Failing to get any scan results

[mikehardenize]

I'm trying to get lzr to fingerprint anything, and I'm failing. I'm running the following command, using the latest release of lzr, from a debian 12 host:

$ echo "192.168.1.1:22" | sudo ./lzr \
   --handshakes ssh \
   -sendSYNs \
   -sourceIP      192.168.1.71 \
   -sendInterface wlp0s20f3 \
   -gatewayMac    30:89:4a:11:71:eb \
   -f -

The json it outputs, contains "fingerprint: unknown":

{
  "saddr": "192.168.1.1",
  "daddr": "192.168.1.71",
  "sport": 22,
  "dport": 42472,
  "seqnum": 2052859966,
  "acknum": 0,
  "window": 65535,
  "ttl": 0,
  "Counter": 1,
  "ACK": false,
  "ACKed": false,
  "SYN": true,
  "RST": false,
  "FIN": false,
  "PUSH": false,
  "HandshakeNum": 0,
  "fingerprint": "unknown",
  "Timestamp": "2024-04-11T15:25:37.616496178+01:00",
  "expectedRToLZR": "sa"
}

The host I am scanning from has this network interface

wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.71  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::3289:4aff:fe11:71eb  prefixlen 64  scopeid 0x20<link>
        ether 30:89:4a:11:71:eb  txqueuelen 1000  (Ethernet)
        RX packets 147663603  bytes 169865914024 (158.1 GiB)
        RX errors 0  dropped 73712  overruns 0  frame 0
        TX packets 44722281  bytes 59451909408 (55.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The IP and port I am trying to scan is open (below run from the scanning host):

$ telnet 192.168.1.1 22
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u4

Can you suggest what I am doing wrong?