drwxr-xr-x 15 4.0K Jan 24  2016 ..
-rw-r--r--  1 127K Jul 13  2013 dhcpf-0.7c.tar.gz
-rw-r--r--  1 3.0K Jan 28  2013 dhcpf.prints
-rwxr-xr-x  1 1.4K Jul 29  2013 pcap_parser.sh

*** SIGNATURES NEEDED ***
This tool is somewhat useless without rich and reliable signature database.
I would be very grateful for any kind of help in the database development.
*** SIGNATURES NEEDED ***

It is possible to recognize operating system on the basis of unique combination
of DHCP options in host requests.

A snippet of typical dhcpf output:


elceef@cerebellum:~/dhcpf% sudo ./dhcpf eth1
=== dhcpf 0.7c: passive DHCP fingerprinting ===

Successfully loaded 29 DHCP-prints.

Discover from Motorola_03:e3:1d (40:fc:89:03:e3:1d)
  system	= Android 2.2 (Motorola)

Request from Motorola_03:e3:1d (40:fc:89:03:e3:1d)
  system	= Android 2.2 (Motorola)
  req_ipaddr	= 10.1.1.223

Request from UnknownOUI_58:ab:d5 (d8:31:cf:58:ab:d5)
  system	= Android 2.3 (Samsung)
  req_ipaddr	= 10.1.1.209

Request from FujitsuS_d2:38:de (00:30:05:d2:38:de)
  system	= Windows XP/Vista/7 (generic)
  hostname	= DRI-Stacja
  req_ipaddr	= 10.1.1.115

Discover from CiscoLin_db:d5:36 (00:0e:08:db:d5:36)
  system	= Linksys SipuraSPA
  hostname	= SipuraSPA
  req_ipaddr	= 10.2.2.4
  option82	= remote_id 70:72:cf:59:0d:35 circuit_id vlan 504 unit 1 port 1

Request from CiscoLin_db:d5:36 (00:0e:08:db:d5:36)
  system	= Linksys SipuraSPA
  hostname	= SipuraSPA
  req_ipaddr	= 10.2.2.4
  option82	= remote_id 70:72:cf:59:0d:35 circuit_id vlan 504 unit 1 port 1