How to get DHCP fingerprint

Installing and Using OpenWrt Network and Wireless Configuration
1

hello everyone, I want to get DHCP fingerprints of all connected clients but I didn't find a way with OpenWRT.
I found this topic https://unix.bris.ac.uk/2014/11/10/dhcp-fingerprinting/
if anyone has an idea of how to integrate with OpenWRT or a way to extract all DHCP fingerprints?

2

You can find the leases in /tmp/dhcp.leases or /tmp/hosts/odhcpd for IPv6.
If you prefer to parse the logfile for new leases instead you can disable quiet logging with

uci set dhcp.@dnsmasq[0].quietdhcp='0'
uci commit dhcp
service dnsmasq restart
3

thank you for reply
i don't need dhacp-leases but i want to parse dhcp fingerprint of all devices connected on my ap.

1 Like
4

Ok I missunderstood how it is done.
Since I was not able to find any fingerprinting details in dnsmasq manual page, maybe you should consider using isc-dhcpd instead.

1 Like
5

The Netify DPI agent can extract DHCP fingerprints and class IDs. I just ran a quick test on my network and was able to see the following from my mobile phone connecting via DHCP:

{
  "established": false,
  "flow": {
    "detected_application": 0,
    "detected_application_name": "Unknown",
    "detected_protocol": 18,
    "detected_protocol_name": "DHCP",
    "detection_guessed": 0,
    "dhcp": {
      "class_ident": "android-dhcp-9",
      "fingerprint": "0103060F1A1C33"
    },
    "digest": "821e34e1dda2a0771660dc23ec051c89af3830e0",
    "first_seen_at": 1582209394418,
    "first_update_at": 1582209394418,
    "host_server_name": "galaxy-s8",
    "ip_nat": false,
    "ip_protocol": 17,
    "ip_version": 4,
    "last_seen_at": 1582209394418,
    "local_ip": "0.0.0.0",
    "local_mac": "a0:c9:a0:e5:2c:eb",
    "local_origin": true,
    "local_port": 68,
    "other_ip": "255.255.255.255",
    "other_mac": "ff:ff:ff:ff:ff:ff",
    "other_port": 67,
    "other_type": "broadcast",
    "vlan_id": 0
  },
  "interface": "ens34",
  "internal": true,
  "type": "flow"
}

The fingerprint is in hex format, so you might have to convert it to a comma-delimited format. You can find details on the Netify agent and how to install it in this forum post.

To avoid all the resources needed to run DPI on all network traffic, you can filter on specific ports. You can start netifyd manually for hacking around:

/usr/sbin/netifyd -I eth1 -F 'udp port 67 or udp port 68'
1 Like