Articles Written by Eric Kollmann. Email with feedback  Provided as-is.  

DHCP OS FingerPrinting Paper 1.0

(September, 2007) - Another paper in the 'Chatter on the Wire' series. I hope to do more of these as time permits, and with less time between them. This one looks at what was started in the original paper about using DHCP packets to identify the OS passively. We go beyond the original though and have quite a few OS's fingerprints in the paper along with using some new options beyond options 55, 60 and all the options as a whole.

DHCPv6 OS FingerPrinting Paper 0.1 - subject to be updated without version being updated!

(November, 2010) - Another paper in the 'Chatter on the Wire' series. This paper looks at what has changed from DHCPv4 and how to passive fingeprrint via DHCPv6

Our presentation for Blackhat Japan 2007 slide deck

(October, 2007) - Slide deck on our presentation for BH Japan. Info presented goes along with the data collected in the DHCP OS Fingerprinting paper above.

OS FingerPrinting Paper 1.0

(August, 2005) - Paper I'm working on, based on what I've seen with DataDipper/Satori and other programs I've written over the years. Feedback and other info would be greatly appreciated. This also is in its infancy, want to turn it into much more than it is now, but figured I'd throw it out for feedback also. Paper looks at a wide range of Active and Passive approaches of OS identification of devices on the network.