Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
oui
 
 
 
 

README.md

dhcpf

It is possible to precisely recognize the operating system on the basis of unique combination of DHCP options in host requests. This is an example of implementation.

Signatures

This tool is somewhat useless without rich and reliable signature database. I will be very grateful for any kind of help in the database development.

Contact

To send questions and comments, just send an e-mail at marcin@ulikowski.pl

Demo

elceef@cerebellum:~/dhcpf% sudo ./dhcpf eth1
=== dhcpf 0.7c: passive DHCP fingerprinting ===

Successfully loaded 29 DHCP-prints.

Discover from Motorola_03:e3:1d (40:fc:89:03:e3:1d)
  system	= Android 2.2 (Motorola)

Request from Motorola_03:e3:1d (40:fc:89:03:e3:1d)
  system	= Android 2.2 (Motorola)
  req_ipaddr	= 10.1.1.223

Request from UnknownOUI_58:ab:d5 (d8:31:cf:58:ab:d5)
  system	= Android 2.3 (Samsung)
  req_ipaddr	= 10.1.1.209

Request from FujitsuS_d2:38:de (00:30:05:d2:38:de)
  system	= Windows XP/Vista/7 (generic)
  hostname	= DRI-Stacja
  req_ipaddr	= 10.1.1.115

Discover from CiscoLin_db:d5:36 (00:0e:08:db:d5:36)
  system	= Linksys SipuraSPA
  hostname	= SipuraSPA
  req_ipaddr	= 10.2.2.4
  option82	= remote_id 70:72:cf:59:0d:35 circuit_id vlan 504 unit 1 port 1

Request from CiscoLin_db:d5:36 (00:0e:08:db:d5:36)
  system	= Linksys SipuraSPA
  hostname	= SipuraSPA
  req_ipaddr	= 10.2.2.4
  option82	= remote_id 70:72:cf:59:0d:35 circuit_id vlan 504 unit 1 port 1

About

Passive DHCP fingerprinting implementation

Resources

Releases

No releases published

Packages

No packages published