How to differentiate device type from IP?

How do I know what kind of device an IP is using?

I would like to know if there is any way to validate if an IP belongs to a computer, a mobile device, etc.

This is to differentiate device types from IP.

I'm interested in doing this in Java.

Thanks for your attention.

Author: Victor Stafusa, 2016-08-10
Source

3 answers

Come on Boy, most said it's not possible, but in reality it is!

I do not know if you will use this for good or if you want to give a hacker out there, what you will do with this type of information is in charge of your conscience and everyone who will read!

Thanks to peculiarities in the implementation of the TCP/IP stack of different providers it is possible to analyze and identify different operating systems/devices.

To understand how this works it is important that you know the structure of an IP packet:

TCP/IP packet structure

Look at how much information a TCP packet carries, I will not deal with each parameter This is a bit extensive, what is important for you to know is that some of this information changes from OS to OS and it is possible to analyze this using traffic analysis techniques.

This can be done passively or actively:

  1. active - your equipment (PC, etc) sends packets to the IP you want and analyzes the response.
  2. Passive - only intercepts packets that traffic on the network (sniffers).

A very rudimentary way is to parse the Time to Live (TTL) and Window fields!

TTL - maximum time that packets can take before being destroyed (can be seen in the IP packet structure figure in the red part).

Window - size of the receiving window (can be observed in the figure of the structure of the IP packet in the yellow part).

Here's how certain patterns for these two fields can tell you different operating systems just by analyzing the return of packages:

Linux (kernel 2.4 e 2.6)

  • Time To Live = 64
  • TCP Window Size = 5840

Google Linux

  • Time To Live = 64
  • TCP Window Size = 5720

FreeBSD

  • Time To Live = 64
  • TCP Window Size = 65535

Windows XP

  • Time To Live = 128
  • TCP Window Size = 65535

Windows Vista and 7 (Windows Server 2008)

  • Time To Live = 128
  • TCP Window Size = 8192

IOS 12.4 or Cisco routers

  • Time To Live = 255
  • TCP Window Size = 4128

OK, now you have an idea of how this is possible, imagine now instead of analyzing only two fields, analyzing a larger set, defining and observing the patterns and thus achieving greater consistency and hits. Well, this is possible, with 67 bits of analysis you will have a very reliable signature:

  1. initial package size-using field values IHL and Total Length it is possible to know the initial size of the package (16 bits).
  2. Time to Live field value (8 bits).
  3. window field value (16 bits).
  4. maximum segment size ( 16 bits) - in the field TCP Options can contain the information that defines the maximum segment receiving size, this information is sent in the initial communication, if this parameter does not exist any segment size is allowed.
  5. window scaling value (8 bits) - in the field TCP Options can contain information allowing the size increase of incoming packets.
  6. "don't fragment" flag (1 bit) - in the field fragment Offset may contain fragment information or not.
  7. "sackOK" flag ( 1 bit) - in the field TCP Options can contain information about how packets are relayed in case of misses, says whether selective receives are allowed or not.
  8. " nop " flag ( 1 bit) - another option set in the field TCP Options , the TCP header length needs to be multiple of 4. However this will not always happen, when this disparity occurs you need to send some NOPS (1 bit or more) to adjust the header size and depending on where these NOPs are added And if they are at the beginning or end along the options, we can identify patterns of certain OS'S.

If you add all the BITS of these 8 fields you will have 67 bits of information that vary and behave differently, now you can build a Fingerprint and trace the behavior patterns that each operating system has on the network!

 6
Author: ederwander, 2016-11-21 12:29:10

No, what you want is not possible.

The IP number is just and so only that, a number. And in practice, any device can pick up any IP number.

For example, let's assume that in my house I have a DHCP with network address 192.168.55.0 and that my cousin also has a DHCP in the same way in his house.

So, I connect my computer to my network and get IP 192.168.55.1. Then I plug in a tablet, and it gets 192.168.55.2. Then I put a cell phone, and it gets 192.168.55.3.

Already my cousin, turns on the tablet first, which takes the IP 192.168.55.1. Then turn on the Mobile, which takes the 192.168.55.2 and finally a notebook in the 192.168.55.3.

Note that with this, 192.168.55.1 is a computer on my network, but it is a tablet on my cousin's network. The 192.168.55.2 is a tablet on my network, but a mobile on my cousin's. And the 192.168.55.3 is a mobile on my network and a notebook on my press.

Anyway, only using the IP number, you can not get any useful information to determine the device in question. Therefore, you will need something else different to achieve what you want.

 2
Author: Victor Stafusa, 2016-11-21 12:22:56

The closest you are looking for would be to use the MAC address of the machine, but even the MAC is not totally reliable, because you can identify only the manufacturer, and not the model itself.

If you want to take a deeper look at what Mac can do: https://pt.wikipedia.org/wiki/Endere%C3%A7o_MAC

I hope I helped with your research.

 0
Author: Edumachdo, 2016-08-10 13:41:45