How can a network differentiate between notebook and smartphone?

[MrLassard]

Hi guys,
I'm trying to connect my windows notebook to a wifi network. The network itself is not password secured, but once connected to it, it leads you to a page where you have to log in with an ID and password (which I both have). This works fine on my phone, however when trying to do so with my notebook it says "This is not a smart device". 
Now I am wondering how the network recognizes whether a mobile device or some other computer is trying to connect to it.

Thanks in advance
Chris

[Granular]

https://en.wikipedia.org/wiki/MAC_address

[Granular]

Or possibly the browser user agent string.

[Blake]

10 minutes ago, MrLassard said:

Hi guys,
I'm trying to connect my windows notebook to a wifi network. The network itself is not password secured, but once connected to it, it leads you to a page where you have to log in with an ID and password (which I both have). This works fine on my phone, however when trying to do so with my notebook it says "This is not a smart device". 
Now I am wondering how the network recognizes whether a mobile device or some other computer is trying to connect to it.

Thanks in advance
Chris

sounds like the 'network' isn't doing any detection, as the network can really only make guesses based on MAC and IP address, and the later is a logical address so you can't get any information out of that. I'd say best guess is Layer 5+ is doing the work here.

[Blake]

4 minutes ago, Granular said:

https://en.wikipedia.org/wiki/MAC_address

Yeah, but apple then if you had a wireless card made by braodcom you'd be fine? it wont be mac address.

 

Apple wouldn't work as they only make ipad/ipad wireless, they use intel for imacs etc...

[brwainer]

There are a few possible ways.

 

The first is the browser identification string, which your browser sends with every HTTP request. Not only does this include the name and version of the browser, but it also includes some indication of what OS the device is running.

 

The second method is based on the MAC address of your device, although this is not very reliable and only available to a server that is on the same LAN as your device. The first 6 octets of a MAC address uniquely identify a manufacturer - MAC addresses are assigned in blocks to the manufacturers. Looking up the manufacturer of a MAC is trivial. An organization might create a white list of MAC address blocks that they believe to only be smartphones. Again, this is not very reliable, since new MAC blocks are assigned all the time. A more practical use for this method I have seen is for identifying the Smart TVs, thermostats, etc that a large apartment complex may have installed in their apartments, since they will typically be buying hundreds of them at the same time, and thus they are likely to all be in the same MAC block, while at the same time it is unlikely that a resident will get a device in that block.

 

The third way of identifying what type of device it is, is to look at what websites the device tries to reach by default. Every OS has its own list of hard-coded websites that it tries to reach, Windows devices try to reach a few different Microsoft sites, Apple devices do the same for apple websites, etc. This is how the OS determines if it is online or not, and it is also this request that a login system, like at a coffee shop or hotel, will redirect to their login page. Smart devices will do teh same things, with some sort of manufacturer-run website. We have an issue with Belkin routers that do this check to a specific website, but how these routers handle the situation if they can't reach that website is that they tell the user they are not online, and prevent all attempts at reaching outside websites. This means that the router prevents the user from reaching the login page of the network, because it isn't online. I'm not saying that this is happening to you, just giving an example of how this method is used and the type of unexpected problem it can cause.

[manikyath]

there's two things they can do to detect this:

- the browser you use tells the server what it is, so the server can send back the applicable version of the website, in case they have for example a mobile version of the website

- mostly, apple devices, android devices, and the vareous laptops, have different "pools" of mac addresses, based on how they are allocated to manufacturers.

[Granular]

1 minute ago, Blake said:

Yeah, but apple then if you had a wireless card made by braodcom you'd be fine? it wont be mac address.

Har har!

[brwainer]

1 minute ago, Blake said:

Yeah, but apple then if you had a wireless card made by braodcom you'd be fine? it wont be mac address.

MAC in this case does not mean apple. "media access control address", which is literally the first thing on the wikipedia page. All ethernet, wifi, bluetooth, and some other protocol devices have a MAC address. It is not related to Apple.

[Blake]

2 minutes ago, brwainer said:

MAC in this case does not mean apple. "media access control address", which is literally the first thing on the wikipedia page. All ethernet, wifi, bluetooth, and some other protocol devices have a MAC address. It is not related to Apple.

Whe did I say it did? I said Apple only makes wireless nic's used in their iphone and ipads. the imac/macbooks all use intel nics.

 

edit: Okay, i'll give you the benifit of the doubt, i didn't realise that i said apple in the middle of that sentence.... 6 coffees in, 12 mins till end of the work day.... and im still tired.

[brwainer]

5 minutes ago, Blake said:

Whe did I say it did? I said Apple only makes wireless nic's used in their iphone and ipads. the imac/macbooks all use intel nics.

but the intel NICs still have a MAC address. You were saying that if it had a Broadcom NIC it wouldn't be a MAC address.... if you were being sarcastic, then your sarcasm was lost in my interpretation of "stupidity/unlearned-ness". I have had way too many people who call our call center say "I don't have an Apple computer, so why are you asking for a MAC address?" Even some new hires have to be taught that MAC does not mean Apple.

