Filter>
+    <Filter For="Network-Link Date" Name="Link Date">
+        <TransportProtocol>6</TransportProtocol>
+        <SrcPort>5033</SrcPort>
+    </Filter>
+    <Filter For="Ethernet RS485 field panel" Name="Field Panel">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>3001</DstPort>
+    </Filter>
+    <Filter For="AEM Device" Name="Field Panel">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>3002</DstPort>
+    </Filter>
+    <Filter For="License Manager" Name="Manager">
+        <DstPort>5099</DstPort>
+    </Filter>
+    <Filter For="Device Field Panel" Name="Field Panel">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>5441</DstPort>
+    </Filter>
+    <Filter For="Insight Async Service" Name="Async Service">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>5442</DstPort>
+    </Filter>
+    <Filter For="Objectivity Database 1" Name="Database 1">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>6775</DstPort>
+    </Filter>
+    <Filter For="Objectivity Database 2" Name="Database 2">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>6888</DstPort>
+    </Filter>
+    <Filter For="Objectivity Insight 1" Name="Insight 1">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>6889</DstPort>
+    </Filter>
+    <Filter For="Objectivity Insight 2" Name="Insight 2">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>6780</DstPort>
+    </Filter>	
+    <Filter For="Objectivity AMS Service" Name="AMS Service">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>6779</DstPort>
+    </Filter>
+    <Filter For="Objectivity Lock Server" Name="Lock Server">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>6780</DstPort>
+    </Filter>
+    <Filter For="AEM200 Communication" Name="AEM200 Communication">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>999</DstPort>
+	</Filter>	
+    <Filter For="Dialogic Board 1" Name="Dialogic Board 1">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>12001</DstPort>		
+    </Filter>
+    <Filter For="Dialogic Board 2" Name="Dialogic Board 2">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>12002</DstPort>		
+    </Filter>	
+    <Filter For="Dialogic Board 3" Name="Dialogic Board 3">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>12003</DstPort>		
+    </Filter>	
+    <Filter For="Dialogic Board 4" Name="Dialogic Board 4">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>12004</DstPort>		
+    </Filter>
+    <Filter For="Dialogic Board 5" Name="Dialogic Board 5">
+		<TransportProtocol>6</TransportProtocol>
+        <DstPort>12005</DstPort>		
+    </Filter>
+    <Filter For="Utility Cast Manager" Name="Manager">
+        <DstPort>30400</DstPort>		
+    </Filter>
+    <Filter For="BACnet Field Panels" Name="BACnet">
+        <DstPort>47808</DstPort>		
+    </Filter>		
+    <Payload For="Network-Version Number">
+        <Description>Tags APOGEE network version number by HEX match and extracts the version number.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="65535" MoveCursors="true">
+            <Content Type="HEX">3C56657273696F6E4E756D6265723E</Content>
+            <AndThen>
+                <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="false">
+                    <Content Type="HEX">3C</Content>
+                    <AndThen>
+                        <Anchor Cursor="END" Position="CURSOR_MAIN" Relative="false" Offset="0"/>
+                        <Return Direction="SOURCE" Confidence="3">
+                            <Details>
+                                <Category>ICS_HOST</Category>
+                                <Role>SERVER</Role>
+                                <Detail Name="Product">APOGEE - Network Version Number</Detail>
+                            </Details>
+                        </Return>
+                    </AndThen>
+                </Match>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="Network-Hardware Type">
+        <Description>Tags APOGEE network hardware type by HEX match and extracts the model type</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="65535" MoveCursors="true">
+            <Content Type="HEX">3C4861726477617265547970653E</Content>
+            <AndThen>
+                <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="false">
+                    <Content Type="HEX">3C</Content>
+                    <AndThen>
+                        <Anchor Cursor="END" Position="CURSOR_MAIN" Relative="false" Offset="0"/>
+                        <Return Direction="SOURCE" Confidence="3">
+                            <Details>
+                                <Category>ICS_HOST</Category>
+                                <Role>SERVER</Role>
+                                <Detail Name="Product">APOGEE-Network Hardware Type</Detail>
+                            </Details>
+                            <Extract Name="Model" From="CURSOR_START" To="CURSOR_END" MaxLength="1024" Endian="BIG">
+                                <Post Convert="INTEGER"/>
+                            </Extract>
+                        </Return>
+                    </AndThen>
+                </Match>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="Network-Panel Name">
+        <Description>Tags APOGEE network panel name HEX match and extracts the panel name</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="65535" MoveCursors="true">
+            <Content Type="HEX">3C50616E656C204E616D653D22</Content>
+            <AndThen>
+                <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="false">
+                    <Content Type="HEX">22</Content>
+                    <AndThen>
+                        <Anchor Cursor="END" Position="CURSOR_MAIN" Relative="false" Offset="0"/>
+                        <Return Direction="SOURCE" Confidence="3">
+                            <Details>
+                                <Category>ICS_HOST</Category>
+                                <Role>SERVER</Role>
+                                <Detail Name="Product">APOGEE - Network Panel Name</Detail>
+                            </Details>
+                            <Extract Name="Panel Name: " From="CURSOR_START" To="CURSOR_END" MaxLength="1024" Endian="BIG">
+                                <Post Convert="STRING"/>
+                            </Extract>
+                        </Return>
+                    </AndThen>
+                </Match>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="Network-Link Date">
+        <Description>Tags APOGEE network link date by HEX match and extracts the link date.</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="65535" MoveCursors="true">
+            <Content Type="HEX">3C4C696E6B446174653E</Content>
+            <AndThen>
+                <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="true" Within="0" MoveCursors="false">
+                    <Content Type="HEX">3C</Content>
+                    <AndThen>
+                        <Anchor Cursor="END" Position="CURSOR_MAIN" Relative="false" Offset="0"/>
+                        <Return Direction="SOURCE" Confidence="3">
+                            <Details>
+                                <Category>ICS_HOST</Category>
+                                <Role>SERVER</Role>
+                                <Detail Name="Product">APOGEE - Network Link Date</Detail>
+                            </Details>
+                            <Extract Name="Link Date:" From="CURSOR_START" To="CURSOR_END" MaxLength="1024" Endian="BIG">
+                                <Post Convert="INTEGER"/>
+                            </Extract>
+                        </Return>
+                    </AndThen>
+                </Match>
+            </AndThen>
+        </Match>
+    </Payload>
+	<Payload For="Ethernet RS485 field panel">
+        <Description>Tags APOGEE field panels.</Description>
+        <Always>
+            <Return Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Product">APOGEE Ethernet Field Panel</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+	<Payload For="AEM Device">
+        <Description>Tags APOGEE AEM Device.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE AEM Device</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>	
+	<Payload For="License Manager">
+        <Description>Tags APOGEE License Manager.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE License Manager</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Device Field Panel">
+        <Description>Tags APOGEE Device Field Panel.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Device Field Panel</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Insight Async Service">
+        <Description>Tags APOGEE Insight Async Service.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Insight Async Service</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Objectivity Database 1">
+        <Description>Tags APOGEE Objectivity Database 1.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Role>SERVER</Role>
+						<Detail Name="Product">APOGEE Objectivity Database 1</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Objectivity Database 2">
+        <Description>Tags APOGEE Device Field Panel 2.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Role>SERVER</Role>
+						<Detail Name="Product">APOGEE Objectivity Database 2</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Objectivity Insight 1">
+        <Description>Tags APOGEE Objectivity Insight 1.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Objectivity Insight 1</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Objectivity Insight 2">
+        <Description>Tags APOGEE Objectivity Insight 2.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Objectivity Insight 2</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>		
+	<Payload For="Objectivity AMS Service">
+        <Description>Tags APOGEE Objectivity AMS Service.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Role>SERVER</Role>
+						<Detail Name="Product">APOGEE Objectivity AMS Service</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>	
+	<Payload For="Objectivity Lock Server">
+        <Description>Tags APOGEE Objectivity Lock Server.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Role>SERVER</Role>
+						<Detail Name="Product">APOGEE Objectivity Lock Server</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>	
+	<Payload For="AEM200 Communication">
+        <Description>Tags APOGEE AEM200 Communication.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE AEM200 Communication</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Dialogic Board 1">
+        <Description>Tags APOGEE Dialogic Board 1.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Dialogic Board 1</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Dialogic Board 2">
+        <Description>Tags APOGEE Dialogic Board 2.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Dialogic Board 2</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Dialogic Board 3">
+        <Description>Tags APOGEE Dialogic Board 3.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Dialogic Board 3</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Dialogic Board 4">
+        <Description>Tags APOGEE Dialogic Board 4.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Dialogic Board 4</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="Dialogic Board 5">
+        <Description>Tags APOGEE Dialogic Board 5.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Dialogic Board</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>	
+	<Payload For="Utility Cast Manager">
+        <Description>Tags APOGEE Utility Cast Manager.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE Utility Cast Manager</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>
+	<Payload For="BACnet Field Panels">
+        <Description>Tags APOGEE BACnet Field Panels.</Description>
+            <Always>
+				<Return Confidence="5">
+					<Details>
+						<Category>ICS_HOST</Category>
+						<Detail Name="Product">APOGEE BACnet Field Panels</Detail>
+					</Details>
+				</Return>
+			</Always>
+    </Payload>	
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Siemens AuD SCP.xml b/GM3/data/fingerprint/Siemens AuD SCP.xml
index 4bcf616..9ab3757 100644
--- a/GM3/data/fingerprint/Siemens AuD SCP.xml	
+++ b/GM3/data/fingerprint/Siemens AuD SCP.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>Siemens AuD SCP</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of Siemens AuD SCP traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of Siemens AuD SCP traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="AuD SCP" Name="SCP">
         <DstPort>3820</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="AuD SCP">
+		<Description>Tags Siemens AuD SCP traffic over known destination port.</Description>
         <Always>
-            <Return Confidence="3">
-                <Extract Name="SCP" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="3">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="Siemens">AuD SCP</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Siemens S7Comm.xml b/GM3/data/fingerprint/Siemens S7Comm.xml
new file mode 100644
index 0000000..93b88dd
--- /dev/null
+++ b/GM3/data/fingerprint/Siemens S7Comm.xml	
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Siemens S7Comm</Name>
+        <Author>Default</Author>
+        <Description>ISO 8073 COTP 020f80 protocol usually rides on port 102. The first byte is always x32 as protocol identifier which is the protocol ID 020f80 32</Description>
+    </Header>
+    <Filter For="S7Comm Master" Name="Master">
+        <DstPort>102</DstPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Filter For="S7Comm Slave" Name="Slave">
+        <SrcPort>102</SrcPort>
+        <TransportProtocol>6</TransportProtocol>
+    </Filter>
+    <Payload For="S7Comm Master"> 
+        <Description>Payload matches on the ISO8073/X.224 COTP HEX pattern</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">02F08032</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Category>MTU</Category>
+                        <Role>MASTER</Role>
+                        <Detail Name="S7Communication">COPT</Detail>
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+    <Payload For="S7Comm Slave">
+		<Description>Payload matches on the ISO8073/X.224 COTP HEX pattern</Description>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="0" Relative="false" Within="0" MoveCursors="true">
+            <Content Type="HEX">02F08032</Content>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details>
+                        <Category>PLC</Category>
+                        <Role>SLAVE</Role>
+                        <Detail Name="S7Communication">COPT</Detail> 
+                    </Details>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/TCIM-control.xml b/GM3/data/fingerprint/TCIM-control.xml
index 86c7bbf..918b355 100644
--- a/GM3/data/fingerprint/TCIM-control.xml
+++ b/GM3/data/fingerprint/TCIM-control.xml
@@ -1,17 +1,22 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <Fingerprint>
     <Header>
-        <Name>TCIM-control</Name>
+        <Name>TCIM-Control</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of TCIM Control traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of TCIM Control traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="TCIM-Control" Name="DstPort">
         <DstPort>2729</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="TCIM-Control">
+        <Description>Tags TCIM-control traffic by destination port</Description>
         <Always>
-            <Return Confidence="1"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">TCIM-Control</Detail>
+                </Details>
+            </Return>
         </Always>
     </Payload>
 </Fingerprint>
diff --git a/GM3/data/fingerprint/TFTP.xml b/GM3/data/fingerprint/TFTP.xml
new file mode 100644
index 0000000..8220af3
--- /dev/null
+++ b/GM3/data/fingerprint/TFTP.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>TFTP</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of TFTP daemons that listen on UDP port 69, but respond but respond from a randomly allocated high port.</Description>
+    </Header>
+    <Filter For="Trivial FTP Daemon Service" Name="TFTP">
+        <TransportProtocol>17</TransportProtocol>
+		<DstPort>69</DstPort>
+    </Filter>
+    <Payload For="Trivial FTP Daemon Service">
+        <Description>Tags TFTP traffic that listens on UDP port 69</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">TFTP</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Trio Motion Control Port.xml b/GM3/data/fingerprint/Trio Motion Control Port.xml
index d103c8e..9099ba5 100644
--- a/GM3/data/fingerprint/Trio Motion Control Port.xml	
+++ b/GM3/data/fingerprint/Trio Motion Control Port.xml	
@@ -1,18 +1,21 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <Fingerprint>
     <Header>
-        <Name>Trio Motion Control Port</Name>
+        <Name>Trio Motion Control</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of Trio Motion Control Port traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of Trio Motion Control Port traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="Trio Motion Control" Name="DstPort">
         <DstPort>3240</DstPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="Trio Motion Control">
+        <Description>Tags Trio Motion Control port traffic by destination port.</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="TRIOMOTION" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">Trio Motion Control</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Trivial.xml b/GM3/data/fingerprint/Trivial.xml
index 9bb03e6..f25c75a 100644
--- a/GM3/data/fingerprint/Trivial.xml
+++ b/GM3/data/fingerprint/Trivial.xml
@@ -3,25 +3,35 @@
     <Header>
         <Name>Trivial</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of Trivial Network Management traffic.Low confidence that it is TFTP.  TFTP is often used in embedded devices.</Description>
+        <Description>This fingerprint looks for evidence of Trivial Network Management traffic. Low confidence that it is TFTP. TFTP is often used in embedded devices.</Description>
     </Header>
-    <Filter For=" Network Management">
+    <Filter For="Network Management" Name="TNMPV-2">
         <DstPort>3686</DstPort>
     </Filter>
-    <Filter For=" File Transfer Protocol">
+    <Filter For="File Transfer Protocol" Name="FTP">
         <SrcPort>69</SrcPort>
         <DstPort>69</DstPort>
     </Filter>
-    <Payload For=" Network Management">
+    <Payload For="Network Management">
+        <Description>Tags Trivial Network Management TNMPV-2</Description>
         <Always>
-            <Return Confidence="1">
-                <Extract Name="TNMPV-2" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">TNMPV-2</Detail>
+                </Details>
             </Return>
         </Always>
     </Payload>
-    <Payload For=" File Transfer Protocol">
+    <Payload For="File Transfer Protocol">
+        <Description>Tags Trivial File Transfer Protocol</Description>
         <Always>
-            <Return Confidence="1"/>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Detail Name="ICSProtocol">FTP</Detail>
+                </Details>
+            </Return>
         </Always>
     </Payload>
 </Fingerprint>
diff --git a/GM3/data/fingerprint/UPNP Device Host.xml b/GM3/data/fingerprint/UPNP Device Host.xml
new file mode 100644
index 0000000..6eb1261
--- /dev/null
+++ b/GM3/data/fingerprint/UPNP Device Host.xml	
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>UPNP Device Host</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of UPNP device host discovery system service that implements all the components required for device registration, control, and responding to events for hsoted device.</Description>
+    </Header>
+    <Filter For="UPNP Device Host" Name="UPNP">
+        <TransportProtocol>6</TransportProtocol>
+        <DstPort>2869</DstPort>
+    </Filter>
+    <Payload For="UPNP Device Host">
+        <Description>Tags upnp device host traffic over UDP port 2869</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">UPNP Device Host</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Unitronics.xml b/GM3/data/fingerprint/Unitronics.xml
new file mode 100644
index 0000000..33468a3
--- /dev/null
+++ b/GM3/data/fingerprint/Unitronics.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Unitronics</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of Unitronics Socket TCP slave communication.</Description>
+    </Header>
+    <Filter For="Unitronics Socket1" Name="Socket1">
+        <DstPort>20256</DstPort>
+    </Filter>
+    <Filter For="Unitronics Socket2" Name="Socket2">
+        <DstPort>502</DstPort>
+    </Filter>
+    <Filter For="Unitronicsw Socket3" Name="Socket2">
+        <DstPort>20257</DstPort>
+    </Filter>
+    <Payload For="Unitronics Socket1">
+        <Description>PLC Socket Slave connection over TCP 20256</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="Product">Socket1</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Unitronics Socket2">
+        <Description>PLC Socket Slave connection over TCP 502</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Product">Socket2</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="Unitronicsw Socket3">
+        <Description>PLC Socket Slave connection over TCP 20257</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>PLC</Category>
+                    <Role>SLAVE</Role>
+                    <Detail Name="Product">Socket3</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/WINS Replication.xml b/GM3/data/fingerprint/WINS Replication.xml
new file mode 100644
index 0000000..1714a3a
--- /dev/null
+++ b/GM3/data/fingerprint/WINS Replication.xml	
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>WINS Replication</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of windows internet naming service that enables NetBIOS name resolution.</Description>
+    </Header>
+    <Filter For="WINS" Name="Replication">
+        <DstPort>42</DstPort>
+    </Filter>
+    <Payload For="WINS">
+        <Description>Tags WINS server that is communicating with network clients using NetBIOS name resolution</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Microsoft Server Product">WINS Replication</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/WWIO Talk.xml b/GM3/data/fingerprint/WWIO Talk.xml
index 10ee74d..bd87bb9 100644
--- a/GM3/data/fingerprint/WWIO Talk.xml	
+++ b/GM3/data/fingerprint/WWIO Talk.xml	
@@ -3,16 +3,19 @@
     <Header>
         <Name>WWIO Talk</Name>
         <Author>Default</Author>
-        <Description>This fingerprint looks for the evidence of WWIO Talk traffic.</Description>
-        <Tag>Original</Tag>
+        <Description>This fingerprint looks for evidence of WWIO Talk traffic.</Description>
     </Header>
-    <Filter For="default">
+    <Filter For="WWIO Talk" Name="WWIO Talk">
         <SrcPort>5413</SrcPort>
     </Filter>
-    <Payload For="default">
+    <Payload For="WWIO Talk">
+        <Description>The host listening on 5413</Description>
         <Always>
-            <Return Confidence="4">
-                <Extract Name="WWIOTALK" From="CURSOR_START" To="CURSOR_END"/>
+            <Return Direction="SOURCE" Confidence="4">
+                <Details>
+                    <Category>ICS_HOST</Category>
+                    <Role>OTHER</Role>
+                </Details>
             </Return>
         </Always>
     </Payload>
diff --git a/GM3/data/fingerprint/Who_Login.xml b/GM3/data/fingerprint/Who_Login.xml
new file mode 100644
index 0000000..c44b0c8
--- /dev/null
+++ b/GM3/data/fingerprint/Who_Login.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Who_Login</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint identifies evidence of who/login against tcp/udp traffic. This is a automatic authentication performed based on privileged port numbers and distributed databases which identify "authentication domains." Also the protocol maintains databases showing who's logged into the machines on a local network and the load average of the machine.</Description>
+    </Header>
+    <Filter For="who_login" Name="SrcPort">
+        <SrcPort>513</SrcPort>
+    </Filter>
+    <Filter For="who_login" Name="DstPort">
+        <DstPort>513</DstPort>
+    </Filter>
+    <Payload For="who_login">
+        <Description>Tags version 1 type 1, WHO or LOGIN protocol over 513 tcp/udp traffic.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Detail Name="Authentication">WHO/Login</Detail>
+                </Details>
+            </Return>
+        </Always>
+        <Match Offset="0" Reverse="true" NoCase="false" Depth="12" Relative="true" Within="0" MoveCursors="true">
+            <Pattern>1010</Pattern>
+            <AndThen>
+                <Return Direction="SOURCE" Confidence="5">
+                    <Details/>
+                    <Extract Name="Hostname" From="12" To="16" MaxLength="1024" Endian="BIG">
+                        <Post Convert="STRING"/>
+                    </Extract>
+                </Return>
+            </AndThen>
+        </Match>
+    </Payload>
+</Fingerprint>
diff --git a/GM3/data/fingerprint/Wonderware.xml b/GM3/data/fingerprint/Wonderware.xml
new file mode 100644
index 0000000..371bd33
--- /dev/null
+++ b/GM3/data/fingerprint/Wonderware.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Fingerprint>
+    <Header>
+        <Name>Wonderware</Name>
+        <Author>Default</Author>
+        <Description>This fingerprint looks for the devices using the wonderware protocol.</Description>
+    </Header>
+    <Filter For="WonderwareDST" Name="Dst">
+        <DstPort>5413</DstPort>
+    </Filter>
+    <Filter For="WonderwareSRC" Name="Src">
+        <SrcPort>5413</SrcPort>
+    </Filter>
+    <Payload For="WonderwareDST">
+	<Description>Wonderware IO Talk traffic that looks for the specific destination port.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="WonderwareProtocol">SuiteLink</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>
+    <Payload For="WonderwareSRC">
+	<Description>Wonderware IO Talk traffic that looks for the specific source port.</Description>
+        <Always>
+            <Return Direction="SOURCE" Confidence="5">
+                <Details>
+                    <Category>HMI</Category>
+                    <Detail Name="WonderwareProtocol">SuiteLink</Detail>
+                </Details>
+            </Return>
+        </Always>
+    </Payload>	
+</Fingerprint>
diff --git a/GM3/data/plugins/iadgov.csvimport/Plugin.java b/GM3/data/plugins/iadgov.csvimport/Plugin.java
index 3804743..38d3b99 100644
--- a/GM3/data/plugins/iadgov.csvimport/Plugin.java
+++ b/GM3/data/plugins/iadgov.csvimport/Plugin.java
@@ -5,6 +5,7 @@
 import java.util.ArrayList;
 import java.util.Collection;
 
