05-10-2016 07:05 PM
05-18-2016 01:34 PM
Remember that DHCP Fingerprinting is done by looking at the sequence of how DHCP options are asked for by the end device OS. In some cases, Fingerprints can be similar between different types of devices which is why some categories are broader than others. But realize that this doesn't have anything to do with SNMP, NMAP or anything to that extent with how its categorizing the OS type. So nothing is actually collected from the end device.
Also developing your own is as simple as doing a packet capture on your Infoblox and opening that capture with Wireshark or similar PCAP tool to examine the sequence of DHCP options. From there you can create a new fingerprint if your device(s) are not being recognized during the DHCP request. One can even add in a Vendor Class ID as well to help distinguish between device types.