OS Classification Updates?

  • 2
  • Question
  • Updated 9 months ago
I've found that recent new mobile devices entering the market are not being mapped properly with OS classification. S8's, Pixel's, etc. Saw someone post about IOS9 in the past. 

Does Aerohive maintain this in HMOL at all, or are we needing to keep up to date on this ourselves? Hadn't been paying attention until I saw a bunch of mobile devices on the network using accounts normally dropped into a dead VLAN. 

Thankful that Fingerbank is up to date!
Photo of Jeremy Stewart

Jeremy Stewart

  • 47 Posts
  • 0 Reply Likes

Posted 11 months ago

  • 2
Photo of Kevin Gee

Kevin Gee

  • 54 Posts
  • 4 Reply Likes
Thanks for the fingerbank.org tip Jeremy, I'd never seen that before :-)
Photo of Fabien Gaille

Fabien Gaille

  • 53 Posts
  • 3 Reply Likes
Hi Jeremy,

First of all, it's the second time I write down this reply, it failed to send it yesterday =( So I hope I don't forget anything...

Did you finally build your own OS Objects ?

Following Fingerbank (Thanks a lot for that), I created new objects :

Android : 1,3,6,15,26,28,51,58,59,43
iOS : 1,121,3,6,15,119,252

That works quite well actually. But I have issues with Windows Phone, some of them (It probably depends on the OS version) are detected as "Windows Mobile 8". I'm unable to find this entry line on any OS Objects... 

I have seen that Fingerbank detected two DHCP 55 footprint for Windows Phone :

1,15,3,6,44,46,47,31,33,121,249,252,43
1,3,6,15,44,46,47

Some devices are now detected as Windows Phone correctly. Some other as Windows Mobile 8. My Windows 10 desktop are detected as Windows Mobile 8 as well...

I created a "Windows Phone Http OS" as following :

HTTP User Agent ID : Windows Phone 10.0, Windows Phone 8.0, Windows Phone 8.1 but I don't think it works...

Do you have any idea how could I differentiate Windows Phone 10 and Windows "desktop" 10 ? Actually, I need to change client classification if it's not a Windows computer within the domain (We can't change our NPS settings to check computer account instead of user account).

Or maybe someone from AeroHive would finally reply to your qustion ?

Thanks a lot,
Fabien
Photo of Jeremy Stewart

Jeremy Stewart

  • 47 Posts
  • 0 Reply Likes
Hi Fabien,

I can't test with Windows Phones, they are not sold in Canada any longer. I'm wondering if the detection issue is because MS is using the same kernel in both desktop and mobile OS's. I've seen someone mention that the same is happening for iOS and Mac. 

For the HTTP User Agent ID, are you trying the whole string for each device? 
Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; IEMobile/10.0; ARM; Touch; NOKIA; Lumia 1320)

You can also get the MAC vendor from Fingerbank and use that to create a MAC OUI filter:
MAC Vendor Nokia Corporation (dcc793) ... where dcc793 is the first 6 characters of the device MAC.

I haven't had to filter outside of DHCP strings, so your mileage may vary... but please post and update!

Cheers,
Jeremy
Photo of Fabien Gaille

Fabien Gaille

  • 53 Posts
  • 3 Reply Likes
Hi Jeremy,

Thanks a lot for your quick reply.

Actually, I followed https://community.aerohive.com/aerohive/topics/clientos-problems-and-confusion-over-process and more especially this part :

"So what you could do is create a new OS Object, let's call it "Windows 10", and then add in the DHCP option and User Agent entries for Windows 10.  The DHCP Option 55 for Windows 10 is 1,3,6,15,31,33,43,44,46,47,121,249,252.  The HTTP User Agent ID Field for Windows 10 is "Windows NT 10.0".  You could do this for any missing OS.  Extra info, the HTTP User Agent ID Field for Windows 10 Phone is "Windows Phone 10.0", so you can make that too."

So no, I'm not using the whole string for HTTP Agent ID, only "Windows Phone 10.0" or others. I'm not sure to understand this part. For a DHCP Option55 it's really clear and look to be really nice and easy to use. But for the HTTP Agent ID, I didn't understand at which moment a device would send this piece of information. During browsing Internet ? Wouldn't be too late in case of "Client Classification Policy" ?