+
 /**
  * A plugin will be loaded by GrassMarlin if:
  *  1) The plugin is contained in a jar file located in the plugins directory
diff --git a/GM3/data/plugins/iadgov.offlinepcap/PacketHandler.java b/GM3/data/plugins/iadgov.offlinepcap/PacketHandler.java
index 81c627a..d1fd579 100644
--- a/GM3/data/plugins/iadgov.offlinepcap/PacketHandler.java
+++ b/GM3/data/plugins/iadgov.offlinepcap/PacketHandler.java
@@ -55,7 +55,7 @@ public int handle(final ByteBuffer bufPacket, final long msSinceEpoch, final int
         final byte protocol;
         final Cidr ipSource;
         final Cidr ipDest;
-        final byte ttl;
+        final int ttl;
         final int cbIp;
         final int idxLastIpByte;
 
@@ -68,9 +68,15 @@ public int handle(final ByteBuffer bufPacket, final long msSinceEpoch, final int
             protocol = bufPacket.get(startCurrentHeader + 9);
             ipSource = new Cidr(((long)bufPacket.getInt(startCurrentHeader + 12)) & 0x00000000FFFFFFFFL);
             ipDest = new Cidr(((long)bufPacket.getInt(startCurrentHeader + 16)) & 0x00000000FFFFFFFFL);
-            ttl = bufPacket.get(startCurrentHeader + 8);
+            ttl = (int)bufPacket.get(startCurrentHeader + 8) & 0x000000FF;
             cbIp = (int)bufPacket.getShort(startCurrentHeader + 2) & 0x0000FFFF;
-            idxLastIpByte = startCurrentHeader + cbIp;
+            //if cbIp is 0 there is a good chance that TSO is happening, we'er just going to guess that the packet is
+            // the length of the buffer
+            if (cbIp > 0) {
+                idxLastIpByte = startCurrentHeader + cbIp;
+            } else {
+                idxLastIpByte = cbPacket;
+            }
 
             final int wFragment = bufPacket.getShort(startCurrentHeader + 6);
             final boolean hasMoreFragments = (wFragment & 0x20) == 0x20;
@@ -212,7 +218,11 @@ public int handle(final ByteBuffer bufPacket, final long msSinceEpoch, final int
 
                     }
                 }
-                temp = new JBuffer(contents);
+                if (contents.length > 0) {
+                    temp = new JBuffer(contents);
+                } else {
+                    temp = null;
+                }
                 meta = new PMetaData(source, msSinceEpoch, idxFrame, portSource, portDest, protocol,
                         ipSource, macSource, ipDest, macDestination, -1, contents.length, etherType,
                         -1, -1, ttl, -1, null);
diff --git a/GM3/data/plugins/iadgov.offlinepcap/PcapFileParser.java b/GM3/data/plugins/iadgov.offlinepcap/PcapFileParser.java
index e2163e1..6902018 100644
--- a/GM3/data/plugins/iadgov.offlinepcap/PcapFileParser.java
+++ b/GM3/data/plugins/iadgov.offlinepcap/PcapFileParser.java
@@ -72,7 +72,7 @@ protected void parseSource() throws IllegalStateException{
 
                 //final int majorVersion = intFromBytes(header, 5, 2, isSwapped);
                 //final int minorVersion = intFromBytes(header, 7, 2, isSwapped);
-                final int secGmtOffset = intFromBytes(header, 9, 4, isSwapped);
+                final long secGmtOffset = intFromBytes(header, 9, 4, isSwapped);
                 //TODO: SigFigs
                 //TODO: SnapLen
                 //TODO: Network
@@ -81,10 +81,14 @@ protected void parseSource() throws IllegalStateException{
 
                 buffer = ByteBuffer.allocateDirect(16);
                 buffer.mark();
-                buffer.order(ByteOrder.LITTLE_ENDIAN);
+                if (isSwapped) {
+                    buffer.order(ByteOrder.BIG_ENDIAN);
+                } else {
+                    buffer.order(ByteOrder.LITTLE_ENDIAN);
+                }
                 while(16 == reader.read(buffer)) {
-                    final int sTimestamp = buffer.getInt(0);//intFromBytes(headerPacket, 0, 4, true);
-                    final int usTimestamp = buffer.getInt(4);//intFromBytes(headerPacket, 4, 4, true);
+                    final long sTimestamp = buffer.getInt(0);//intFromBytes(headerPacket, 0, 4, true);
+                    final long usTimestamp = buffer.getInt(4);//intFromBytes(headerPacket, 4, 4, true);
                     final int lengthPacket = buffer.getInt(8);//intFromBytes(headerPacket, 8, 4, true);       //This is the captured length
 
                     final ByteBuffer contentsPacket;
@@ -103,7 +107,7 @@ protected void parseSource() throws IllegalStateException{
                     }
                     contentsPacket.rewind();
 
-                    final int cbProcessed = handler.handle(contentsPacket, (sTimestamp + secGmtOffset) * 1000 + usTimestamp / 1000, idxFrame++);
+                    final int cbProcessed = handler.handle(contentsPacket, (sTimestamp + secGmtOffset) * 1000L + usTimestamp / 1000, idxFrame++);
                     source.recordTaskProgress(lengthPacket + 16 - cbProcessed);
 
                     buffer.reset();
diff --git a/GM3/data/plugins/iadgov.offlinepcap/PcapNgFileParser.java b/GM3/data/plugins/iadgov.offlinepcap/PcapNgFileParser.java
index 157d696..a7b9431 100644
--- a/GM3/data/plugins/iadgov.offlinepcap/PcapNgFileParser.java
+++ b/GM3/data/plugins/iadgov.offlinepcap/PcapNgFileParser.java
@@ -206,7 +206,7 @@ protected int processBlockHeader(SeekableByteChannel channel) throws IOException
                 cbProcessed = handler.handle(bufPacket, ts * 1000L / timestampResolutions.get(idInterface), idxFrame++);
                 //Variable length options will be included.
                 source.recordTaskProgress(sizeBlock - cbProcessed);
-                return sizeBlock - (28 + cbProcessed);
+                return sizeBlock - (28 + cbCapture);
             case 4: //Name Resolution Block
                 //TODO: Parse the name resolution block and use the data to augment nodes
                 source.recordTaskProgress(sizeBlock);
diff --git a/GM3/data/plugins/iadgov.sessioneventtest/Plugin.java b/GM3/data/plugins/iadgov.sessioneventtest/Plugin.java
new file mode 100644
index 0000000..7674f4b
--- /dev/null
+++ b/GM3/data/plugins/iadgov.sessioneventtest/Plugin.java
@@ -0,0 +1,50 @@
+package iadgov.sessioneventtest;
+
+import core.logging.Severity;
+import javafx.scene.control.MenuItem;
+
+import java.lang.Override;
+
+/**
+ * This plugin adds hooks that produce messages in response to session events.
+ * It exists to aid in the testing of the SessionEventHooks interface.
+ */
+public class Plugin implements util.Plugin, util.Plugin.SessionEventHooks {
+    /**
+     * Constructor required as part of the util.Plugin interface to GrassMarlin.
+     */
+    public Plugin() {
+        // No content
+    }
+
+    /**
+     * Part of the util.Plugin interface.
+     * @return The pretty-print version of the Plugin's name.
+     */
+    @Override
+    public String getName() {
+        return "Session Event Hooks";
+    }
+
+    /**
+     * Part of the util.Plugin interface.
+     * @return A MenuItem which will be added to the Tools->Plugin menu.  If null is returned, a disabled item bearing the name of the plugin will be provided automatically.
+     */
+    @Override
+    public MenuItem getMenuItem() {
+        return null;
+    }
+
+    @Override
+    public void sessionCreated(core.document.Session session) {
+        core.logging.Logger.log(this, Severity.Success, "New Session: " + session);
+    }
+    @Override
+    public void sessionLoaded(core.document.Session session) {
+        core.logging.Logger.log(this, Severity.Success, "Loaded Session: " + session);
+    }
+    @Override
+    public void sessionCleared(core.document.Session session) {
+        core.logging.Logger.log(this, Severity.Success, "Cleared Session: " + session);
+    }
+}
diff --git a/GM3/data/reference/GRASSMARLIN_User_Guide3.2.pdf b/GM3/data/reference/GRASSMARLIN_User_Guide3.2.pdf
index 89bd902..55f2d12 100644
Binary files a/GM3/data/reference/GRASSMARLIN_User_Guide3.2.pdf and b/GM3/data/reference/GRASSMARLIN_User_Guide3.2.pdf differ
diff --git a/GM3/images/logical/country/Thumbs.db b/GM3/images/logical/country/Thumbs.db
new file mode 100644
index 0000000..6f98ea6
Binary files /dev/null and b/GM3/images/logical/country/Thumbs.db differ
diff --git a/GM3/images/physical/Thumbs.db b/GM3/images/physical/Thumbs.db
new file mode 100644
index 0000000..1a494fb
Binary files /dev/null and b/GM3/images/physical/Thumbs.db differ
diff --git a/GM3/resource/images/Thumbs.db b/GM3/resource/images/Thumbs.db
index 643d95d..9f07ea0 100644
Binary files a/GM3/resource/images/Thumbs.db and b/GM3/resource/images/Thumbs.db differ
diff --git a/GM3/resource/images/microsoft/Thumbs.db b/GM3/resource/images/microsoft/Thumbs.db
index 762f1e8..e157439 100644
Binary files a/GM3/resource/images/microsoft/Thumbs.db and b/GM3/resource/images/microsoft/Thumbs.db differ
diff --git a/GM3/resource/raw_images/GRASSMARLIN User Guide.pdf b/GM3/resource/raw_images/GRASSMARLIN User Guide.pdf
index 89bd902..55f2d12 100644
Binary files a/GM3/resource/raw_images/GRASSMARLIN User Guide.pdf and b/GM3/resource/raw_images/GRASSMARLIN User Guide.pdf differ
diff --git a/GM3/resource/xsd/fingerprint3.xsd b/GM3/resource/xsd/fingerprint3.xsd
index 2a33c1d..1852eb6 100644
--- a/GM3/resource/xsd/fingerprint3.xsd
+++ b/GM3/resource/xsd/fingerprint3.xsd
@@ -40,7 +40,7 @@
                                         <xs:attribute name="Max" type="xs:integer"/>
                                     </xs:complexType>
                                 </xs:element>
-                                <xs:element name="Window" type="xs:unsignedByte" minOccurs="0" maxOccurs="unbounded"/>
+                                <xs:element name="Window" type="xs:integer" minOccurs="0" maxOccurs="unbounded"/>
                             </xs:sequence>
                             <xs:attribute name="For" type="xs:string" use="required"/>
                             <xs:attribute name="Name" type="xs:string" use="optional"/>
diff --git a/GM3/src/core/Configuration.java b/GM3/src/core/Configuration.java
index 4eea163..d493a84 100644
--- a/GM3/src/core/Configuration.java
+++ b/GM3/src/core/Configuration.java
@@ -63,7 +63,11 @@ public enum Fields {
         DIR_IMAGES_ICON("dir.images.icon", () -> "images"),
         PATH_MANUFACTURER_DB("path.wireshark.manuf", () -> {
             if(SystemUtils.IS_OS_WINDOWS) {
-                return Paths.get(Paths.get(Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC)).getParent().toString(), "manuf").toString();
+                if (Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC) != null) {
+                    return Paths.get(Paths.get(Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC)).getParent().toString(), "manuf").toString();
+                } else {
+                    return null;
+                }
             } else {
                 return "/usr/share/wireshark/manuf";
             }
diff --git a/GM3/src/core/PcapDeviceList.java b/GM3/src/core/PcapDeviceList.java
index 3dedab4..ab6c5e5 100644
--- a/GM3/src/core/PcapDeviceList.java
+++ b/GM3/src/core/PcapDeviceList.java
@@ -62,12 +62,13 @@ public static ObservableList<DeviceEntry> get() {
                     result.add(new DeviceEntry(device));
                 }
             }
-
+            Pcap.freeAllDevs(devices, error);
         } catch (java.lang.UnsatisfiedLinkError ex) {
             result.clear();
             Logger.log(PcapDeviceList.class, Severity.Error, "Live capture is unavailable do to insufficient permissions or a missing PCAP library.");
-        } finally {
-            Pcap.freeAllDevs(devices, error);
+        } catch(Exception ex) {
+            result.clear();
+            Logger.log(PcapDeviceList.class, Severity.Error, "Live capture is unavailable.");
         }
 