 

EDIT: You edited your post after I quoted it, and added " Apple wouldn't work as they only make ipad/ipad wireless, they use intel for imacs etc... " - I understand now that you didn't mean "broadcom wouldn't be a MAC address" but rather "broadcom NICs wouldn't show up as an Apple MAC". Here you are partially right. When a manufacturer puts in a NIC made by someone else, they have the option to either buy the NIC with teh MAC addresses pre-inserted, in which case it will show the NIC manufacturer, or they can buy them and insert their own MAC addresses, in which case it will show their name. An example I can give is that early Chromecasts showed the NIC manufacturer, I forget which company it was but it was Chinese and they only made wifi chips for the most part, whereas later Chromecasts showed the OEM factory that Google had made the Chromecasts in.

 

This is exactly the type of issue I meant in my post 

when I said it was not very reliable to detect devices in this manner.

[MrLassard]

Wow, that are many quick replies.^^
I also thought about MAC adress, but that is very unlikely due to the reasons you named. Do you know whether there is a way do change the browser identification string? 

[Blake]

8 minutes ago, brwainer said:

but the intel NICs still have a MAC address. You were saying that if it had a Broadcom NIC it wouldn't be a MAC address.... if you were being sarcastic, then your sarcasm was lost in my interpretation of "stupidity/unlearned-ness". I have had way too many people who call our call center say "I don't have an Apple computer, so why are you asking for a MAC address?" Even some new hires have to be taught that MAC does not mean Apple.

No, I was saying that if your NIC is a braodcom, the mac address would identify your nic's manufacturer as broadcom, not as an apple, or an intel, etc etc...

 

And therefore also not be able to distinguish between a smatphone or a laptop.

 

EDIT: Just go read this post just above the other one. you see the exact point where I called it a day was between that one and this one...

16 minutes ago, Blake said:

sounds like the 'network' isn't doing any detection, as the network can really only make guesses based on MAC and IP address, and the later is a logical address so you can't get any information out of that. I'd say best guess is Layer 5+ is doing the work here.

 

[brwainer]

1 minute ago, Blake said:

No, I was saying that if your NIC is a braodcom, the mac address would identify your nic's manufacturer as broadcom, not as an apple, or an intel, etc etc...

 

 

 

yeah, sorry. I have just edited my prior post to address that. The problem is that you added a second line to your post, but didn't make it clear it had been edited, and I had read and quoted you before you added that second line

[brwainer]

3 minutes ago, MrLassard said:

Wow, that are many quick replies.^^
I also thought about MAC adress, but that is very unlikely due to the reasons you named. Do you know whether there is a way do change the browser identification string? 

depends on the browser, I recommend looking it up in google. Something like "Chrome change user agent string". The reason why I will not help you any further than that, is that this is definitely a violation of the network's AUP, and because you are circumventing a security system, is legally considered hacking in the US.

[Droidbot]

13 minutes ago, Blake said:

Whe did I say it did? I said Apple only makes wireless nic's used in their iphone and ipads. the imac/macbooks all use intel nics.

 

edit: Okay, i'll give you the benifit of the doubt, i didn't realise that i said apple in the middle of that sentence.... 6 coffees in, 12 mins till end of the work day.... and im still tired.

What? The Mac lineup uses Broadcom wireless hardware and some Atheros wireless hardware (board soldered) as well as IIRC Realtek wired NICs. 

 

Probably uses user-agents - for example:

Chrome on Mac has - Mozilla/5.0 (Macintosh; <OSX/MacOS Version>) AppleWebKit/<WebKit Rev> (KHTML, like Gecko) Chrome/<Chrome Rev> Safari/<WebKit Rev>

Chrome on Android has - Mozilla/5.0 (Linux; <Android Version>; <Build Tag etc.>) AppleWebKit/<WebKit Rev>(KHTML, like Gecko) Chrome/<Chrome Rev> Mobile Safari/<WebKit Rev>

 

It could also use JavaScript feature detection, something that has become pretty commonplace in newer applications.

[MrLassard]

7 minutes ago, brwainer said:

depends on the browser, I recommend looking it up in google. Something like "Chrome change user agent string". The reason why I will not help you any further than that, is that this is definitely a violation of the network's AUP, and because you are circumventing a security system, is legally considered hacking in the US.

Thanks a lot!
Fortunately I'm not from the US.^^ And you're right, I could have figured that myself.

[Blake]

15 hours ago, Droidbot said:

What? The Mac lineup uses Broadcom wireless hardware and some Atheros wireless hardware (board soldered) as well as IIRC Realtek wired NICs. 

And how does that answer change the underlying answer I gave? Go look up the MAC address of you mac, then an iphone... (https://macvendors.com/) note that the laptop will report the broadcom address (or whatever non-Apple issued mac address) where as your phone will have a mac address that is issued to Apple. This entire point was that you cannot trust the mac address to predict the device. Assuming it hasn't been spoofed the only thing you can get out of it is the layer 2 network address and the hardware manufacturer or the NIC.

