Sysadmin > SerVices > DhcpD > DhcpOsFingerprinting

How to use DHCP-requests for passive OS fingerprinting



Most devices are able to use dynamic host configuration protocoll for ip configuration. Allthrough there is a option to identify the client (OPTION: 60 Vendor class identifier MSFT 5.0) it is not suitable to destinguis the Operating System, because "MSFT 5.0" is used bye most windows versions. But you can use the pattern of requested options (OPTION: 55 Parameter Request List) for fingerprinting.

Enable logging of the DHCP-options relevant for fingerprinting

Add this to your dhcpd.conf
on commit {
      concat("Client ",
        binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
        " requests ",
        binary-to-ascii(16, 8, ":", option dhcp-parameter-request-list),
        pick-first-value(option vendor-class-identifier, "no vendor-id"))

This will strip leading zeros in the MAC adress! (a fix)

Matching table DHCP2OS