         return result;
diff --git a/GM3/src/core/Version.java b/GM3/src/core/Version.java
index 1a94e70..d226276 100644
--- a/GM3/src/core/Version.java
+++ b/GM3/src/core/Version.java
@@ -9,13 +9,24 @@
 import java.util.Map;
 
 public final class Version {
-    public static final String APPLICATION_VERSION = "3.2.0";
+    public static final String APPLICATION_VERSION = "3.2.1";
     public static final String APPLICATION_TITLE = "GrassMarlin " + APPLICATION_VERSION;
-    public static final int APPLICATION_REVISION = 2925;
+    public static final int APPLICATION_REVISION = 26;
     public static final String FILENAME_USER_GUIDE = "GRASSMARLIN_User_Guide3.2.pdf";
 
     public static final Map<String, List<String>> PATCH_NOTES = new ReadOnlyMapWrapper<>(new ObservableMapWrapper<>(new LinkedHashMap<String, List<String>>() {
         {
+            this.put("3.2.1", Arrays.asList(
+                    "While porting the Fingerprinting engine to version 3.3, a few low-risk-high-impact optimizations were found which were backported to 3.2.1; fingerprinting throughput is roughly doubled as a result.",
+                    "Following the release of GrassMarlin 3.2.0 we have, with help from a wide base of users, identified and fixed several bugs.",
+                    "Importing PcapNg files had some issues that have been addressed, specifically with ARP and files created with a certain Endianness.",
+                    "Many bugs were fixed in Fingerprinting.",
+                    "Additional Fingerprints have been added and existing Fingerprints have been updated.",
+                    "If Wireshark is not auto-detected (or manually configured) properly, the application will no longer crash.",
+                    "Improved support for builds that disable Live Pcap.",
+                    "The packet list in the View Frames Dialog can now be exported to CSV.",
+                    "The chart on the View Frames Dialog can be exported to SVG from the context menu; the chart component does not scale, it is effectively taken as a screenshot of the current display.  It is slightly better than screenshot-and-crop, though."
+            ));
             this.put("3.2.0", Arrays.asList(
                     "KNOWN ISSUES:",
                     "Some context menu items are missing from the Physical Graph tree view; the missing commands are available from the Visualization context menu.",
diff --git a/GM3/src/core/document/PhysicalTopology.java b/GM3/src/core/document/PhysicalTopology.java
index b704654..7aa40dd 100644
--- a/GM3/src/core/document/PhysicalTopology.java
+++ b/GM3/src/core/document/PhysicalTopology.java
@@ -24,6 +24,8 @@ public class PhysicalTopology {
      */
     public static final String TOKEN_WORKSTATION = "\\\\";
 
+    private final ListChangeListener deviceListener;
+
     public static class DirectConnection {
         private final Mac mac1;
         private final Mac mac2;
@@ -97,7 +99,16 @@ public PhysicalTopology(NetworkGraph<PhysicalNode, PhysicalEdge> graphPhysical)
         this.graphPhysical = graphPhysical;
 
         devices = new ObservableListWrapper<>(new CopyOnWriteArrayList<>());
-        devices.addListener(this::Handle_DeviceListModified);
+        this.deviceListener = this::Handle_DeviceListModified;
+        devices.addListener(this.deviceListener);
+    }
+
+    public void startLoading() {
+        devices.removeListener(this.deviceListener);
+    }
+
+    public void endLoading() {
+        devices.addListener(this.deviceListener);
     }
 
     public ObservableList<PhysicalDevice> getDevices() {
diff --git a/GM3/src/core/document/fingerprint/FPDocument.java b/GM3/src/core/document/fingerprint/FPDocument.java
index 07431e7..5a8fb7d 100644
--- a/GM3/src/core/document/fingerprint/FPDocument.java
+++ b/GM3/src/core/document/fingerprint/FPDocument.java
@@ -55,19 +55,23 @@ public FingerprintState load(Path fingerPrintPath) throws JAXBException {
         } else {
             try {
                 Fingerprint[] fingerprint = FingerprintBuilder.loadFingerprint(fingerPrintPath);
-                //add names to Filter Groups if they don't have one for backwards compatibility
-                for (int i = 0; i < fingerprint[0].getFilter().size(); i++) {
-                    if (fingerprint[0].getFilter().get(i).getName() == null) {
-                        fingerprint[0].getFilter().get(i).setName("Filter Group " + i);
-                        fingerprint[1].getFilter().get(i).setName("Filter Group " + 1);
+                if (fingerprint != null) {
+                    //add names to Filter Groups if they don't have one for backwards compatibility
+                    for (int i = 0; i < fingerprint[0].getFilter().size(); i++) {
+                        if (fingerprint[0].getFilter().get(i).getName() == null) {
+                            fingerprint[0].getFilter().get(i).setName("Filter Group " + i);
+                            fingerprint[1].getFilter().get(i).setName("Filter Group " + 1);
+                        }
                     }
+                    FingerprintState state = new FingerprintState(fingerprint[0], fingerPrintPath);
+                    FingerprintState runningState = new FingerprintState(fingerprint[1], fingerPrintPath);
+                    state.enabledProperty().setValue(true);
+                    listFingerprints.add(state);
+                    runningFingerprints.add(runningState);
+                    return state;
+                } else {
+                    return null;
                 }
-                FingerprintState state = new FingerprintState(fingerprint[0], fingerPrintPath);
-                FingerprintState runningState = new FingerprintState(fingerprint[1], fingerPrintPath);
-                state.enabledProperty().setValue(true);
-                listFingerprints.add(state);
-                runningFingerprints.add(runningState);
-                return state;
             } catch (IOException ioe) {
                 Alert ioAlert = new Alert(Alert.AlertType.ERROR, ioe.getMessage());
                 ioAlert.setHeaderText("Error Loading Fingerprint");
@@ -316,6 +320,9 @@ public boolean updatePayloadName(String fingerprintName, Path loadPath, String o
                         .noneMatch(pl -> pl.getFor().equals(newName));
                 if (goodName) {
                     payload.get().setFor(newName);
+                    fpState.get().getFingerprint().getFilter().stream()
+                            .filter(filter -> filter.getFor().equals(oldName))
+                            .forEach(filter -> filter.setFor(newName));
                     updated = true;
                     fpState.get().dirtyProperty().setValue(true);
                 }
@@ -324,6 +331,28 @@ public boolean updatePayloadName(String fingerprintName, Path loadPath, String o
         return updated;
     }
 
+    public boolean updatePayloadDescription(String fingerprintName, Path loadPath, String payloadName, String description) {
+        boolean updated = false;
+
+        Optional<FingerprintState> fpState = listFingerprints.stream()
+                .filter(state -> state.equals(fingerprintName, loadPath))
+                .findFirst();
+
+        if (fpState.isPresent()) {
+            Optional<Fingerprint.Payload> payload = fpState.get().getFingerprint().getPayload().stream()
+                    .filter(pl -> pl.getFor().equals(payloadName))
+                    .findFirst();
+
+            if (payload.isPresent()) {
+                payload.get().setDescription(description);
+                updated = true;
+                fpState.get().dirtyProperty().set(true);
+            }
+        }
+
+        return updated;
+    }
+
     public boolean updateAlways(String fingerprintName, Path loadPath, String payloadName, Fingerprint.Payload.Always always) {
         boolean updated = false;
 
diff --git a/GM3/src/core/document/graph/LogicalGraph.java b/GM3/src/core/document/graph/LogicalGraph.java
index 6997efa..e8c9836 100644
--- a/GM3/src/core/document/graph/LogicalGraph.java
+++ b/GM3/src/core/document/graph/LogicalGraph.java
@@ -7,6 +7,7 @@
 import javafx.application.Platform;
 import javafx.collections.ListChangeListener;
 import javafx.collections.ObservableList;
+import ui.dialog.ManageLogicalNetworksDialogFx;
 import util.Cidr;
 
 import java.io.IOException;
@@ -24,11 +25,11 @@ public class LogicalGraph extends NetworkGraph<LogicalNode, LogicalEdge> {
     protected LogicalGraph(ObservableList<Cidr> cidrs) {
         this.cidrsLogical = cidrs;
         cidrsLogical.addListener(this::Handle_NetworksChanged);
+        ManageLogicalNetworksDialogFx.getInstance().itemsProperty().setValue(this.cidrsLogical);
     }
 
     public LogicalGraph() {
-        cidrsLogical = new CidrList();
-        cidrsLogical.addListener(this::Handle_NetworksChanged);
+        this(new CidrList());
     }
 
     private void Handle_NetworksChanged(ListChangeListener.Change<? extends Cidr> c) {
diff --git a/GM3/src/core/document/graph/LogicalNode.java b/GM3/src/core/document/graph/LogicalNode.java
index 53d19f6..9bb02fc 100644
--- a/GM3/src/core/document/graph/LogicalNode.java
+++ b/GM3/src/core/document/graph/LogicalNode.java
@@ -212,7 +212,7 @@ public static Byte[] parseMac(String mac) {
     @Override
     public XmlElement toXml() {
         XmlElement xmlNode = INode.super.toXml();
-        if(mac != null) {
+        if (mac != null) {
             xmlNode.addAttribute("mac").setValue(formatMac(mac));
         }
 
diff --git a/GM3/src/core/document/graph/PhysicalNode.java b/GM3/src/core/document/graph/PhysicalNode.java
index ddfb269..257a1a5 100644
--- a/GM3/src/core/document/graph/PhysicalNode.java
+++ b/GM3/src/core/document/graph/PhysicalNode.java
@@ -6,10 +6,7 @@
 import javafx.beans.property.StringProperty;
 import util.Mac;
 
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 public abstract class PhysicalNode implements INode<PhysicalNode> {
@@ -18,7 +15,7 @@ public abstract class PhysicalNode implements INode<PhysicalNode> {
     public static final String FIELD_MAC = "MAC";
     public static final String FIELD_VLAN = "VLan(s)";
 
-    protected final Mac mac;
+    protected Mac mac;
     private final SimpleStringProperty title;
     private final SimpleStringProperty subtitle;
     private final SimpleBooleanProperty dirty;
diff --git a/GM3/src/core/document/serialization/Grassmarlin_3_2.java b/GM3/src/core/document/serialization/Grassmarlin_3_2.java
index e1c9852..fbde9fa 100644
--- a/GM3/src/core/document/serialization/Grassmarlin_3_2.java
+++ b/GM3/src/core/document/serialization/Grassmarlin_3_2.java
@@ -39,10 +39,8 @@
 import java.io.Reader;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Paths;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
+import java.util.*;
+import java.util.stream.Collectors;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 
@@ -72,6 +70,8 @@ public boolean loadDocumentSax(ZipFile inFile, Session session, TabController ta
         }
 
         try {
+            session.getPhysicalTopologyMapper().startLoading();
+
             Reader sessionReader = new InputStreamReader(inFile.getInputStream(sessionEntry), StandardCharsets.UTF_8);
             InputSource sessionSource = new InputSource(sessionReader);
             sessionSource.setEncoding("UTF-8");
@@ -108,6 +108,8 @@ public boolean loadDocumentSax(ZipFile inFile, Session session, TabController ta
             meshReader = null;
             meshSource = null;
 
+            session.getPhysicalTopologyMapper().endLoading();
+
             // At this point the graphs have been restored and we now need to restore UI properties.
             //Modifying UI elements must happen in the UI thread.
 