I see "Mozilla/5.0" on your example, does it mean it depends on the browser we use ?

I tried https://fingerbank.inverse.ca/?search=%5B%7B%22column%22%3A%22devices.name%22%2C%22value%22%3A%22Win... but as you can see, it's quite blank for DHCP fingerprint and quite different for User Agent !

I checked MAC address as well and yeah... It's shitty :P I got several constructor... Like Microsoft Corporation (485073), Microsoft Mobile Oy (38F23E, B4E1C4, 6C8FB5), Nokia Corporation (C83D97)... So it may work until someone connects with a fresh new MAC from any constructor...

DHCP55 looks perfect for almost all OS but we can't identify a Windows 10 mobile/desktop using this settings, or at least, I don't think so.

If you have ideas or recommandations it would be great :)

Cheers,
Fabien
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
A couple CLI commands will be useful for you, if you SSH or console into an AP:
To look at the version of the DHCP signature file:
show os-detect dhcp-fingerprint-version

If your AP is managed by HiveManager NG, you should have v0.1. 
If your AP is managed by HiveManager Classic, I think you should have v1.5.

If you want to see the built in (and custom added) signatures:
show os-detect option55-to-os-database
The custom ones are at the top in the user-defined section, and the default, built-in ones are below.

I do not see an OS Type called "Windows Mobile 8" in either v0.1 or v1.5, so that tells me you are probably using HiveManager Classic, and you (or another admin) probably created that name a long time ago in HiveManager. HiveManager Classic has a GUI-side feature that will let you give a name to an unknown OS, but it does not create the related OS objects. Basically, the AP still doesn't know the OS, but HM says, "Hey, i know that one."

In some cases, we can narrow down what the actual DHCP signatures are that are being used by the devices (not the OS Type name, but the actual signature numbers), you can create a custom OS Object and populate it with the OS Types/signatures you want, then make a  rule based on the new OS Object. User defined objects take precedence over default ones in this case.

But given that you have some phones that being detected as "Windows Mobile 8" as is your desktop, I'm guessing they are using the same DHCP signature, so you won't be able to separate them policy-wise.
Photo of Fabien Gaille

Fabien Gaille

  • 53 Posts
  • 3 Reply Likes
Thank you very much Andrew for your reply !

Actually, "Windows Mobile 8" is on the "Default configured file database" section. My Dhcp-Fingerprint-Version is 2.1 (Classic 8.0r1)

"Windows Mobile 8"
    "1,15,3,6,44,46,47,31,33,121,249,252,43"
    "1,3,6,15,31,33,43,44,46,47,121,249,252"

You're right for the option55, Windows 10 mobile or desktop share the same fingerprint... What for a shame =(

It's the reason why I would like to look into "HTTP User-Agent" instead of option55 to differentiate them but my tries are currently not really... Working.

If you have any idea how to handle that... Or if I find out any solution, I'll post it here.

Cheers,
Fabien
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Hi guys,

Right now, we are aware that we are missing the DHCP signature for Android Nougat, which would include the Pixel, S8, and other newer Android devices. We will fix it at some point.

In the mean time, as Fabien suggested above, you can use HiveManager to add an OS Object with the OS Type that includes the DHCP signature for Nougat, 1,3,6,15,26,28,51,58,59,43.

i actually prefer to do it a different way, however. Using Supplemental CLI, I add the following two lines of CLI text to a network policy or AP.

os-version Android-Nougat option55 1,3,6,15,26,28,51,58,59,43

os-object Android os-version "Android-Nougat"

The advantage of using this method is that you do not have to create a new policy assignment/client classification rule as you would when using the first method. The first line of code creates the os type which includes the DHCP signature, and the second line adds the new OS Type to the OS object. The OS Object is the thing you are using to create the assignment/classification rule.

 
Photo of Lionel

Lionel

  • 10 Posts
  • 2 Reply Likes
hello,

is there a manner to udtade the dhcp-fingerprint-version?
because my AP230 dhcp-fingerprint-version = 0.7 althoug my HiveOS is v 8.0r1 build-161337 
BR