1
How to know what type of device is using an IP?
I wonder if there is any way to validate whether an IP belongs to a computer, a mobile device, etc.
This is to differentiate device types from IP.
I’m interested in doing this in Java.
Thank you for your attention.
6
Come on boy, most said it’s not possible, but in reality it’s yes!
I don’t know if you’re going to use this for good or if you want to go hacking around, what you’re going to do with this kind of information is up to your conscience and everyone who’s going to read it!
Thanks to peculiarities in the implementation of the TCP/IP stack of different suppliers it is possible to analyze and identify different operating systems/devices.
To understand how this works it is important that you know the structure of an IP package:
Look at how much information a TCP package loads, I’m not going to handle each parameter that’s a bit extensive, what’s important for you to know is that some of this information changes from OS to OS and you can analyze it using traffic analysis techniques.
This can be done passively or actively:
One very rudimentary way is to analyze the Time to Live (TTL) and Window fields!
TTL - Maximum time packets can take before they are destroyed (can be seen in the figure of the IP package structure in the red part).
window - Size of the receiving window (can be seen in the figure of the IP package structure in the yellow part).
See how certain patterns for these two fields can tell you differentiated operating systems just by analyzing the return of packages:
Linux (kernel 2.4 and 2.6)
Google Linux
Freebsd
Windows XP
Windows Vista and 7 (Windows Server 2008)
iOS 12.4 or Cisco Routers
Okay, now you have an idea of how this is possible, imagine now instead of just analyzing two fields, analyzing a larger set, defining and observing the patterns and thus achieving greater consistency and correctness. Well, this is possible, with 67 bits of analysis you will possess a very reliable signature:
If you sum all the BITS of these 8 fields will have 67 bits of information that vary and behave differently, now you can build a Fingerprint (fingerprint) and trace the behavior patterns that each operating system has on the network!
But TTL cannot be changed?
@diegofm virtually any value can be modified, you must do this within the OS and change the defaults, in windows it is possible to change via registry and in linux via sysctl, but generating a 67 bit fingerprint will not matter if 1 or 2 parameters are not "defaults" all the other remaining fields will still give you enough information, so I said just taking the hints from TTL and Window is rudimentary, remember fingerprints should be able to recognize standard data even if certain deviations occur or whether one data or another may be different or missing...
In this you assume that the device performs TCP connections and performs them as the operating system does by default, which may or may not be a reasonable assumption.
2
No, what you want is not possible.
The IP number is just and only that, a number. And in practice, any device can take any IP number.
For example, let’s assume that in my home I have a DHCP with network address 192.168.55.0 and that my cousin also has a DHCP the same way in his home.
Then, I connect my computer to my network and get the IP 192.168.55.1. Then connect a tablet, and it gets the 192.168.55.2. Then I put in a cell phone, and it gets 192,168.55.3.
My cousin, turn on the tablet first, which takes the IP 192.168.55.1. Then turn on the mobile phone, which picks up 192.168.55.2 and finally a notebook in 192.168.55.3.
Note that with this, the 192.168.55.1 is a computer on my network, but it is a tablet on my cousin’s network. 192.168.55.2 is a tablet on my network, but a cell phone on my cousin’s. 192.168.55.3 is a cell phone on my network and a notebook on my cousin’s.
Anyway, only using the IP number, you can’t get any useful information to determine the device that it is. Therefore, you will need something different to be able to do what you want.
Do you know any other way of knowing that information on the network
@Danielcostadc If your device has a browser, when it accesses a URL you have control of, while parsing the header "user-agent", you can try to deduce this information (it’s not guaranteed, but it might work). Obviously, this assumes that no one is manipulating this header to circumvent some restriction or perform some malicious activity (which is possible but unusual). Another possibility is you install specific software on each device to give you this information, but it assumes that you can do this and that no one will try to circumvent.
@Victorstafusa yes is possible :-)
0
The nearest of what you are looking for would be to use the MAC Address of the machine, however even the MAC is not totally reliable, because you can identify only the manufacturer, and not the model itself.
If you want to dig deeper into what your Mac can do: https://en.wikipedia.org/wiki/MAC_address
I hope I helped with your research.
Browser other questions tagged java socket networks ip host
You are not signed in. Login or sign up in order to post.
You have two good answers, one speaking of the IP number (that of Victor) and the other speaking of the protocol known as IP (that of ederwander), whose interpretation is independent of the number itself. To which of the two things the question refers, the number or the protocol?
– Bacco
Actually the question was open to interpretation as @Bacco said, when I read the question I just interpreted that any IP traffic can be analyzed and classified, imagine that I go to your home connect on your Wifi network and do not know any of the other ips of your network, I can use a scan to discover which ips are alive and apply fingerprint to them sending packets and analyzing returns, but now I’ve really been in doubt if that’s what you’d like to know huauahu
– ederwander
@ederwander as the question is ambiguous, I consider that at the time of the answers both you and Victor answered correctly. I only commented, because although the two have information that seems conflicting, in fact they are complementary, because the aspects addressed are different, then I thought to make it clear :)
– Bacco