@@ -651,6 +653,7 @@ private class PhysicalLoadHandler extends DefaultHandler {
         private boolean inNode;
         private Attributes nodeAttributes;
         private PhysicalNode currentNode;
+        private HashMap<String, String> groups;
 
         private boolean inGroup;
         private Attributes groupAttributes;
@@ -683,14 +686,14 @@ public void startElement(String uri, String localName, String qName, Attributes
                     inNode = true;
                     if (inGraph && inNodes && inNode) {
                         nodeAttributes = new AttributesImpl(attributes);
-                        if (nodeAttributes != null) {
-                            currentNode = buildPhysicalNode(nodeAttributes, devices);
-                        }
                     }
                     break;
                 case "group":
                     inGroup = true;
                     groupAttributes = new AttributesImpl(attributes);
+                    if (groupAttributes != null && groups == null) {
+                        groups = new HashMap<>();
+                    }
                     break;
                 case "edges":
                     inEdges = true;
@@ -719,16 +722,20 @@ public void endElement(String uri, String localName, String qName) throws SAXExc
                     inNodes = false;
                     break;
                 case "node":
-                    if (inGraph && inNodes && inNode && currentNode != null) {
+                    if (inGraph && inNodes && inNode) {
+                        if (nodeAttributes != null) {
+                            currentNode = buildPhysicalNode(nodeAttributes, devices, groups);
+                        }
                         session.getPhysicalGraph().addNode(currentNode);
                     }
                     currentNode = null;
                     nodeAttributes = null;
+                    groups = null;
                     inNode = false;
                     break;
                 case "group":
-                    if (inGraph && inNodes && inNode && inGroup && currentNode != null && groupAttributes != null) {
-                        currentNode.getGroups().put(groupAttributes.getValue("name"), groupChars);
+                    if (inGraph && inNodes && inNode && inGroup && groupAttributes != null) {
+                        groups.put(groupAttributes.getValue("name"), groupChars);
                     }
                     groupAttributes = null;
                     groupChars = null;
@@ -753,16 +760,19 @@ public void endElement(String uri, String localName, String qName) throws SAXExc
         }
     }
 
-    private PhysicalNode buildPhysicalNode(Attributes nodeAttributes, HashMap<String, PhysicalDevice> devices) {
+    private PhysicalNode buildPhysicalNode(Attributes nodeAttributes, HashMap<String, PhysicalDevice> devices, Map<String, String> groups) {
         PhysicalNode node = null;
 
         switch(nodeAttributes.getValue("type")) {
             case "nic":
-                String[] deviceTokens = nodeAttributes.getValue("device").split(" ");
+                String[] deviceTokens = nodeAttributes.getValue("title").split(" ");
                 if (deviceTokens.length == 2) {
                     String macString = deviceTokens[1];
                     node = new PhysicalNic(new Mac(macString));
                     ((PhysicalNic) node).vendorProperty().setValue(nodeAttributes.getValue("vendor"));
+                    ((PhysicalNic) node).deviceProperty().setValue(nodeAttributes.getValue("device"));
+                    String vlans = groups.get(PhysicalNode.FIELD_VLAN);
+                    node.getVLans().addAll(Arrays.stream(vlans.split(", ")).map(vlan -> Integer.parseInt(vlan)).collect(Collectors.toList()));
                 }
                 break;
             case "port":
@@ -1208,9 +1218,11 @@ protected void layoutGraphNode(Attributes cellAttributes, List<? extends INode>
         double y = Double.parseDouble(cellAttributes.getValue("y"));
 
         Cell<?> cell = visualization.cellFor(nodeList.get(ref));
-        if (!(cell.layoutXProperty().isBound() && cell.layoutYProperty().isBound())) {
-            cell.setLayoutX(x);
-            cell.setLayoutY(y);
+        if (!(cell instanceof CellNic || cell instanceof CellPort)) {
+            if (!(cell.layoutXProperty().isBound() || cell.layoutYProperty().isBound())) {
+                cell.setLayoutX(x);
+                cell.setLayoutY(y);
+            }
         }
         cell.autoLayoutProperty().setValue(layout);
     }
diff --git a/GM3/src/core/document/serialization/ProgressTask.java b/GM3/src/core/document/serialization/ProgressTask.java
index 8843594..fefaff2 100644
--- a/GM3/src/core/document/serialization/ProgressTask.java
+++ b/GM3/src/core/document/serialization/ProgressTask.java
@@ -79,6 +79,7 @@ public Thread start() {
                     Platform.runLater(this::handleSuccess);
                 }
             } catch (Exception e) {
+                e.printStackTrace();
                 if (Platform.isFxApplicationThread()) {
                     this.handleFailure();
                 } else {
diff --git a/GM3/src/core/fingerprint/FProcessor.java b/GM3/src/core/fingerprint/FProcessor.java
index 1e70327..2096fbb 100644
--- a/GM3/src/core/fingerprint/FProcessor.java
+++ b/GM3/src/core/fingerprint/FProcessor.java
@@ -18,10 +18,113 @@
  */
 public class FProcessor {
 
+    private static class UnpackedFilter<T> {
+        private Filter.FilterType type;
+        private T value;
+
+        public UnpackedFilter (Filter.FilterType type, T value) {
+            this.type = type;
+            this.value = value;
+        }
+
+        public Filter.FilterType getType() {
+            return this.type;
+        }
+
+        public T getValue() {
+            return this.value;
+        }
+    }
+
+    private static class UnpackedFilterGroup {
+        private String payloadName;
+        private List<UnpackedFilter<?>> filters;
+
+        public UnpackedFilterGroup(String payloadName, List<UnpackedFilter<?>> filters) {
+            this.payloadName = payloadName;
+            this.filters = filters;
+        }
+
+        public String getFor() {
+            return this.payloadName;
+        }
+
+        public List<UnpackedFilter<?>> getFilters() {
+            return this.filters;
+        }
+    }
+
     List<Fingerprint> fingerprints;
+    Map<Fingerprint, Map<String, List<UnpackedFilterGroup>>> filtersByPayload;
 
     public FProcessor(List<Fingerprint> runningFingerprints) {
         this.fingerprints = Collections.unmodifiableList(new ArrayList<>(runningFingerprints));
+        this.filtersByPayload = unpackFilters(this.fingerprints);
+
+    }
+
+    private synchronized static Map<Fingerprint, Map<String, List<UnpackedFilterGroup>>> unpackFilters(List<Fingerprint> fingerprints) {
+        Map<Fingerprint, Map<String, List<UnpackedFilterGroup>>> returnMap = new HashMap<>();
+        for (Fingerprint fp : fingerprints) {
+            Map<String, List<UnpackedFilterGroup>> groupByPayload = fp.getFilter().stream()
+                    .map(group -> {
+                        List<UnpackedFilter<?>> filters = group.getAckAndMSSAndDsize().stream()
+                                .map(element -> {
+                                    UnpackedFilter<?> filter = null;
+                                    switch (Filter.FilterType.valueOf(element.getName().toString().replaceAll(" ", "").toUpperCase())) {
+                                        case ACK:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.ACK, (Long) element.getValue());
+                                            break;
+                                        case DSIZE:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.DSIZE, (Integer) element.getValue());
+                                            break;
+                                        case DSIZEWITHIN:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.DSIZEWITHIN, (Fingerprint.Filter.DsizeWithin) element.getValue());
+                                            break;
+                                        case DSTPORT:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.DSTPORT, (Integer) element.getValue());
+                                            break;
+                                        case ETHERTYPE:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.ETHERTYPE, (Integer) element.getValue());
+                                            break;
+                                        case FLAGS:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.FLAGS, (String) element.getValue());
+                                            break;
+                                        case MSS:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.MSS, (Integer) element.getValue());
+                                            break;
+                                        case SEQ:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.SEQ, (Integer) element.getValue());
+                                            break;
+                                        case SRCPORT:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.SRCPORT, (Integer) element.getValue());
+                                            break;
+                                        case TRANSPORTPROTOCOL:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.TRANSPORTPROTOCOL, (Short) element.getValue());
+                                            break;
+                                        case TTL:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.TTL, (Integer) element.getValue());
+                                            break;
+                                        case TTLWITHIN:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.TTLWITHIN, (Fingerprint.Filter.TTLWithin) element.getValue());
+                                            break;
+                                        case WINDOW:
+                                            filter = new UnpackedFilter<>(Filter.FilterType.WINDOW, (Integer) element.getValue());
+                                            break;
+                                    }
+                                    return filter;
+                                })
+                                .filter(filter -> filter != null)
+                                .collect(Collectors.toList());
+
+                        return new UnpackedFilterGroup(group.getFor(), filters);
+                    })
+                    .collect(Collectors.groupingBy(UnpackedFilterGroup::getFor));
+
+            returnMap.put(fp, groupByPayload);
+        }
+
+        return returnMap;
     }
 
     public void process(PacketData data) {
@@ -38,42 +141,41 @@ public void process(PacketData data) {
     private Stream<Fingerprint.Payload> filter(Fingerprint fp, PacketData data) {
         List<String> payloadNames = new ArrayList<>();
 
-        Map<String, List<Fingerprint.Filter>> filterByPayload = fp.getFilter().stream()
-                .collect(Collectors.groupingBy(filter -> filter.getFor()));
+        Map<String, List<UnpackedFilterGroup>> filterByPayload = this.filtersByPayload.get(fp);
 
         for (String payload : filterByPayload.keySet()) {
             groupLoop:
-            for (Fingerprint.Filter filterGroup : filterByPayload.get(payload)) {
-                for(JAXBElement<?> element : filterGroup.getAckAndMSSAndDsize()) {
-                    switch (Filter.FilterType.valueOf(element.getName().toString().replaceAll(" ", "").toUpperCase())) {
+            for (UnpackedFilterGroup filterGroup : filterByPayload.get(payload)) {
+                for(UnpackedFilter<?> filter : filterGroup.getFilters()) {
+                    switch (filter.getType()) {
                         case ACK:
-                            if (data.getAck() != (Long)element.getValue()) {
+                            if (data.getAck() != (Long)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case DSIZE:
-                            if (data.getdSize() != (Integer)element.getValue()) {
+                            if (data.getdSize() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case DSIZEWITHIN:
-                            Fingerprint.Filter.DsizeWithin within = ((Fingerprint.Filter.DsizeWithin) element.getValue());
+                            Fingerprint.Filter.DsizeWithin within = ((Fingerprint.Filter.DsizeWithin) filter.getValue());
                             if (data.getdSize() < within.getMin().longValue() || data.getdSize() > within.getMax().longValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case DSTPORT:
-                            if (data.getDestPort() != (Integer)element.getValue()) {
+                            if (data.getDestPort() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case ETHERTYPE:
-                            if (data.getEthertype() != (Integer)element.getValue()) {
+                            if (data.getEthertype() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case FLAGS:
-                            String flagList = (String)element.getValue();
+                            String flagList = (String)filter.getValue();
                             if (data.getFlags() != null) {
                                 for (String flag : flagList.split(" ")) {
                                     if (!data.getFlags().contains(flag)) {
@@ -83,38 +185,38 @@ private Stream<Fingerprint.Payload> filter(Fingerprint fp, PacketData data) {
                             }
                             break;
                         case MSS:
-                            if (data.getMss() != (Integer)element.getValue()) {
+                            if (data.getMss() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case SEQ:
-                            if (data.getSeqNum() != (Integer)element.getValue()) {
+                            if (data.getSeqNum() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case SRCPORT:
-                            if (data.getSourcePort() != (Integer)element.getValue()) {
+                            if (data.getSourcePort() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case TRANSPORTPROTOCOL:
-                            if (data.getTransportProtocol() != (Short)element.getValue()) {
+                            if (data.getTransportProtocol() != (Short)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case TTL:
-                            if (data.getTtl() != (Integer)element.getValue()) {
+                            if (data.getTtl() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case TTLWITHIN:
-                            Fingerprint.Filter.TTLWithin ttlWithin = (Fingerprint.Filter.TTLWithin)element.getValue();
+                            Fingerprint.Filter.TTLWithin ttlWithin = (Fingerprint.Filter.TTLWithin)filter.getValue();
                             if (data.getTtl() < ttlWithin.getMin().longValue() || data.getTtl() > ttlWithin.getMax().longValue()) {
                                 continue groupLoop;
                             }
                             break;
                         case WINDOW:
-                            if (data.getWindowNum() != (Integer)element.getValue()) {
+                            if (data.getWindowNum() != (Integer)filter.getValue()) {
                                 continue groupLoop;
                             }
                             break;
diff --git a/GM3/src/core/fingerprint/FingerprintBuilder.java b/GM3/src/core/fingerprint/FingerprintBuilder.java
index 57dd3ca..a22f1f4 100644
--- a/GM3/src/core/fingerprint/FingerprintBuilder.java
+++ b/GM3/src/core/fingerprint/FingerprintBuilder.java
@@ -1,6 +1,8 @@
 package core.fingerprint;
 
 import core.fingerprint3.Fingerprint;
+import core.logging.Logger;
+import core.logging.Severity;
 import org.xml.sax.SAXException;
 
 import javax.xml.XMLConstants;
@@ -12,6 +14,8 @@
 import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * 07.13.2015 - CC - New...
@@ -40,6 +44,14 @@ public static Fingerprint[] loadFingerprint(Path fingerprintPath) throws JAXBExc
             writer.flush();
             fingerprints[0] = (Fingerprint) unmarshaller.unmarshal(new StringReader(string.toString()));
             fingerprints[1] = (Fingerprint) unmarshaller.unmarshal(new StringReader(string.toString()));
+
+            List<String> payloads = fingerprints[0].getPayload().stream().map(payload -> payload.getFor()).collect(Collectors.toList());
+            List<String> filters = fingerprints[0].getFilter().stream().map(filter -> filter.getFor()).collect(Collectors.toList());
+
+            if (!payloads.containsAll(filters)) {
+                fingerprints = null;
+                Logger.log(FingerprintBuilder.class, Severity.Warning, "Malformed Fingerprint at " + fingerprintPath + ": Filter group without payload");
+            }
         }
 
         return fingerprints;
diff --git a/GM3/src/core/fingerprint/PacketData.java b/GM3/src/core/fingerprint/PacketData.java
index a59877a..3ebe6ad 100644
--- a/GM3/src/core/fingerprint/PacketData.java
+++ b/GM3/src/core/fingerprint/PacketData.java
@@ -99,7 +99,7 @@ public int getInt(int offset, boolean bigEndian) {
             if (!bigEndian) {
                 ArrayUtils.reverse(bytes);
             }
-            ret = new BigInteger(bytes).intValue();
+            ret = new BigInteger(1, bytes).intValue();
         }
         return ret;
     }
@@ -111,7 +111,7 @@ public int getInt(int offset, int length, boolean bigEndian) {
             if (!bigEndian) {
                 ArrayUtils.reverse(bytes);
             }
-            ret = new BigInteger(bytes).intValue();
+            ret = new BigInteger(1, bytes).intValue();
         }
 
         return ret;
@@ -126,7 +126,11 @@ public int getInt(int offset, int length, boolean bigEndian) {
      */
     public int match(byte[] search, int offset, int length) {
         int ret = -1;
-        if (payload != null) {
+        // you can not look at data at negative indexes
+        if (offset < 0) {
+            offset = 0;
+        }
+        if (payload != null && search.length <= length) {
             int searchLength = search.length;
             if (searchLength > 0) {
                 int limit = Math.min(offset + length, payload.size()) - searchLength - offset;
diff --git a/GM3/src/core/fingerprint/PayloadFunctions.java b/GM3/src/core/fingerprint/PayloadFunctions.java
index d57b6e4..2748cfb 100644
--- a/GM3/src/core/fingerprint/PayloadFunctions.java
+++ b/GM3/src/core/fingerprint/PayloadFunctions.java
@@ -212,7 +212,7 @@ public static Map.Entry<String, String> extractFunction(PacketData payload, Curs
                         value = DatatypeConverter.printHexBinary(ext);
                         break;
                     case INTEGER:
-                        value = new BigInteger(ext).toString();
+                        value = new BigInteger(1, ext).toString();
                         break;
                     case RAW_BYTES:
                         value = Arrays.toString(ext);
@@ -292,25 +292,15 @@ public static boolean matchFunction(PacketData payload, CursorImpl cursor, int d
         if (relative) {
             offset += cursor.getMain();
         }
-        if (depth > 0) {
-            offset = Math.min(depth, offset);
-        }
-        offset -= within;
-        if (offset < 0) {
-            offset = 0;
-        }
 
         int length;
         // find the end point
-        if (relative && (within > 0)) {
-            length = Math.min(payload.size(), cursor.getMain() + within);
+        if (depth > 0) {
+            length = Math.min(depth, payload.size() - offset);
         } else {
-            length = payload.size();
+            length = payload.size() - offset;
         }
 
-        // set the length to the end point minus the starting point
-        length = length - offset;
-
         if (patternString != null) {
             String string = new String(payload.getByteArray(offset, length), charset);
             Pattern pattern;
diff --git a/GM3/src/core/importmodule/LogicalProcessor.java b/GM3/src/core/importmodule/LogicalProcessor.java
index 89f107e..67b0b28 100644
--- a/GM3/src/core/importmodule/LogicalProcessor.java
+++ b/GM3/src/core/importmodule/LogicalProcessor.java
@@ -78,14 +78,17 @@ public void process(Host host) {
     public void run() {
         long start = System.currentTimeMillis();
         IEdge<LogicalNode> edge = graph.apply(this.data);
-        LogicalNode source = edge.getSource();
-        LogicalNode dest = edge.getDestination();
+        LogicalNode edgeSource = edge.getSource();
+        LogicalNode edgeDestination = edge.getDestination();
         long end = System.currentTimeMillis();
 
         data.getSource().edgeTime.addAndGet(end - start);
 
