Documentation to read output

[CopyOfA]

Is there any documentation demonstrating how one should interpret the output of Satori? For example, consider the following output line:

2022-09-29T20:01:52.815151;192.168.1.10;00:11:22:33:44:55;TCP;S;64240:64:1:60:M1350,S,T,N,W7:.

Or after splitting on ";":

'2022-09-29T20:01:52.815151', '192.168.1.10', '00:11:22:33:44:55', 'TCP', 'S', '64240:64:1:60:M1350,S,T,N,W7:.', ''

What does this output tell me? I think understand the first 4 entries as: Timestamp, IP Address, MAC Address, Protocol. What are the final 3 entries? If I wanted to understand the OS fingerprint of this particular IP address, how could I find it?

[xnih]

Each fingerprint is going to be slightly different, but it basically breaks down to 2 types:

HTTPSERVER, USERAGENT, SSH, DNS
1 - Timestamp
2 - Source IP
3 - MAC
4 - Test Type, be that TCP, DHCP, SSH, Web, Useragent, etc
5 - test type
6 - OS

Others have "extra" tests depending on the protocol being tested, be that the packet type on TCP (S, SA, A), or on SSL we have different fingerprint types (ja3 or ja4), or DHCP we have DHCP packet type (Request/ACK, Response) and then we also have what type of DHCP packet (options, option55, vendorcode) or SMB there was packet type (NativeOS or something else)
SSL, TCP, NTP, DHCP, SMBNATIVE
1 - Timestamp
2 - Source IP
3 - MAC
4 - Test Type, be that TCP, DHCP, SSH, Web, Useragent, etc
5 through N-1 - in some cases there is only 1 here, others, like TCP there are multiple, in this case, 5 = packet type, in this case, syn, vs SA (syn ack) or A (ack), then the fingerprint generated by the protcol in question
N - The last value, is going to be the OS guess if there was one, in the fingerprint you asked about, we didn't have a match.

[CopyOfA]

OK, got it. Thank you for your help!