1. Field of the Invention
This invention relates to the field of computer networks, and more particularly, to a system and method for determining the model information of devices based on their MAC addresses or other network device identifiers.
2. Description of the Related Art
A wide variety of client devices connect to enterprise networks to access or provide computing services. Examples of client devices that may join a network include desktop computers, laptops, tablet computers, smartphones, printers, routers, gaming devices, media players, televisions, home appliances, etc. The administrators of an enterprise network may need to set up security policies to ensure that devices joining the network do not pose a security risk. For example, the devices may need to be authorized, compliant with security policies, appropriately managed and patched, etc.
To manage risk, companies utilize a variety of compliance, vulnerability detection, and systems management products. It is often useful in this process to determine the specific models of devices that attempt to connect to the network. For example, the administrators may want to allow specific device models to join the network and/or prevent other device models from joining the network.
In addition to security reasons, it may be also be useful to know the specific models of the devices on a network for other reasons. For example, an administrator of an enterprise network may want to see a list of the specific device models or products present on the network in order to assess whether any of the devices need to be upgraded to newer models. As another example, a home user may want to see a list of all the devices connected to his home network, and it may be useful to provide the user with this information by listing the model name of each device.
Conventional techniques of learning the model of a device typically operate in two ways. First, a software agent can be installed on a device and can execute on the device to analyze it and determine its model information. Second, a remote computer on the network can scan a client device by sending various types of network messages to the device and analyzing the device's responses to the messages. Both of these approaches have drawbacks. In the first approach, the enterprise network may not have sufficient privileges to install an agent on a new device that attempts to join the network, or the device may not have the capability to execute the agent. For example, if a malicious user attempts to join the network, he may configure his device to reject attempts to install an agent that can learn about the device. Similarly, a device can also be configured to ignore scan traffic sent to it over the network, so that it will not return information that can be used to determine the model of the device. In short, existing approaches to gathering model information from an unknown device on a network typically involve some form of interaction, either through the execution of software agents or through network scans, and the dependence upon the unknown device to behave properly in these interactions introduces the potential for problems.
MAC addresses are used as network device identifiers for Ethernet networks and other network technologies. A MAC address is a unique identifier assigned to network interface device for communications on the physical network segment. MAC addresses are allocated in blocks to different device manufacturers. Thus, when a given manufacturer produces a new network interface device, the network interface device may be assigned one of the MAC addresses allocated to the manufacturer. For example, the MAC address may be stored in the network interface device's hardware, such as its read-only memory or some other firmware mechanism.
MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64. The standard (IEEE 802) format for printing MAC-48 addresses in human-friendly form is six groups of two hexadecimal digits, separated by hyphens (-) or colons (:), in transmission order (e.g., 01-23-45-67-89-AB or 01:23:45:67:89:AB). The first three octets (in transmission order) identify the manufacturer that issued the MAC address and are known as the Organizationally Unique Identifier (OUI). Thus, in most cases, it is possible to determine the manufacturer of a network interface device from its MAC address.
However, just knowing the manufacturer of a network interface device is usually not enough information to determine the model information. Manufacturers often produce many different product families and device models. Furthermore, the network interface device which the MAC address identifies could be manufactured by one organization, and the network interface device could be included as a component in a computer or other product produced by another organization. Thus, knowing the manufacturer of a network interface device may not necessarily be enough information to know the manufacturer of the computer or other product that uses the network interface device. In situations such as described above, it is typically more important to know the model of the computer or other product that uses the network interface device than it is to know the manufacturer of the network interface device.