-        this.data.setSourceNode(source);
-        this.data.setDestNode(dest);
+        LogicalNode dataSource = edgeSource.getIp().equals(data.getSourceIp()) ? edgeSource : edgeDestination;
+        LogicalNode dataDestination = edgeDestination.getIp().equals(data.getDestIp()) ? edgeDestination : edgeSource;
+
+        this.data.setSourceNode(dataSource);
+        this.data.setDestNode(dataDestination);
 
         start = System.currentTimeMillis();
         this.processor.process(data);
diff --git a/GM3/src/core/importmodule/inputIterators/pcap/PcapFileParser.java b/GM3/src/core/importmodule/inputIterators/pcap/PcapFileParser.java
index df75a04..deb9471 100644
--- a/GM3/src/core/importmodule/inputIterators/pcap/PcapFileParser.java
+++ b/GM3/src/core/importmodule/inputIterators/pcap/PcapFileParser.java
@@ -25,7 +25,6 @@
 import util.RateLimitedTask;
 
 import java.math.BigInteger;
-import java.nio.ByteBuffer;
 import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.Iterator;
diff --git a/GM3/src/core/svg/Svg.java b/GM3/src/core/svg/Svg.java
new file mode 100644
index 0000000..81a9818
--- /dev/null
+++ b/GM3/src/core/svg/Svg.java
@@ -0,0 +1,106 @@
+package core.svg;
+
+import core.document.serialization.xml.Escaping;
+import core.svg.svg.*;
+import javafx.geometry.Bounds;
+import javafx.scene.Node;
+import javafx.scene.Parent;
+import javafx.scene.SnapshotParameters;
+import javafx.scene.paint.Color;
+
+import java.util.LinkedList;
+
+// Yes, the package naming here is bad; adding the svg support back into the core code was a bit of a hack to add a single useful feature to the Frames Chart.  Since 3.3 is built on a different codebase (as of this comment 3.3 has a working alpha that is showing a lot of promise), the ramifications of this hack are pretty minimal.  It can't end up worse than WoD, right?
+public class Svg {
+    public static String fillFromColor(Color color) {
+        if(color.getOpacity() == 1.0) {
+            return "fill:rgb(" + (int)(255.0 * color.getRed()) + ","  + (int)(255.0 * color.getGreen()) + "," + (int)(255.0 * color.getBlue()) + ")";
+        } else {
+            return "fill:rgb(" + (int)(255.0 * color.getRed()) + ","  + (int)(255.0 * color.getGreen()) + "," + (int)(255.0 * color.getBlue()) + ");fill-opacity:" + color.getOpacity();
+        }
+    }
+    public static String XmlString(String in) {
+        return Escaping.XmlString(in);
+    }
+    public static String fromColor(Color color) {
+        if(color == null || color.getOpacity() == 0.0) {
+            return "none";
+        } else {
+            return "rgb(" + (int) (255.0 * color.getRed()) + "," + (int) (255.0 * color.getGreen()) + "," + (int) (255.0 * color.getBlue()) + ")";
+        }
+    }
+
+    public static String serialize(Parent object) {
+        StringBuilder result = new StringBuilder();
+
+        Bounds bounds = object.getLayoutBounds();
+        TransformStack transforms = new TransformStack();
+        transforms.push(bounds.getMinX() * -1.0, bounds.getMinY() * -1.0);
+
+        result.append("<svg xmlns='http://www.w3.org/2000/svg' version='1.0' xmlns:xlink='http://www.w3.org/1999/xlink' width='")
+                .append(bounds.getWidth())
+                .append("' height='")
+                .append(bounds.getHeight())
+                .append("'>");
+
+        result.append(fromNode(object).toSvg(transforms));
+        result.append("\n</svg>");
+
+        return result.toString();
+    }
+
+    public static Entity fromNode(Node object) {
+        if(object == null || !object.isVisible() || object.getOpacity() < 1.0) {
+            return null;
+        } else if(object instanceof javafx.scene.shape.Polygon) {
+            return new Polygon((javafx.scene.shape.Polygon)object);
+        } else if(object instanceof javafx.scene.shape.Line) {
+            return new Line((javafx.scene.shape.Line)object);
+        } else if(object instanceof javafx.scene.shape.CubicCurve) {
+            return new Curve((javafx.scene.shape.CubicCurve)object);
+        } else if(object instanceof javafx.scene.Parent) {
+            javafx.scene.Parent parent = (javafx.scene.Parent)object;
+
+            final LinkedList<Entity> children = new LinkedList<>();
+            for(Node child : parent.getChildrenUnmodifiable()) {
+                final Entity entity = fromNode(child);
+                if(entity != null) {
+                    children.add(entity);
+                }
+            }
+
+            if(children.isEmpty()) {
+                return null;
+            } else {
+                Container result = new Container(children);
+
+                if(parent instanceof javafx.scene.layout.Region) {
+                    //Region adds padding.
+                    javafx.scene.layout.Region region = (javafx.scene.layout.Region)parent;
+
+                    result.setOffsetX(parent.getLayoutX() + region.getPadding().getLeft() - parent.getTranslateX());
+                    result.setOffsetY(parent.getLayoutY() + region.getPadding().getTop() - parent.getTranslateY());
+                } else {
+                    result.setOffsetX(parent.getLayoutX() - parent.getTranslateX());
+                    result.setOffsetY(parent.getLayoutY() - parent.getTranslateY());
+                }
+
+                return result;
+            }
+        } else if(object instanceof javafx.scene.shape.Rectangle) {
+            return new Rectangle( (javafx.scene.shape.Rectangle)object );
+        } else if(object instanceof javafx.scene.image.ImageView) {
+            return new Image((javafx.scene.image.ImageView) object);
+        } else if(object instanceof javafx.scene.text.Text) {
+            //A Label is a Parent (covered above) which contains a Text
+            return new Text( (javafx.scene.text.Text)object );
+        } else if(object instanceof javafx.scene.shape.Circle) {
+            return new Circle((javafx.scene.shape.Circle) object);
+        } else if(object instanceof javafx.scene.canvas.Canvas) {
+            return new Canvas((javafx.scene.canvas.Canvas)object);
+        } else {
+            System.out.println("Unable to convert Node to SVG: (" + object.getClass() + ")" + object);
+            return null;
+        }
+    }
+}
diff --git a/GM3/src/core/svg/svg/Canvas.java b/GM3/src/core/svg/svg/Canvas.java
new file mode 100644
index 0000000..59af954
--- /dev/null
+++ b/GM3/src/core/svg/svg/Canvas.java
@@ -0,0 +1,60 @@
+package core.svg.svg;
+
+import javafx.scene.image.PixelFormat;
+import javafx.scene.image.PixelReader;
+import javafx.scene.image.WritableImage;
+import javafx.scene.image.WritablePixelFormat;
+import sun.awt.image.IntegerComponentRaster;
+
+import javax.imageio.ImageIO;
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.nio.IntBuffer;
+import java.util.Base64;
+
+public class Canvas extends Entity {
+    private final javafx.scene.canvas.Canvas source;
+
+    public Canvas(final javafx.scene.canvas.Canvas source) {
+        this.source = source;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        final WritableImage image = source.snapshot(null, null);
+
+        StringBuilder result = new StringBuilder();
+
+        result.append("<image x='").append(transforms.get().getX() + source.getLayoutX());
+        result.append("' y='").append(transforms.get().getY() + source.getLayoutY());
+        result.append("' width='").append(source.getWidth());
+        result.append("' height='").append(source.getHeight());
+        result.append("' xlink:href='data:image/png;base64,");
+
+        ByteArrayOutputStream stream = new ByteArrayOutputStream();
+        try {
+            PixelReader pr = image.getPixelReader();
+
+            int iw = (int) source.getWidth();
+            int ih = (int) source.getHeight();
+
+            BufferedImage img = new BufferedImage(iw, ih, BufferedImage.TYPE_INT_ARGB);
+            IntegerComponentRaster icr = (IntegerComponentRaster) img.getRaster();
+            int offset = icr.getDataOffset(0);
+            int scan = icr.getScanlineStride();
+            int data[] = icr.getDataStorage();
+            WritablePixelFormat<IntBuffer> pf = PixelFormat.getIntArgbInstance();
+            pr.getPixels(0, 0, iw, ih, pf, data, offset, scan);
+
+            ImageIO.write(img, "png", stream);
+        } catch(IOException ex) {
+            //Ignore
+        }
+        result.append(Base64.getEncoder().encodeToString(stream.toByteArray()));
+
+        result.append("' />");
+
+        return result.toString();
+    }
+}
diff --git a/GM3/src/core/svg/svg/Circle.java b/GM3/src/core/svg/svg/Circle.java
new file mode 100644
index 0000000..4f89ff7
--- /dev/null
+++ b/GM3/src/core/svg/svg/Circle.java
@@ -0,0 +1,24 @@
+package core.svg.svg;
+
+import core.svg.Svg;
+import javafx.scene.paint.Color;
+
+public class Circle  extends Entity {
+    private final javafx.scene.shape.Circle circle;
+
+    public Circle(javafx.scene.shape.Circle source) {
+        this.circle = source;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        return String.format("<circle cx='%s' cy='%s' r='%s' style='fill:%s;fill-opacity:%s;stroke:%s;stroke-width:%s' />",
+                transforms.get().getX() + circle.getCenterX() + circle.getLayoutX(),
+                transforms.get().getY() + circle.getCenterY() + circle.getLayoutY(),
+                circle.getRadius(),
+                Svg.fromColor((Color) circle.getFill()),
+                ((Color) circle.getFill()).getOpacity(),
+                Svg.fromColor((Color) circle.getStroke()),
+                circle.getStrokeWidth());
+    }
+}
diff --git a/GM3/src/core/svg/svg/Container.java b/GM3/src/core/svg/svg/Container.java
new file mode 100644
index 0000000..ee7dbea
--- /dev/null
+++ b/GM3/src/core/svg/svg/Container.java
@@ -0,0 +1,45 @@
+package core.svg.svg;
+
+import java.util.Collection;
+
+public class Container extends Entity {
+
+    private final Collection<Entity> components;
+    private double tX = 0.0;
+    private double tY = 0.0;
+
+    public Container(final Collection<Entity> components) {
+        this.components = components;
+    }
+
+    public void setOffsetX(final double value) {
+        tX = value;
+    }
+    public void setOffsetY(final double value) {
+        tY = value;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        final StringBuilder result = new StringBuilder();
+
+        //DEBUG:  Add an indent and line break so visual parsing is easier.
+        String indent = "\n";
+        for(int idx = transforms.depth(); idx >= 0; idx--) {
+            indent += "  ";
+        }
+
+        if(tX != 0.0 || tY != 0.0) {
+            transforms.push(tX, tY);
+        }
+        for(Entity child : components) {
+            result.append(indent);
+            result.append(child.toSvg(transforms));
+        }
+        if(tX != 0.0 || tY != 0.0) {
+            transforms.pop();
+        }
+
+        return result.toString();
+    }
+}
diff --git a/GM3/src/core/svg/svg/Curve.java b/GM3/src/core/svg/svg/Curve.java
new file mode 100644
index 0000000..c1ac68c
--- /dev/null
+++ b/GM3/src/core/svg/svg/Curve.java
@@ -0,0 +1,31 @@
+package core.svg.svg;
+
+import core.svg.Svg;
+import javafx.geometry.Point2D;
+import javafx.scene.paint.Color;
+
+public class Curve extends Entity {
+    private final javafx.scene.shape.CubicCurve source;
+
+    public Curve(final javafx.scene.shape.CubicCurve source) {
+        this.source = source;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        final Transform tr = transforms.get();
+        Point2D[] arrPts = new Point2D[4];
+        arrPts[0] = new Point2D(tr.getX() + source.getStartX(), tr.getY() + source.getStartY());
+        arrPts[1] = new Point2D(tr.getX() + source.getControlX1(), tr.getY() + source.getControlY1());
+        arrPts[2] = new Point2D(tr.getX() + source.getControlX2(), tr.getY() + source.getControlY2());
+        arrPts[3] = new Point2D(tr.getX() + source.getEndX(), tr.getY() + source.getEndY());
+
+        return String.format("<path d='M%s,%s C%s,%s %s,%s %s,%s' style='fill:none;stroke:%s;stroke-width:%s'/>",
+                arrPts[0].getX(), arrPts[0].getY(),
+                arrPts[1].getX(), arrPts[1].getY(),
+                arrPts[2].getX(), arrPts[2].getY(),
+                arrPts[3].getX(), arrPts[3].getY(),
+                Svg.fromColor((Color) source.getStroke()),
+                source.getStrokeWidth());
+    }
+}
diff --git a/GM3/src/core/svg/svg/Entity.java b/GM3/src/core/svg/svg/Entity.java
new file mode 100644
index 0000000..5f1cb16
--- /dev/null
+++ b/GM3/src/core/svg/svg/Entity.java
@@ -0,0 +1,5 @@
+package core.svg.svg;
+
+public abstract class Entity {
+    public abstract String toSvg(final TransformStack transforms);
+}
diff --git a/GM3/src/core/svg/svg/Image.java b/GM3/src/core/svg/svg/Image.java
new file mode 100644
index 0000000..87f9fa5
--- /dev/null
+++ b/GM3/src/core/svg/svg/Image.java
@@ -0,0 +1,62 @@
+package core.svg.svg;
+
+import javafx.geometry.Rectangle2D;
+import javafx.scene.image.PixelFormat;
+import javafx.scene.image.PixelReader;
+import javafx.scene.image.WritablePixelFormat;
+import sun.awt.image.IntegerComponentRaster;
+
+import javax.imageio.ImageIO;
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.nio.IntBuffer;
+import java.util.Base64;
+
+public class Image extends Entity {
+    private final javafx.scene.image.ImageView image;
+
+    public Image(final javafx.scene.image.ImageView image) {
+        this.image = image;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        StringBuilder result = new StringBuilder();
+
+        result.append("<image x='").append(transforms.get().getX() + image.getX());
+        result.append("' y='").append(transforms.get().getY() + image.getY());
+        result.append("' width='").append(image.prefWidth(0.0));
+        result.append("' height='").append(image.prefHeight(0.0));
+        result.append("' xlink:href='data:image/png;base64,");
+
+        ByteArrayOutputStream stream = new ByteArrayOutputStream();
+        try {
+            PixelReader pr = image.getImage().getPixelReader();
+
+            Rectangle2D bounds = image.getViewport();
+            if(bounds == null) {
+                bounds = new Rectangle2D(0, 0, image.getImage().getWidth(), image.getImage().getHeight());
+            }
+            int iw = (int) bounds.getWidth();
+            int ih = (int) bounds.getHeight();
+
+            BufferedImage img = new BufferedImage(iw, ih, BufferedImage.TYPE_INT_ARGB);
+            IntegerComponentRaster icr = (IntegerComponentRaster) img.getRaster();
+            int offset = icr.getDataOffset(0);
+            int scan = icr.getScanlineStride();
+            int data[] = icr.getDataStorage();
+            WritablePixelFormat<IntBuffer> pf = PixelFormat.getIntArgbInstance();
+            pr.getPixels((int)bounds.getMinX(), (int)bounds.getMinY(), iw, ih, pf, data, offset, scan);
+
+            ImageIO.write(img, "png", stream);
+        } catch(IOException ex) {
+            //Ignore
+        }
+        result.append(Base64.getEncoder().encodeToString(stream.toByteArray()));
+
+        result.append("' />");
+
+        return result.toString();
+    }
+}
diff --git a/GM3/src/core/svg/svg/Line.java b/GM3/src/core/svg/svg/Line.java
new file mode 100644
index 0000000..337988c
--- /dev/null
+++ b/GM3/src/core/svg/svg/Line.java
@@ -0,0 +1,18 @@
+package core.svg.svg;
+
+import core.svg.Svg;
+import javafx.scene.paint.Color;
+
+public class Line extends Entity {
+    private final javafx.scene.shape.Line source;
+
+    public Line(final javafx.scene.shape.Line source) {
+        this.source = source;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        final Transform tr = transforms.get();
+        return "<line x1='" + (tr.getX() + source.getStartX()) + "' y1='" + (tr.getY() + source.getStartY()) + "' x2='" + (tr.getX() + source.getEndX()) + "' y2='" + (tr.getY() + source.getEndY()) + "' style='stroke:" + Svg.fromColor((Color)source.getStroke()) + ";stroke-width:" + source.getStrokeWidth() + "'/>";
+    }
+}
diff --git a/GM3/src/core/svg/svg/Polygon.java b/GM3/src/core/svg/svg/Polygon.java
new file mode 100644
index 0000000..1c8b787
--- /dev/null
+++ b/GM3/src/core/svg/svg/Polygon.java
@@ -0,0 +1,33 @@
+package core.svg.svg;
+
+import core.svg.Svg;
+import javafx.scene.paint.Color;
+
+public class Polygon extends Entity {
+    private final javafx.scene.shape.Polygon polygon;
+
+    public Polygon(final javafx.scene.shape.Polygon polygon) {
+        this.polygon = polygon;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        if(!polygon.isVisible() || polygon.getPoints().size() < 6) {
+            return "";
+        }
+
+        StringBuilder result = new StringBuilder();
+
+        result.append("<polygon points='");
+        for(int idxPoint = 0; idxPoint < polygon.getPoints().size(); idxPoint += 2) {
+            result.append(polygon.getPoints().get(idxPoint) + transforms.get().getX()).append(",").append(polygon.getPoints().get(idxPoint + 1) + transforms.get().getY()).append(" ");
+        }
+        result.append(String.format("' style='fill:%s;fill-opacity:%s;stroke:%s;stroke-width:%s' />",
+                Svg.fromColor((Color) polygon.getFill()),
+                ((Color) polygon.getFill()).getOpacity(),
+                Svg.fromColor((Color) polygon.getStroke()),
+                polygon.getStrokeWidth()));
+
+        return result.toString();
+    }
+}
diff --git a/GM3/src/core/svg/svg/Rectangle.java b/GM3/src/core/svg/svg/Rectangle.java
new file mode 100644
index 0000000..6e36147
--- /dev/null
+++ b/GM3/src/core/svg/svg/Rectangle.java
@@ -0,0 +1,27 @@
+package core.svg.svg;
+
+import core.svg.Svg;
+import javafx.scene.paint.Color;
+
+public class Rectangle extends Entity {
+    private final javafx.scene.shape.Rectangle rectangle;
+
+    public Rectangle(final javafx.scene.shape.Rectangle rectangle) {
+        this.rectangle = rectangle;
+    }
+
+    @Override
+    public String toSvg(final TransformStack transforms) {
+        return String.format("<rect x='%s' y='%s' width='%s' height='%s' rx='%s' ry='%s' style='fill:%s;fill-opacity:%s;stroke:%s;stroke-width:%s' />",
+                transforms.get().getX() + rectangle.getX(),
+                transforms.get().getY() + rectangle.getY(),
+                rectangle.getWidth(),
+                rectangle.getHeight(),
+                rectangle.getArcWidth(),
+                rectangle.getArcHeight(),
+                Svg.fromColor((Color) rectangle.getFill()),
+                ((Color) rectangle.getFill()).getOpacity(),
+                Svg.fromColor((Color) rectangle.getStroke()),
+                rectangle.getStrokeWidth());
+    }
+}
diff --git a/GM3/src/core/svg/svg/Text.java b/GM3/src/core/svg/svg/Text.java
new file mode 100644
index 0000000..be9df37
--- /dev/null
+++ b/GM3/src/core/svg/svg/Text.java
@@ -0,0 +1,23 @@
+package core.svg.svg;
+
+import core.svg.Svg;
+import javafx.scene.paint.Color;
+
+public class Text extends Entity {
+    private final javafx.scene.text.Text text;
+
+    public Text(final javafx.scene.text.Text text) {
+        this.text = text;
+    }
+
+    @Override
+    public String toSvg(TransformStack transforms) {
+        return String.format("<text x='%s' y='%s' style='fill:%s;font-family:%s' font-size='%s'>%s</text>",
+                transforms.get().getX() + text.getLayoutX() + 2.0,
+                transforms.get().getY() + text.getLayoutY(),
+                Svg.fromColor((Color) text.getFill()),
+                Svg.XmlString(text.getFont().getFamily()),
+                (int)text.getFont().getSize(),
+                text.getText());
+    }
+}
diff --git a/GM3/src/core/svg/svg/Transform.java b/GM3/src/core/svg/svg/Transform.java
new file mode 100644
index 0000000..45386f4
--- /dev/null
+++ b/GM3/src/core/svg/svg/Transform.java
@@ -0,0 +1,24 @@
+package core.svg.svg;
+
+import javafx.geometry.Point2D;
+
+public final class Transform {
+    private final double tX;
+    private final double tY;
+
+    public Transform(double x, double y) {
+        tX = x;
+        tY = y;
+    }
+
+    public Point2D apply(Point2D point) {
+        return point.add(tX, tY);
+    }
+
+    public double getX() {
+        return tX;
+    }
+    public double getY() {
+        return tY;
+    }
+}
diff --git a/GM3/src/core/svg/svg/TransformStack.java b/GM3/src/core/svg/svg/TransformStack.java
new file mode 100644
index 0000000..b3251e5
--- /dev/null
+++ b/GM3/src/core/svg/svg/TransformStack.java
@@ -0,0 +1,33 @@
+package core.svg.svg;
+
+import javafx.geometry.Point2D;
+
+import java.util.Stack;
+
+public class TransformStack {
+    protected final Stack<Transform> transforms;
+
+    public TransformStack() {
+        transforms = new Stack<>();
+        transforms.push(new Transform(0.0, 0.0));
+    }
+
+    public int depth() {
+        return transforms.size();
+    }
+    public Transform get() {
+        return transforms.peek();
+    }
+    public Transform pop() {
+        return transforms.pop();
+    }
+    public Transform push(double tX, double tY) {
+        Transform top = transforms.peek();
+        transforms.push(new Transform(top.getX() + tX, top.getY() + tY));
+        return transforms.peek();
+    }
+
+    public Point2D apply(Point2D point) {
+        return transforms.peek().apply(point);
+    }
+}
diff --git a/GM3/src/ui/GrassMarlinFx.java b/GM3/src/ui/GrassMarlinFx.java
index 9cfa54a..9129617 100644
--- a/GM3/src/ui/GrassMarlinFx.java
+++ b/GM3/src/ui/GrassMarlinFx.java
@@ -20,6 +20,7 @@
 import javafx.beans.binding.When;
 import javafx.beans.property.*;
 import javafx.collections.ObservableList;
+import javafx.event.Event;
 import javafx.geometry.Orientation;
 import javafx.scene.Node;
 import javafx.scene.Scene;
@@ -33,7 +34,8 @@
 import javafx.scene.layout.*;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
-import org.apache.commons.lang3.SystemUtils;
+import javafx.stage.Window;
+import javafx.stage.WindowEvent;
 import ui.custom.fx.ActiveButton;
 import ui.custom.fx.ActiveMenuItem;
 import ui.custom.fx.DynamicSubMenu;
@@ -46,7 +48,8 @@
 import util.Launcher;
 import util.Plugin;
 
