02-15-2012 12:21 PM - edited 02-15-2012 12:27 PM
I am trying to figure out how to fingerprint Google Chromebooks using DHCP as outlined in the following article.
COTD: DHCP Fingerprinting how-to (ArubaOS 126.96.36.199 and above)
I am not quite sure which option I should look for in the devices DHCP request. Here is a copy of one such request off the controller log.
Feb 15 11:55:04 :202536: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1813: REQUEST 74:de:2b:a1:91:38 reqIP=10.x.x.x Options 3d:0174de2ba19138 39:05dc 3c:64686370636420352e312e34 37:01792103060c0f1a1c33363a3b77
Feb 15 11:55:04 :202544: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1813: ACK 74:de:2b:a1:91:38 clientIP=10.x.x.x
If I follow the procedure outlined in the COTD document I should be looking at the option which begins with 37: or 3c of which I have both (3c:64686370636420352e312e34) (37:01792103060c0f1a1c33363a3b77) so which do I use?
can anyone confirm this for me?
Solved! Go to Solution.
02-28-2012 07:09 AM - edited 02-28-2012 07:10 AM
The ArubaOS DHCP Fingerprinting App Note here: http://www.arubanetworks.com/pdf/technology/AOS-DH
EDIT: Specifically, you look for the signature that begins with 37:--- and you eliminate the colon.