In supporting Wifi networks it is useful to identify the type of client device connecting to an AP. Knowing the type of client can guide troubleshooting steps, allow searches for known issues, or allow specific workarounds to be implemented in the AP. For support purposes a passive method which analyzes normal traffic is preferable to active methods, which often send obscure combinations of packet options which might trigger client bugs.
We have developed a method of passive client identification which observes the contents of Wifi management frames including Probes and Association requests. We show that the management frames populated by modern Wifi chipsets and device drivers are quite distinguishable, making it possible in many cases to identify the model of the device. Supplementing information from the Wifi management frames with additional information from DHCP further extends the set of clients which can be distinguished.