-import java.awt.*;
+import java.awt.Toolkit;
+import java.awt.Desktop;
 import java.io.*;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -124,7 +127,7 @@ public GrassMarlinFx() {
         tabController = new TabController();
         fields = new BorderPane();
 
-        dlgManageLogicalNetworks = new ManageLogicalNetworksDialogFx();
+        dlgManageLogicalNetworks = ManageLogicalNetworksDialogFx.getInstance();
 
         // Most of the initialization is handled in the start method.
     }
@@ -153,6 +156,16 @@ public void start(Stage stage) {
 
         newDocument();
 
+        stage.setOnCloseRequest(event -> {
+            if (document.get().isDirty()) {
+                event.consume();
+                CheckSaveDocument(() -> {
+                    document.get().dirtyProperty().setValue(false);
+                    javafx.event.Event.fireEvent(stage, new WindowEvent((Window) event.getTarget(), event.getEventType()));
+                });
+            }
+        });
+
         fields.setOnDragOver(event -> {
             if (event.getGestureSource() != this && event.getDragboard().hasFiles()) {
                 event.acceptTransferModes(TransferMode.COPY_OR_MOVE);
@@ -260,6 +273,7 @@ private void initComponents(Stage stage) {
                                 new SeparatorMenuItem(),
                                 new ActiveMenuItem("_Clear Topology", EmbeddedIcons.Vista_Refresh, (event) -> {
                                     document.get().clearTopology();
+                                    tabController.clearTopology();
                                 }).setAccelerator(KeyCodeCombination.CONTROL_DOWN, KeyCode.X),
                                 new SeparatorMenuItem(),
                                 new ActiveMenuItem("_Import Files...", EmbeddedIcons.Vista_Import, GrassMarlinFx.this::Handle_ShowImportDialog).setAccelerator(KeyCodeCombination.CONTROL_DOWN, KeyCode.I),
@@ -270,7 +284,7 @@ private void initComponents(Stage stage) {
                                 }),
                                 new SeparatorMenuItem(),
                                 new ActiveMenuItem("E_xit", (action) -> {
-                                    stage.close();
+                                    Event.fireEvent(stage, new WindowEvent(stage, WindowEvent.WINDOW_CLOSE_REQUEST));
                                 })
                         );
                     }
@@ -287,8 +301,8 @@ private void initComponents(Stage stage) {
                                                 pathLog
                                         });
                                         Logger.log(this, Severity.Success, "Displaying log file (" + pathLog + ") using " + viewerLog);
-                                    } catch(IOException | NullPointerException ex) {
-                                        Logger.log(this, Severity.Error, "Unable to display log file; Ensure the Text File viewer is correctly set in the Preferences (" + ex.getMessage() + ")");
+                                    } catch(IOException ex) {
+                                        Logger.log(this, Severity.Error, "Unable to display log file: " + ex.getMessage());
                                     }
                                 }),
                                 new SeparatorMenuItem(),
@@ -298,7 +312,7 @@ private void initComponents(Stage stage) {
                                 new ActiveMenuItem("Logical _Connections Report", EmbeddedIcons.Vista_Report, (event) -> {
                                     new LogicalEdgeReportDialogFx(document.get().getLogicalGraph()).show();
                                 }),
-                                new ActiveMenuItem("Inter_group Connections Report", EmbeddedIcons.Vista_Report, event -> {
+                                new ActiveMenuItem("Inter-_Group Connections Report", EmbeddedIcons.Vista_Report, event -> {
                                     new IntergroupConnectionReportDialogFx<>(document.get().getLogicalGraph()).show();
                                 }),
                                 new SeparatorMenuItem(),
@@ -392,12 +406,16 @@ private void initComponents(Stage stage) {
         header.getChildren().add(menu);
 
         cbPcapDevices = new ChoiceBox<>();
-        cbPcapDevices.setItems(PcapDeviceList.get());
-        if(cbPcapDevices.getItems().size() == 0) {
-            //If there are no pcap devices, disable pcap.
-            pcapAvailable.set(false);
+        if(pcapAvailable.get()) {
+            cbPcapDevices.setItems(PcapDeviceList.get());
+            if (cbPcapDevices.getItems().size() == 0) {
+                //If there are no pcap devices, disable pcap.
+                pcapAvailable.set(false);
+            } else {
+                cbPcapDevices.getSelectionModel().select(0);
+            }
         } else {
-            cbPcapDevices.getSelectionModel().select(0);
+            cbPcapDevices.setDisable(true);
         }
 
         Pane paneToolbarSpacer = new Pane();
@@ -534,30 +552,19 @@ public void DisplayUserGuide() {
             String exec = Configuration.getPreferenceString(Configuration.Fields.PDF_VIEWER_EXEC);
             if (exec != null && !exec.isEmpty()) {
                 // If the PDF Viewer path has been set, then use it, assuming that a single parameter for the PDF to open is accepted.
-                if(!Files.exists(Paths.get(exec))) {
-                    Logger.log(this, Severity.Error, "Error opening User Guide: The PDF viewer specified in the PReferences dialog does not exist.");
-                    return;
-                }
                 try {
                     Runtime.getRuntime().exec(new String[]{exec, path});
                 } catch (IOException ex) {
-                    Logger.log(this, Severity.Error, "Error opening User Guide: " + ex.getMessage());
+                    Logger.log(this, Severity.Error, "Error opening User guide: " + ex.getMessage());
                 }
             } else {
                 //PDF Viewer isn't set, so try desktop execute
-                if(SystemUtils.IS_OS_WINDOWS) {
-                    if (Desktop.isDesktopSupported()) {
-                        Logger.log(this, Severity.Warning, "PDF Viewer needs to be set in Preferences.  Attempting fallback.");
-                        try {
-                            Desktop.getDesktop().open(fileMisc);
-                            return;
-                        } catch (IOException ex) {
-                            Logger.log(Desktop.class, Severity.Error, "Unable to open User Guide (" + fileMisc.getPath() + "): " + ex.getMessage());
-                            return;
-                        }
-                    }
+                Logger.log(this, Severity.Warning, "PDF Viewer needs to be set in Preferences.  Attempting fallback.");
+                try {
+                    Desktop.getDesktop().open(fileMisc);
+                } catch (IOException ex) {
+                    Logger.log(Desktop.class, Severity.Error, "Unable to open User Guide (" + fileMisc.getPath() + "): " + ex.getMessage());
                 }
-                Logger.log(this, Severity.Warning, "PDF Viewer needs to be set in Preferences.  The user guide can be found at " + path + ".");
             }
         } catch(NullPointerException ex) {
             Logger.log(this, Severity.Error, "Unable to locate User Guide.");
@@ -569,7 +576,6 @@ public void DisplayUserGuide() {
      * If the user elects to save, if a filename must be specified, then prompt as per "Save As...", otherwise Save
      * If the user declines to save, then return.
      * If the user cancels at any point, abort the save and return false.
-     * @return True if the user did not cancel, false otherwise.
      */
     public void CheckSaveDocument(Runnable onSuccess) {
         if(document.get().isDirty()) {
diff --git a/GM3/src/ui/TabController.java b/GM3/src/ui/TabController.java
index 6f14559..50b40e3 100644
--- a/GM3/src/ui/TabController.java
+++ b/GM3/src/ui/TabController.java
@@ -1,5 +1,7 @@
 package ui;
 
+import com.sun.javafx.scene.control.behavior.TabPaneBehavior;
+import com.sun.javafx.scene.control.skin.TabPaneSkin;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.scene.control.Tab;
@@ -10,7 +12,9 @@
 
 import java.util.Collection;
 import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 /**
  * The TabController is responsible for managing the Tabs displayed in the main UI.
@@ -86,6 +90,24 @@ public void clear() {
         paneTabs.getTabs().clear();
     }
 
+    public void clearTopology() {
+        //Get all tabs that are closeable
+        List<Tab> closable = paneTabs.getTabs().stream()
+                .filter(tab -> tab.isClosable())
+                .collect(Collectors.toList());
+        //remove graphs
+        closable.forEach(tab -> graphFromTabs.remove(tab));
+        //close tabs
+        closable.forEach(tab -> {
+            if (tab.getTabPane().getSkin() instanceof TabPaneSkin) {
+                TabPaneBehavior behavior = ((TabPaneSkin) tab.getTabPane().getSkin()).getBehavior();
+                if (behavior.canCloseTab(tab)) {
+                    behavior.closeTab(tab);
+                }
+            }
+        });
+    }
+
     public Collection<Graph> getGraphs() {
         return graphFromTabs.values();
     }
diff --git a/GM3/src/ui/custom/fx/Log10DoubleBinding.java b/GM3/src/ui/custom/fx/Log10DoubleBinding.java
index 8793caf..54373d6 100644
--- a/GM3/src/ui/custom/fx/Log10DoubleBinding.java
+++ b/GM3/src/ui/custom/fx/Log10DoubleBinding.java
@@ -17,6 +17,6 @@ public Log10DoubleBinding(NumberBinding source) {
 
     @Override
     public double computeValue() {
-        return Math.log10(source.getValue().doubleValue());
+        return Math.max(Math.log10(source.getValue().doubleValue()), 1);
     }
 }
diff --git a/GM3/src/ui/custom/fx/ScalableChartWrapper.java b/GM3/src/ui/custom/fx/ScalableChartWrapper.java
index 3c20e74..ba9d68d 100644
--- a/GM3/src/ui/custom/fx/ScalableChartWrapper.java
+++ b/GM3/src/ui/custom/fx/ScalableChartWrapper.java
@@ -1,6 +1,8 @@
 package ui.custom.fx;
 
 import com.sun.javafx.collections.ObservableListWrapper;
+import core.logging.Severity;
+import core.svg.Svg;
 import javafx.collections.ObservableList;
 import javafx.geometry.Insets;
 import javafx.geometry.Point2D;
@@ -12,12 +14,18 @@
 import javafx.scene.paint.Color;
 import javafx.scene.shape.Circle;
 import javafx.scene.shape.Rectangle;
+import javafx.stage.FileChooser;
 import util.Wireshark;
 
