How does client fingerprinting work?

Summary

How does client fingerprinting work on ZD controllers.

Question

How client fingerprinting happens?

Troubleshooting Steps

When troubleshooting the Client fingerprinting issue it is important to get a packet capture of the client in question as it is booting up or connecting and going through the DHCP process.

The easy way to do this is to put the AP that the client is connected to into Packet capture mode and put the capture mode into the streaming mode and use the remote packet capture option on Wireshark to capture traffic on the BR0 interface.

Resolution

What is client fingerprinting?
Client fingerprinting is a feature effective from 9.4 firmware, it’s a technique used by ZoneDirector which attempts to identify client devices by their Operating System, device type and Host Name, if available. This makes identifying client devices easier in the Dashboard, Client Monitor and Client Details screens as shown below.

User-added image

How client fingerprinting happens?
The zone director captures the clients OS when client sends a DHCP request through the access points. The client finger printing can be enabled by clicking it in the advanced WLAN option.

User-added image


How is the OS information captured?
The AP records the OS information from the client by capturing the DHCP request packet, the OS information is found in the DHCP option 60 if present and parameter order list in Option 55.  Some DHCP request will have DHCP Option 60 and some do not, but all will have Option 55.

If DHCP Option 60 is present we use that information along with the parameter list in Option 55 to identify the OS type
a closer look into the DHCP packet reveals the following:

Packet capture of DHCP request, the client used in this capture is windows XP:
User-added image


This capture show Option 60: Vendor class identifier = "MSFT 5.0"
Option 55 Parameter order: 1,15,3,6,44,46,47,31,33,249,43


IF Option 55 had the following parameter order instead: 1,15,3,6,44,46,47,31,33,43 (Note parameter 249 is not present)
This client would have been identified as a "Windows 2000"
 

Attachment 1

Client fingerprinting.docx
application/vnd.openxmlformats-officedocument.wordprocessingml.document
Download
(213 KB)

Article Number:
000001668

Updated:
August 18, 2020 03:52 AM (over 3 years ago)

Answer Attachment 1
Client fingerprinting.docx
application/vnd.openxmlformats-officedocument.wordprocessingml.document
Download
(213 KB)

Tags:
Configuration, Troubleshooting, ZoneDirector

Votes:
3

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.