[Droidbot]

4 minutes ago, Blake said:

And how does that answer change the underlying answer I gave? Go look up the MAC address of you mac, then an iphone... (https://macvendors.com/) note that the laptop will report the broadcom address (or whatever non-Apple issued mac address) where as your phone will have a mac address that is issued to Apple. This entire point was that you cannot trust the mac address to predict the device. Assuming it hasn't been spoofed the only thing you can get out of it is the layer 2 network address and the hardware manufacturer or the NIC.

you can't use MACs to predict the device, yes. newer devices use javascript feature detection on their login pages, which reveals even processor name and hardware stats - good for predicting device types. my school used mac filtering to keep external devices out, which was super easy to bypass back then. fair point. I was just correcting you on apple's underlying hardware choices. 

 

my mac isn't an actual mac but it has BC hardware so it doesn't matter anyway

[AJJaxNet]

I'll just drop this here : http://lets-start-to-learn.blogspot.ca/2015/02/dhcp-fingerprinting.html?m=1

 

DHCP fingerprints is common to identify end device in captive portal solutions. It's sometime used in conjonction with MAC lookups.

[leadeater]

2 hours ago, CatBoiler said:

I'll just drop this here : http://lets-start-to-learn.blogspot.ca/2015/02/dhcp-fingerprinting.html?m=1

 

DHCP fingerprints is common to identify end device in captive portal solutions. It's sometime used in conjonction with MAC lookups.

Nice to see Aruba being used as an example, really like their equipment. Their device detection works great and doesn't require a captive portal to do it, allows for flexible rule creation particularly useful for wireless devices that aren't phones/tables e.g. wireless printers or measurement devices like thermostats.

[AJJaxNet]

22 minutes ago, leadeater said:

Nice to see Aruba being used as an example, really like their equipment. Their device detection works great and doesn't require a captive portal to do it, allows for flexible rule creation particularly useful for wireless devices that aren't phones/tables e.g. wireless printers or measurement devices like thermostats.

 

I've just installed a multi-building ~100 AP Aruba system with Airwave and just had a lot of weird issues. I'm not that fan of them. 

[leadeater]

16 minutes ago, CatBoiler said:

I've just installed a multi-building ~100 AP Aruba system with Airwave and just had a lot of weird issues. I'm not that fan of them. 

Most of the issues I've had have been client related, problem is you have to do a bunch to tweaks to the radio profiles to fix them. Worst offenders are apple devices, mostly MacBooks. Haven't done any wireless installs since changing jobs though, there has been a number of changes I know of with Aruba since then.

 

New work place we are using Aruba ClearPass for wired and wireless to apply all sorts of things like switch port configuration (VLANs + ACLs etc) and integrate with the firewalls for single sign-on.

[AJJaxNet]

1 minute ago, leadeater said:

Most of the issues I've had have been client related, problem is you have to do a bunch to tweaks to the radio profiles to fix them. Worst offenders are apple devices, mostly MacBooks. Haven't done any wireless installs since changing jobs though, there has been a number of changes I know of with Aruba since then.

 

New work place we are using Aruba ClearPass for wired and wireless to apply all sorts of things like switch port configuration (VLANs + ACLs etc) and integrate with the firewalls for single sign-on.

 

 

Same here, but we switch from a Cisco Aironet 37xx series to the Aruba 330 series because somebody in the upper management though it was the best thing, but we had issues with Airwave not working with the zones correctly, multiple VC elected on the same network (and the "solution" is to reboot them until they see each other), no easy MAC whitelisting / blacklisting, WIP not doing much when we were classifying a Rogue AP as contained.... We paid a shit ton of money for expert consultation and they were not even sure what to do with each problem we had. I'm sure it's not a bad product, but compared to the other high-end system we had, I feel like it was almost a downgrade and just more management for nothing. One of the things I really liked tho was the VisualRF, that helps a bunch for visualization of clients and monitoring. Pretty nice add-on.

Also, the thing that made me sad was that with the cisco Controller, we had the tunneling built-in with no extra config. We could tell the APs to flex-connect (use VLAN on the trunk) or tunnel the traffic to the controller. This was making our job way easier since we could add a new VLAN on the fly without having to allow it to EACH FREAKIN TRUNK PORT %$"//?!"?!. I know that we can do this with the Aruba, but it's less intuitive.

[leadeater]

16 minutes ago, CatBoiler said:

-snip-

It's a bad product if it can't be made to work and the support is rubbish, no matter how fancy and awesome the technology is behind it. I get the feeling it's gone down hill since the HP takeover.

 

We're about to replace all our HP wireless with Huawei, not sure how many access points but it'll be well in to the thousands. If you remember ask me in about 6 months and I'll tell you how that went, I'm rather skeptical.