Passive Taxonomy of Wifi Clients using MLME Frame Contents
Venue
Google, Inc, Google, Inc. (2016) (to appear)
Publication Year
2016
Authors
Denton Gentry, Avery Pennarun
BibTeX
Abstract
In supporting Wifi networks it is useful to identify the type of client device
connecting to an AP. Knowing the type of client can guide troubleshooting steps,
allow searches for known issues, or allow specific workarounds to be implemented in
the AP. For support purposes a passive method which analyzes normal traffic is
preferable to active methods, which often send obscure combinations of packet
options which might trigger client bugs. We have developed a method of passive
client identification which observes the contents of Wifi management frames
including Probes and Association requests. We show that the management frames
populated by modern Wifi chipsets and device drivers are quite distinguishable,
making it possible in many cases to identify the model of the device. Supplementing
information from the Wifi management frames with additional information from DHCP
further extends the set of clients which can be distinguished.
