Passive DHCP fingerprinting implementation
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Build.sh dhcpf-0.7c Oct 15, 2014
Makefile dhcpf-0.7c Oct 15, 2014
README.md Added README Jun 20, 2015
dhcp.h dhcpf-0.7c Oct 15, 2014
dhcpf.c dhcpf-0.7c Oct 15, 2014
dhcpf.go Added dhcpf.go Jul 12, 2016
dhcpf.prints dhcpf-0.7c Oct 15, 2014
fp.h dhcpf-0.7c Oct 15, 2014
oui dhcpf-0.7c Oct 15, 2014
udpip.h dhcpf-0.7c Oct 15, 2014

README.md

dhcpf

It is possible to precisely recognize the operating system on the basis of unique combination of DHCP options in host requests. This is an example of implementation.

Signatures

This tool is somewhat useless without rich and reliable signature database. I will be very grateful for any kind of help in the database development.

Contact

To send questions and comments, just send an e-mail at marcin@ulikowski.pl

Demo

elceef@cerebellum:~/dhcpf% sudo ./dhcpf eth1
=== dhcpf 0.7c: passive DHCP fingerprinting ===

Successfully loaded 29 DHCP-prints.

Discover from Motorola_03:e3:1d (40:fc:89:03:e3:1d)
  system	= Android 2.2 (Motorola)

Request from Motorola_03:e3:1d (40:fc:89:03:e3:1d)
  system	= Android 2.2 (Motorola)
  req_ipaddr	= 10.1.1.223

Request from UnknownOUI_58:ab:d5 (d8:31:cf:58:ab:d5)
  system	= Android 2.3 (Samsung)
  req_ipaddr	= 10.1.1.209

Request from FujitsuS_d2:38:de (00:30:05:d2:38:de)
  system	= Windows XP/Vista/7 (generic)
  hostname	= DRI-Stacja
  req_ipaddr	= 10.1.1.115

Discover from CiscoLin_db:d5:36 (00:0e:08:db:d5:36)
  system	= Linksys SipuraSPA
  hostname	= SipuraSPA
  req_ipaddr	= 10.2.2.4
  option82	= remote_id 70:72:cf:59:0d:35 circuit_id vlan 504 unit 1 port 1

Request from CiscoLin_db:d5:36 (00:0e:08:db:d5:36)
  system	= Linksys SipuraSPA
  hostname	= SipuraSPA
  req_ipaddr	= 10.2.2.4
  option82	= remote_id 70:72:cf:59:0d:35 circuit_id vlan 504 unit 1 port 1