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
 import java.time.Instant;
 import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
-import java.util.*;
+import java.util.LinkedList;
+import java.util.List;
 
 public class ScalableChartWrapper extends GridPane {
     protected class LegendEntry extends HBox {
@@ -184,6 +192,23 @@ private void initComponents() {
 
 
         menu.getItems().addAll(
+                new ActiveMenuItem("_Export to SVG...", (event) -> {
+                    final FileChooser dlgExportTo = new FileChooser();
+                    dlgExportTo.getExtensionFilters().addAll(
+                            new FileChooser.ExtensionFilter("SVG Image Files (*.svg)", "*.svg"),
+                            new FileChooser.ExtensionFilter("All Files", "*")
+                    );
+                    final File exportTo = dlgExportTo.showSaveDialog(ScalableChartWrapper.this.getScene().getWindow());
+                    if(exportTo != null) {
+                        try(BufferedWriter writer = new BufferedWriter(new FileWriter(exportTo))) {
+                            writer.write(
+                                    Svg.serialize(ScalableChartWrapper.this).replaceAll("(\\s+\\n)+", "\n")
+                            );
+                        } catch(IOException ex) {
+                            core.logging.Logger.log(this, Severity.Error, "There was an error exporting the graph: " + ex.getMessage());
+                        }
+                    }
+                }),
                 new ActiveMenuItem("_Reset Zoom", (event) -> this.zoomReset()),
                 new ActiveMenuItem("_Undo Zoom", (event) -> this.zoomPrevious())
                         .bindEnabled(new ListSizeBinding(zoomHistory).greaterThan(0)),
diff --git a/GM3/src/ui/dialog/ConnectionDetailsDialogFx.java b/GM3/src/ui/dialog/ConnectionDetailsDialogFx.java
index b94c03d..c24f559 100644
--- a/GM3/src/ui/dialog/ConnectionDetailsDialogFx.java
+++ b/GM3/src/ui/dialog/ConnectionDetailsDialogFx.java
@@ -11,6 +11,11 @@
 import javafx.scene.chart.XYChart;
 import javafx.scene.control.*;
 import javafx.scene.control.cell.PropertyValueFactory;
+import javafx.scene.layout.HBox;
+import javafx.scene.layout.Pane;
+import javafx.scene.layout.Priority;
+import javafx.scene.layout.VBox;
+import javafx.stage.FileChooser;
 import javafx.stage.Stage;
 import javafx.stage.Window;
 import ui.EmbeddedIcons;
@@ -19,8 +24,10 @@
 import ui.custom.fx.ChartPacketBytesOverTime;
 import ui.custom.fx.ScalableChartWrapper;
 import util.Cidr;
+import util.Csv;
 import util.Wireshark;
 
+import java.io.File;
 import java.time.Instant;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
@@ -120,6 +127,7 @@ private void initComponents() {
         SplitPane pane = new SplitPane();
         pane.setOrientation(Orientation.VERTICAL);
 
+        final VBox containerTable = new VBox();
         TableView<DetailLine> tbl = new TableView<>();
 
         TableColumn<DetailLine, ZonedDateTime> colTimestamp = new TableColumn<>("Timestamp");
@@ -168,7 +176,29 @@ private void initComponents() {
         );
         tbl.setContextMenu(menuTbl);
 
-        pane.getItems().addAll(tbl, chartControl);
+        final HBox toolbarTable = new HBox();
+        final Pane spacerToolbar = new Pane();
+        HBox.setHgrow(spacerToolbar, Priority.ALWAYS);
+
+        final Button btnExportToCsv = new Button("Export CSV...", EmbeddedIcons.Vista_Save.getImage(16.0));
+        btnExportToCsv.setOnAction(event -> {
+            final FileChooser dlgSave = new FileChooser();
+            dlgSave.setTitle("Export To...");
+            dlgSave.getExtensionFilters().addAll(
+                    new FileChooser.ExtensionFilter("CSV Files (*.csv)", "*.csv"),
+                    new FileChooser.ExtensionFilter("Data Files (*.csv, *.xls, *.xlsx, *.xml, *.prn, *ods)", "*.csv", "*.xls", "*.xlsx", "*.xml", "*.prn", "*.ods"),
+                    new FileChooser.ExtensionFilter("All Files", "*")
+            );
+
+            File result = dlgSave.showSaveDialog(this.getOwner());
+            if(result != null) {
+                Csv.ExportTableToFile(tbl, result);
+            }
+        });
+
+        toolbarTable.getChildren().addAll(spacerToolbar, btnExportToCsv);
+        containerTable.getChildren().addAll(toolbarTable, tbl);
+        pane.getItems().addAll(containerTable, chartControl);
         this.getDialogPane().setContent(pane);
         this.getDialogPane().getButtonTypes().addAll(ButtonType.CLOSE);
     }
@@ -199,6 +229,7 @@ protected void Handle_RootNodeChanged(Observable o, LogicalNode rootOld, Logical
         chartControl.suspendLayout(true);
         try {
             chartControl.clearSeries();
+            chartControl.zoomReset();
 
             if (rootNew == null) {
                 return;
diff --git a/GM3/src/ui/dialog/LogicalNodeReportDialogFx.java b/GM3/src/ui/dialog/LogicalNodeReportDialogFx.java
index 9580bda..0ab60f2 100644
--- a/GM3/src/ui/dialog/LogicalNodeReportDialogFx.java
+++ b/GM3/src/ui/dialog/LogicalNodeReportDialogFx.java
@@ -88,7 +88,7 @@ private void initComponents() {
                                     )
             );
         });
-        optSource.setOnAction(event -> {
+        optDestination.setOnAction(event -> {
             nodesFiltered.setPredicate(logicalNode ->
                             network.get().getEdgesInvolving(logicalNode).stream()
                                     .anyMatch(edge ->
diff --git a/GM3/src/ui/dialog/ManageLogicalNetworksDialogFx.java b/GM3/src/ui/dialog/ManageLogicalNetworksDialogFx.java
index 71c8a00..ee3a0b7 100644
--- a/GM3/src/ui/dialog/ManageLogicalNetworksDialogFx.java
+++ b/GM3/src/ui/dialog/ManageLogicalNetworksDialogFx.java
@@ -18,11 +18,13 @@
 import java.util.List;
 
 public class ManageLogicalNetworksDialogFx extends Dialog {
+    private static ManageLogicalNetworksDialogFx instance = null;
+
     private final ListView<Cidr> viewCidrs;
     private final TextField txtNewCidr;
     private final Button btnAddCidr;
 
-    public ManageLogicalNetworksDialogFx() {
+    private ManageLogicalNetworksDialogFx() {
         viewCidrs = new ListView<>();
 
         txtNewCidr = new TextField("");
@@ -31,6 +33,14 @@ public ManageLogicalNetworksDialogFx() {
         initComponents();
     }
 
+    public static ManageLogicalNetworksDialogFx getInstance() {
+        if (instance == null) {
+            instance = new ManageLogicalNetworksDialogFx();
+        }
+
+        return instance;
+    }
+
     private void initComponents() {
         setTitle("Logical Networks");
         Window stage = super.getDialogPane().getScene().getWindow();
diff --git a/GM3/src/ui/dialog/PreferencesDialogFx.java b/GM3/src/ui/dialog/PreferencesDialogFx.java
index 0832687..cc73c28 100644
--- a/GM3/src/ui/dialog/PreferencesDialogFx.java
+++ b/GM3/src/ui/dialog/PreferencesDialogFx.java
@@ -196,9 +196,12 @@ private void initComponents() {
     }
 
     public void reloadValues() {
-        pathWireshark.set(Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC));
-        pathTextEditor.set(Configuration.getPreferenceString(Configuration.Fields.TEXT_EDITOR_EXEC));
-        pathPdfViewer.set(Configuration.getPreferenceString(Configuration.Fields.PDF_VIEWER_EXEC));
+        String ws = Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC);
+        String te = Configuration.getPreferenceString(Configuration.Fields.TEXT_EDITOR_EXEC);
+        String pdf = Configuration.getPreferenceString(Configuration.Fields.PDF_VIEWER_EXEC);
+        pathWireshark.set(ws == null ? "" : ws);
+        pathTextEditor.set(te == null ? "" : te);
+        pathPdfViewer.set(pdf == null ? "" : pdf);
 
         colorNewNode.set(Color.web(Configuration.getPreferenceString(Configuration.Fields.COLOR_NODE_NEW)));
         colorModifiedNode.set(Color.web(Configuration.getPreferenceString(Configuration.Fields.COLOR_NODE_MODIFIED)));
@@ -216,14 +219,14 @@ public void reloadValues() {
     public Map<Configuration.Fields, String> getUpdatedValues() {
         HashMap<Configuration.Fields, String> updatedValues = new HashMap<>();
 
-        if(pathWireshark.get() == null || !pathWireshark.get().equals(Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC))) {
-            updatedValues.put(Configuration.Fields.WIRESHARK_EXEC, pathWireshark.get());
+        if(Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC) == null || !pathWireshark.get().equals(Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC))) {
+            updatedValues.put(Configuration.Fields.WIRESHARK_EXEC, pathWireshark.get().equals("") ? null : pathWireshark.get());
         }
-        if(pathTextEditor.get() == null || !pathTextEditor.get().equals(Configuration.getPreferenceString(Configuration.Fields.TEXT_EDITOR_EXEC))) {
-            updatedValues.put(Configuration.Fields.TEXT_EDITOR_EXEC, pathTextEditor.get());
+        if(Configuration.getPreferenceString(Configuration.Fields.TEXT_EDITOR_EXEC) == null|| !pathTextEditor.get().equals(Configuration.getPreferenceString(Configuration.Fields.TEXT_EDITOR_EXEC))) {
+            updatedValues.put(Configuration.Fields.TEXT_EDITOR_EXEC, pathTextEditor.get().equals("") ? null : pathTextEditor.get());
         }
-        if(pathPdfViewer.get() == null || !pathPdfViewer.get().equals(Configuration.getPreferenceString(Configuration.Fields.PDF_VIEWER_EXEC))) {
-            updatedValues.put(Configuration.Fields.PDF_VIEWER_EXEC, pathPdfViewer.get());
+        if(Configuration.getPreferenceString(Configuration.Fields.PDF_VIEWER_EXEC) == null || !pathPdfViewer.get().equals(Configuration.getPreferenceString(Configuration.Fields.PDF_VIEWER_EXEC))) {
+            updatedValues.put(Configuration.Fields.PDF_VIEWER_EXEC, pathPdfViewer.get().equals("") ? null : pathWireshark.get());
         }
 
         // Colors give AARRGGBB, we want only RGB
diff --git a/GM3/src/ui/dialog/importmanager/ImportDialog.java b/GM3/src/ui/dialog/importmanager/ImportDialog.java
index ad514d2..ba4075a 100644
--- a/GM3/src/ui/dialog/importmanager/ImportDialog.java
+++ b/GM3/src/ui/dialog/importmanager/ImportDialog.java
@@ -157,7 +157,10 @@ private void initComponents() {
                                 row.getItem().setType(processor);
                             })
                         ).collect(Collectors.toList())
-                    )
+                    ),
+                    new ActiveMenuItem("Remove", event -> {
+                        document.get().removePendingImport(row.getItem());
+                    })
             );
 
             row.contextMenuProperty().bind(new When(row.emptyProperty()).then((ContextMenu)null).otherwise(menuRow));
diff --git a/GM3/src/ui/fingerprint/FingerPrintGui.java b/GM3/src/ui/fingerprint/FingerPrintGui.java
index 3355287..fdbbb3a 100644
--- a/GM3/src/ui/fingerprint/FingerPrintGui.java
+++ b/GM3/src/ui/fingerprint/FingerPrintGui.java
@@ -6,6 +6,8 @@
 import core.fingerprint.FingerprintState;
 import core.fingerprint3.Fingerprint;
 import core.fingerprint3.ObjectFactory;
+import core.logging.Logger;
+import core.logging.Severity;
 import javafx.application.Application;
 import javafx.application.Platform;
 import javafx.beans.binding.Bindings;
@@ -105,6 +107,7 @@ public void start(Stage primaryStage) throws Exception{
                 FPItem item = createTree(fp);
                 return item;
             })
+            .filter(item -> item != null)
             .collect(Collectors.toList());
 
             this.rootItem.getChildren().addAll(items);
@@ -431,13 +434,17 @@ private void processFingerprintAdded(List<? extends FingerprintState> added) {
         TreeItem<String> firstNewItem = null;
         for (FingerprintState fingerprint : added) {
             FPItem item = createTree(fingerprint);
-            this.rootItem.getChildren().add(item);
-            this.rootItem.getChildren().sort((ti1, ti2) -> ti1.getValue().compareTo(ti2.getValue()));
-            if (null == firstNewItem) {
-                firstNewItem = item;
+            if (item != null) {
+                this.rootItem.getChildren().add(item);
+                this.rootItem.getChildren().sort((ti1, ti2) -> ti1.getValue().compareTo(ti2.getValue()));
+                if (null == firstNewItem) {
+                    firstNewItem = item;
+                }
             }
         }
-        this.tree.getSelectionModel().select(firstNewItem);
+        if (null != firstNewItem) {
+            this.tree.getSelectionModel().select(firstNewItem);
+        }
     }
 
     private FPItem createTree(FingerprintState fpState) {
@@ -446,20 +453,25 @@ private FPItem createTree(FingerprintState fpState) {
         Fingerprint fp = fpState.getFingerprint();
         FPItem item = new FPItem(fpState);
 
-        fp.getPayload().forEach(payload -> {
+        for (Fingerprint.Payload payload : fp.getPayload()) {
             PayloadItem payloadItem = new PayloadItem(payload);
             payloadMap.put(payload.getFor(), payloadItem);
             item.getChildren().add(payloadItem);
-        });
-        fp.getFilter().forEach(group -> {
+        }
+        for (Fingerprint.Filter group : fp.getFilter()) {
             FilterGroupItem groupItem = new FilterGroupItem(group.getName());
             group.getAckAndMSSAndDsize().forEach(filter -> {
                 FilterItem newFilter = new FilterItem(Filter.FilterType.valueOf(filter.getName().toString().replaceAll(" ", "").toUpperCase()), group.getAckAndMSSAndDsize().indexOf(filter), this, filter);
                 groupItem.getChildren().add(newFilter);
             });
             PayloadItem payload = payloadMap.get(group.getFor());
-            payload.getChildren().add(groupItem);
-        });
+            if (payload != null) {
+                payload.getChildren().add(groupItem);
+            } else {
+                Logger.log(this, Severity.Warning, "Malformed Fingerprint: Filter group without payload");
+                item = null;
+            }
+        }
 
         return item;
     }
@@ -755,6 +767,11 @@ public static void selectAll(TextField field) {
         });
     }
 
+    public void updatePayloadDescription(PayloadItem payload, String description) {
+        FPItem fp = getFPItem(payload);
+        this.document.updatePayloadDescription(fp.getName(), fp.pathProperty().get(), payload.getPayload().getFor(), description);
+    }
+
     public void updateAlways(PayloadItem payload, Fingerprint.Payload.Always always) {
         FPItem fp = getFPItem(payload);
         this.document.updateAlways(fp.getName(), fp.pathProperty().get(), payload.getPayload().getFor(), always);
diff --git a/GM3/src/ui/fingerprint/editorPanes/ExtractDialog.java b/GM3/src/ui/fingerprint/editorPanes/ExtractDialog.java
index 999e346..e1b1fa3 100644
--- a/GM3/src/ui/fingerprint/editorPanes/ExtractDialog.java
+++ b/GM3/src/ui/fingerprint/editorPanes/ExtractDialog.java
@@ -13,6 +13,7 @@
 import javafx.scene.layout.Pane;
 import javafx.scene.layout.Priority;
 import javafx.scene.layout.VBox;
+import ui.fingerprint.FingerPrintGui;
 import ui.fingerprint.payload.Endian;
 
 import java.util.ArrayList;
@@ -151,7 +152,7 @@ public ExtractRow(Extract extract, VBox parent) {
                 this.from = extract.getFrom();
                 this.to = extract.getTo();
                 this.maxLength = extract.getMaxLength();
-                this.endian = Endian.valueOf(extract.getEndian() != null ? extract.getEndian() : "BIG");
+                this.endian = extract.getEndian() != null ? Endian.valueOf(extract.getEndian()) : Endian.getDefault();
                 this.post = extract.getPost();
             }
 
