How to differentiate device type from IP?

Navigation
1

How do I know what kind of device is using an IP?

I wonder if there is any way to validate whether an IP belongs to a computer, a mobile device, etc.

This is to differentiate device types from IP.

I'm interested in doing this in Java.

Thanks for your attention.

    
asked by anonymous 10.08.2016 / 13:46

3 answers

6

Come on boy, most said it is not possible, but in reality it is!

I do not know if you will use this for good or if you want to give a hacker out there, what you will do with this kind of information is up to your conscience and everyone who will read it!

Thanks to peculiarities in implementing the TCP / IP stack from different vendors, it is possible to analyze and identify different operating systems / devices.

To understand how this works, it is important that you know the structure of an IP packet:

LookhowmuchinformationaTCPpacketloads,Iwillnothandleeachparameterthisisabitlengthy,whatisimportantforyoutoknowisthatsomeofthisinformationchangesfromOStoOSanditispossibletoanalyzethisusinganalysistechniquesoftraffic.

Thiscanbedonepassivelyoractively:

  • Active-Yourdevice(PC,etc)sendspacketstotheIPyouwantandanalyzestheresponse.
  • Passive-Itonlyinterceptspacketsthattravelonthenetwork(sniffers).

    • AveryrudimentarywayistoanalyzetheTimetoLive(TTL)andWindow!fields

    TTL-Maximumtimethepacketscantakebeforebeingdestroyed(canbeseeninthefigureoftheIPpacketstructureintheredpart).

    window-Receptionwindowsize(canbeseeninthefigureoftheIPpacketstructureintheyellowpart).

    SeehowcertaindefaultsforthesetwofieldscantellyouDifferentiatedOperatingSystemsonlybyanalyzingpackagereturn:

    Linux(Kernel2.4and2.6)

    • TimeToLive=64
    • TCPWindowSize=5840

    GoogleLinux

    • TimeToLive=64
    • TCPWindowSize=5720

    FreeBSD

    • TimeToLive=64
    • TCPWindowSize=65535

    WindowsXP

    • TimeToLive=128
    • TCPWindowSize=65535

    WindowsVistaand7(WindowsServer2008)

    • TimeToLive=128
    • TCPWindowSize=8192

    iOS12.4orCiscoRouters

    • TimeToLive=255
    • TCPWindowSize=4128

    OK,nowyouhaveanideaofhowthisispossible,imaginenowinsteadofanalyzingonlytwofields,analyzingalargerset,settingandobservingthepatternsandthusachievinggreaterconsistencyandcorrectness.Well,thisispossible,with67bitsofanalysisyouwillhaveaveryreliablesignature:

  • Startingpacketsize-UsingvaluesfromtheIHLfieldandTotalLengthitispossibletoknowtheinitialsizeofthepackage(16bits).
  • TimetoLivefieldvalue(8bits).
  • Windowfieldvalue(16bits).
  • Maximumsegmentsize(16bits)-IntheTCPOptionsfieldcancontaintheinformationthatdefinesthemaximumsegmentreceivesize,thisinformationissentintheinitialcommunicationifthisparameterdoesnotexistanysegmentsizeisallowed.
  • Windowscalingvalue(8bits)-IntheTCPOptionsfielditcancontaininformationallowingtoincreasethesizeofreceivedpackets.
  • "do not fragment" flag (1 bit) - In the Fragment Offset field it can contain fragmentation information or not.
  • "sackOK" flag (1 bit) - In the TCP Options field it can contain information about how packets are retransmitted in the event of a loss, whether selective receipts are allowed or not. >
  • "nop" flag (1 bit) - another option defined in the TCP Options field, the length of the TCP header must be a multiple of 4. However, We need to send some NOPs (1 bit or more) to adjust the size of the header and depending on where these NOPs are added and whether they are at the beginning or end along the options, we can identify patterns of certain OS's.

    • If you add up all the BITS of these 8 fields you will have 67 bits of information that vary and behave differently, you can now build a Fingerprint and outline the behavior patterns that each operating system has on the network!

        
    20.11.2016 / 06:00
    2

    No, what you want is not possible.

    The IP number is just and only that, a number. And in practice, any device can pick up any IP number.

    For example, let's assume that in my home I have a DHCP with 192.168.55.0 network address and that my cousin also has a DHCP the same way in his house.

    So, I connect my computer to my network and get IP 192.168.55.1. Then I connect a tablet, and it gets 192.168.55.2. Then I put a cell phone, and it gets 192.168.55.3.

    Already my cousin, connects the tablet first, which takes IP 192.168.55.1. Then turn on the cell, which takes 192.168.55.2 and finally a notebook on 192.168.55.3.

    Note that with this, 192.168.55.1 is a computer on my network, but it is a tablet on my cousin's network. 192.168.55.2 is a tablet on my network, but a cell phone on my cousin's. And 192.168.55.3 is a cell phone in my network and a laptop in my cousin's.

    Anyway, just using the IP number, you can not get any useful information to determine the device in question. That way, you're going to need something different to get what you want.

        
    10.08.2016 / 14:57
    0

    The closest thing you are looking for would be to use the MAC Address of the machine, but even the MAC is not totally reliable, as you can only identify the manufacturer, not the model itself.

    If you want to read more about what Mac can do: link

    I hope I have helped with your search.

        
    10.08.2016 / 15:41
    Delete Record in Bd [closed] Regular expression