@@ -219,7 +220,7 @@ public ExtractRow(Extract extract, VBox parent) {
             fromPositionField.textProperty().addListener((observable, oldValue, newValue) -> {
                 if (newValue == null || newValue.isEmpty()) {
                     fromPositionField.setText("0");
-                    fromPositionField.selectAll();
+                    FingerPrintGui.selectAll(fromPositionField);
                 } else {
                     try {
                         long index = Long.parseLong(newValue);
@@ -266,7 +267,7 @@ public ExtractRow(Extract extract, VBox parent) {
             toPositionField.textProperty().addListener((observable, oldValue, newValue) -> {
                 if (newValue == null || newValue.isEmpty()) {
                     toPositionField.setText("0");
-                    toPositionField.selectAll();
+                    FingerPrintGui.selectAll(toPositionField);
                 } else {
                     try {
                         long index = Long.parseLong(newValue);
@@ -289,7 +290,7 @@ public ExtractRow(Extract extract, VBox parent) {
 
             HBox maxLengthBox = new HBox(2);
             Label maxLengthLabel = new Label("Max Length:");
-            TextField maxLengthField = new TextField(Integer.toString(DEFAULT_MAX_LENGTH));
+            TextField maxLengthField = new TextField(Integer.toString(this.maxLength));
             maxLengthField.textProperty().addListener((observable, oldValue, newValue) -> {
                 if (newValue == null || newValue.isEmpty()) {
                     maxLengthField.setText("0");
@@ -299,6 +300,8 @@ public ExtractRow(Extract extract, VBox parent) {
                         int length = Integer.parseInt(newValue);
                         if (length < MIN_MAX_LENGTH || length > MAX_MAX_LENGTH) {
                             maxLengthField.setText(oldValue);
+                        } else {
+                            this.maxLength = length;
                         }
                     } catch (NumberFormatException e) {
                         maxLengthField.setText(oldValue);
@@ -312,7 +315,8 @@ public ExtractRow(Extract extract, VBox parent) {
             HBox endianBox = new HBox(2);
             Label endianLabel = new Label("Endian:");
             ChoiceBox<Endian> endianChoiceBox = new ChoiceBox<>(FXCollections.observableArrayList(Endian.values()));
-            endianChoiceBox.setValue(Endian.BIG);
+            endianChoiceBox.setValue(this.endian);
+            endianChoiceBox.valueProperty().addListener(observable -> this.endian = endianChoiceBox.getValue());
             endianBox.setAlignment(Pos.CENTER_LEFT);
             endianBox.getChildren().addAll(endianLabel, endianChoiceBox);
 
diff --git a/GM3/src/ui/fingerprint/editorPanes/PayloadEditorPane.java b/GM3/src/ui/fingerprint/editorPanes/PayloadEditorPane.java
index 7424166..344ae5a 100644
--- a/GM3/src/ui/fingerprint/editorPanes/PayloadEditorPane.java
+++ b/GM3/src/ui/fingerprint/editorPanes/PayloadEditorPane.java
@@ -29,6 +29,7 @@ public class PayloadEditorPane extends BorderPane implements ParentBox {
     private SimpleBooleanProperty hasAlways;
     private VBox childrenBox;
     private List<OpRow> children;
+    private TextField descField;
     private boolean loading;
 
     private PayloadEditorPane(PayloadItem item, FingerPrintGui gui) {
@@ -46,13 +47,18 @@ private void buildPane() {
         HBox descBox = new HBox(2);
 
         Label descLabel = new Label("Description:");
-        TextField descField = new TextField(this.boundItem.getDescription());
+        descField = new TextField(this.boundItem.getDescription());
 
         descBox.setAlignment(Pos.CENTER_LEFT);
         HBox.setHgrow(descField, Priority.ALWAYS);
         descBox.getChildren().addAll(descLabel, descField);
         descBox.setPadding(new Insets(0, 0, 10, 0));
 
+        descField.textProperty().addListener(observable -> {
+            this.boundItem.getPayload().setDescription(descField.getText());
+            update();
+        });
+
         this.setTop(descBox);
         this.setCenter(childrenBox);
 
@@ -110,6 +116,7 @@ public void removeChild(OpRow child) {
         if (child instanceof AlwaysRow) {
             this.gui.updateAlways(boundItem, null);
             this.boundItem.getPayload().setAlways(null);
+            this.hasAlways.set(false);
         }
         this.children.remove(child);
     }
@@ -138,6 +145,7 @@ public void update() {
                 .collect(Collectors.toList());
 
         this.gui.updateOperations(boundItem, operationList);
+        this.gui.updatePayloadDescription(boundItem, this.descField.getText());
         this.boundItem.getPayload().getOperation().clear();
         this.boundItem.getPayload().getOperation().addAll(operationList);
     }
diff --git a/GM3/src/ui/fingerprint/filters/TransportProtoFilter.java b/GM3/src/ui/fingerprint/filters/TransportProtoFilter.java
index e4d24fe..8a03aea 100644
--- a/GM3/src/ui/fingerprint/filters/TransportProtoFilter.java
+++ b/GM3/src/ui/fingerprint/filters/TransportProtoFilter.java
@@ -51,7 +51,7 @@ public HBox getInput() {
         Label protoLabel = new Label("Protocol:");
         ChoiceBox<Short> protoBox = new ChoiceBox<>(FXCollections.observableArrayList(supportedProtocols.keySet()));
         protoBox.setConverter(new ProtocolConverter());
-        protoBox.setValue(TCP_PROTO_NUM);
+        protoBox.setValue(this.proto);
 
         protoBox.valueProperty().addListener(change -> {
             proto = protoBox.getValue();
diff --git a/GM3/src/ui/fingerprint/filters/WindowFilter.java b/GM3/src/ui/fingerprint/filters/WindowFilter.java
index 19a36ee..bf174e8 100644
--- a/GM3/src/ui/fingerprint/filters/WindowFilter.java
+++ b/GM3/src/ui/fingerprint/filters/WindowFilter.java
@@ -9,20 +9,21 @@
 import ui.fingerprint.FingerPrintGui;
 
 import javax.xml.bind.JAXBElement;
+import java.math.BigInteger;
 
-public class WindowFilter implements Filter<Short> {
-    private final static int MAX_VALUE = 255;
+public class WindowFilter implements Filter<BigInteger> {
+    private final static int MAX_VALUE = 1073725440;
     private final static int MIN_VALUE = 0;
 
     ObjectFactory factory;
-    short value;
-    SimpleObjectProperty<JAXBElement<Short>> element;
+    BigInteger value;
+    SimpleObjectProperty<JAXBElement<BigInteger>> element;
 
-    public WindowFilter(JAXBElement<Short> value) {
+    public WindowFilter(JAXBElement<BigInteger> value) {
         factory = new ObjectFactory();
         element = new SimpleObjectProperty<>();
         if (null == value) {
-            this.value = 0;
+            this.value = new BigInteger("0");
             element.setValue(factory.createFingerprintFilterWindow(this.value));
         } else {
             this.value = value.getValue();
@@ -40,14 +41,14 @@ public HBox getInput() {
         HBox input = new HBox();
 
         Label windowLabel = new Label("Value:");
-        TextField windowField = new TextField(Short.toString(value));
+        TextField windowField = new TextField(value.toString());
 
         windowField.textProperty().addListener((observable, oldValue, newValue) -> {
             if (!oldValue.equals(newValue)) {
                 //don't allow wrong entries
                 try {
-                    short newWindow = Short.parseShort(newValue);
-                    if (newWindow > MAX_VALUE || newWindow < MIN_VALUE) {
+                    BigInteger newWindow = new BigInteger(newValue);
+                    if (newWindow.intValue() > MAX_VALUE || newWindow.intValue() < MIN_VALUE) {
                         windowField.setText(oldValue);
                     } else {
                         value = newWindow;
@@ -83,7 +84,7 @@ public FilterType getType() {
     }
 
     @Override
-    public SimpleObjectProperty<JAXBElement<Short>> elementProperty() {
+    public SimpleObjectProperty<JAXBElement<BigInteger>> elementProperty() {
         return element;
     }
 }
diff --git a/GM3/src/ui/graphing/CellGroup.java b/GM3/src/ui/graphing/CellGroup.java
index 9d2b3cf..72fd437 100644
--- a/GM3/src/ui/graphing/CellGroup.java
+++ b/GM3/src/ui/graphing/CellGroup.java
@@ -207,8 +207,7 @@ protected static List<Double> BuildHullFor(List<Point2D> points) {
             ptsPolygon.push(points.get(idxPoint));
         }
         for(int idxPoint = points.size() - 2; idxPoint >= 0; idxPoint--) {
-            while(ptsPolygon.size() >= 2 && ptsPolygon.get(ptsPolygon.size() - 1).subtract(ptsPolygon.get(ptsPolygon.size() - 2))
-                    .crossProduct(points.get(idxPoint).subtract(ptsPolygon.get(ptsPolygon.size() - 2))).getZ() <= 0) {
+            while(ptsPolygon.size() >= 2 && ptsPolygon.get(ptsPolygon.size() - 1).subtract(ptsPolygon.get(ptsPolygon.size() - 2)).crossProduct(points.get(idxPoint).subtract(ptsPolygon.get(ptsPolygon.size() - 2))).getZ() <= 0) {
                 ptsPolygon.pop();
             }
             ptsPolygon.push(points.get(idxPoint));
diff --git a/GM3/src/ui/graphing/GraphTreeItem.java b/GM3/src/ui/graphing/GraphTreeItem.java
index 36fe932..c3e43eb 100644
--- a/GM3/src/ui/graphing/GraphTreeItem.java
+++ b/GM3/src/ui/graphing/GraphTreeItem.java
@@ -85,6 +85,7 @@ public TEdge getEdge() {
     }
 
     private boolean initialized = false;
+    private String name;
 
     protected GraphTreeItem() {
         super();
@@ -92,9 +93,15 @@ protected GraphTreeItem() {
     protected GraphTreeItem(String title, EmbeddedIcons image) {
         super(title, image == null ? null : image.getImage(16.0));
 
+        this.name = title;
+
         valueProperty().bind(new ReadOnlyStringWrapper(title).concat(" (").concat(new ListSizeBinding(getChildren())).concat(" item[s])"));
     }
 
+    public String getName() {
+        return this.name;
+    }
+
     public boolean requiresInitialization() {
         return !initialized;
     }
diff --git a/GM3/src/ui/graphing/graphs/LogicalGraph.java b/GM3/src/ui/graphing/graphs/LogicalGraph.java
index e57c11d..ec87e5e 100644
--- a/GM3/src/ui/graphing/graphs/LogicalGraph.java
+++ b/GM3/src/ui/graphing/graphs/LogicalGraph.java
@@ -10,6 +10,7 @@
 import javafx.scene.control.TextInputDialog;
 import ui.custom.fx.ActiveMenuItem;
 import ui.dialog.ConnectionDetailsDialogFx;
+import ui.dialog.ManageLogicalNetworksDialogFx;
 import ui.graphing.Cell;
 import ui.graphing.FactoryLayoutableCells;
 import ui.graphing.FactoryTreeItemsLogical;
@@ -22,7 +23,6 @@
 
 import java.io.IOException;
 import java.util.List;
-import java.util.Optional;
 import java.util.zip.ZipOutputStream;
 
 public class LogicalGraph extends Graph<LogicalNode, LogicalEdge> {
@@ -88,23 +88,7 @@ public Cell<LogicalNode> uiFor(LogicalNode logicalNode) {
         });
 
         MenuItem miAddSubnet = new ActiveMenuItem("Add Subnet Group", event -> {
-            TextInputDialog dlgNewCidr = new TextInputDialog("Add Cidr");
-            Optional<String> result = dlgNewCidr.showAndWait();
-            if(result.isPresent()) {
-                String txtNew = result.get();
-                try {
-                    Cidr cidrNew = new Cidr(txtNew);
-                    if (!cidrs.add(cidrNew)) {
-                        for(Cidr cidr : cidrs) {
-                            if(cidr.overlaps(cidrNew)) {
-                                Logger.log(this, Severity.Error, "Failed: " + txtNew + " conflicts with " + cidr.toString());
-                            }
-                        }
-                    }
-                } catch(Exception ex) {
-                    Logger.log(this, Severity.Error, "Unable to add Cidr: " + ex.getMessage());
-                }
-            }
+            ManageLogicalNetworksDialogFx.getInstance().showAndWait();
         });
         menuGraph.add(miAddSubnet);
     }
diff --git a/GM3/src/ui/graphing/physical/PhysicalGraphTreeController.java b/GM3/src/ui/graphing/physical/PhysicalGraphTreeController.java
index 44ce39b..4775578 100644
--- a/GM3/src/ui/graphing/physical/PhysicalGraphTreeController.java
+++ b/GM3/src/ui/graphing/physical/PhysicalGraphTreeController.java
@@ -79,7 +79,7 @@ public GraphTreeItem.GraphTreeNodeItem<PhysicalNode, PhysicalEdge> createVlanNod
 
     @Override
     protected void initializeGroup(GraphTreeItem.GraphTreeGroupItem<PhysicalNode, PhysicalEdge> nodeGroup) {
-        String nameGroup = nodeGroup.getValue();
+        String nameGroup = nodeGroup.getName();
         TreeItem<String> root = rootClouds;
 
         if(devices.stream().filter(device -> device.nameProperty().get().equals(nameGroup)).findAny().isPresent()) {
diff --git a/GM3/src/util/Csv.java b/GM3/src/util/Csv.java
index 33e5a52..fc38bf7 100644
--- a/GM3/src/util/Csv.java
+++ b/GM3/src/util/Csv.java
@@ -56,7 +56,8 @@ public static <TRow> void ExportTableToFile(TableView<TRow> table, File destinat
                         writer.write(",");
                     }
                     bFirst = false;
-                    writer.write(fieldFromString(col.getCellObservableValue(row).getValue().toString()));
+                    String fieldValue = col.getCellObservableValue(row).getValue() != null ? col.getCellObservableValue(row).getValue().toString() : "";
+                    writer.write(fieldFromString(fieldValue));
                 }
                 writer.newLine();
             }
diff --git a/GM3/src/util/Launcher.java b/GM3/src/util/Launcher.java
index 7d8461e..bf189f1 100644
--- a/GM3/src/util/Launcher.java
+++ b/GM3/src/util/Launcher.java
@@ -78,14 +78,16 @@ public static void main(String[] args) {
             }
         }
 
-        try {
-            // If jnetpcap can't be found then loadLibrary will result in an exception
-            System.loadLibrary("jnetpcap");
-            Pcap.libVersion();
-        } catch (Error | Exception var3) {
-            //We won't be able to do offline pcap either, but there are no hooks (yet) to prevent this.
-            Logger.log(Launcher.class, Severity.Warning, "Unable to initialize JNetPCap; packet capture functionality will be disabled.");
-            allowPcap = false;
+        if(allowPcap) {
+            try {
+                // If jnetpcap can't be found then loadLibrary will result in an exception
+                System.loadLibrary("jnetpcap");
+                Pcap.libVersion();
+            } catch (Error | Exception var3) {
+                //We won't be able to do offline pcap either, but there are no hooks (yet) to prevent this.
+                Logger.log(Launcher.class, Severity.Warning, "Unable to initialize JNetPCap; packet capture functionality will be disabled.");
+                allowPcap = false;
+            }
         }
 
         if(!Files.exists(Paths.get(Configuration.getPreferenceString(Configuration.Fields.WIRESHARK_EXEC)))) {