Jump to content



Photo
Answered Go to the full post network reporting bluecoat

  • Please log in to reply
4 replies to this topic

#1 MidnightDevil

MidnightDevil

    Resident Evil

  • Joined: 30-June 04
  • Location: Hell!

Posted 05 August 2014 - 12:07

Hi,

 

So, i'm trying to extract a report using BlueCoat reporter, which contains IP's, user agents and requests from the clients to the outer network.

I need to identify the platform (since BC doesn't let me do that) of which user agents belong to windows and which don't (iOS or Android). 

I'm familiar with most of nomenclatures but some leave me confused.

I was about to assume "darwin" on a user agent is Mac or iOS, due kernel being called "darwin" and safari shares this UA, but then I started findind UA like these: microsoft powerpoint cfnetwork darwin. 

 

So.. question, is this power point for MacOSX or power point also uses this user agent doing a network request? 

I might find some more and need help with (after researching), but I ca't find anything about this.

 

Any help would be greatly appreciated. 



Best Answer +BudMan , 05 August 2014 - 13:50

I show this

FNetwork/672.0.2 iOS 7.0 Darwin/14.0.0 18. Sep. 2013
CFNetwork/672.0.2 iOS 7.0.1 Darwin/14.0.0 19. Sep. 2013
CFNetwork/672.0.2 iOS 7.0.2 Darwin/14.0.0 26. Sep. 2013
CFNetwork/672.0.8 iOS 7.0.3 Darwin/14.0.0 22. Oct. 2013
CFNetwork/672.0.8 iOS 7.0.4 Darwin/14.0.0 14. Nov. 2013
CFNetwork/672.0.8 iOS 7.0.5 Darwin/14.0.0 29. Jan. 2014
CFNetwork/672.0.8 iOS 7.0.6 Darwin/14.0.0 21. Feb. 2014
CFNetwork/672.1.9 Darwin/14.0.0
CFNetwork/672.1.10 Darwin/14.0.0
CFNetwork/672.1.11 Darwin/14.0.0
CFNetwork/672.1.12 iOS 7.1-b5 Darwin/14.0.0
CFNetwork/672.1.13 iOS 7.1 Darwin/14.0.0 10. Mar. 2014
CFNetwork/672.1.14 iOS 7.1.1 Darwin/14.0.0 22. Apr. 2014
CFNetwork/672.1.15 iOS 7.1.2 Darwin/14.0.0 30. Jun. 2014

clearly anything with darwin in it wouldn't be a windows machine - if that is your goal ;)

Looks to be only iOS and not os X to me.

I wouldn't expect you point all your machines there - was just suggestion to try and validate your suspicions of specific device/software could point there for verification ;)

You could paste your useragent here and have it spit out details about it for you.
http://www.useragentstring.com/ Go to the full post



#2 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 05 August 2014 - 12:24

If you want to test what useragent something might send, point them here http://www.whatsmyuseragent.com/

This will tell you what the useragent is. Anything that does a request to a website would use a useragent, so sure powerpoint running on os x or ios device would look like that.. Could be going to online help, etc.

#3 OP MidnightDevil

MidnightDevil

    Resident Evil

  • Joined: 30-June 04
  • Location: Hell!

Posted 05 August 2014 - 12:30

If you want to test what useragent something might send, point them here http://www.whatsmyuseragent.com/

This will tell you what the useragent is. Anything that does a request to a website would use a useragent, so sure powerpoint running on os x or ios device would look like that.. Could be going to online help, etc.

 

First of all, thank you for your reply :) 

I know that website and I also use it, but I can't redirect thousands of computers to that website to drop 'em a fingerprint :rolleyes:

Maybe I wasn't clear, I'm extracting a report on bluecoard from thousands of computers in dozens of different networks, I'm trying to graph what's windows and whatnot :) 

That one i'm now sure it's power point for macosx :) the darwin/14.0.0 might be oSX version ( ? )



#4 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 05 August 2014 - 13:50   Best Answer

I show this

FNetwork/672.0.2 iOS 7.0 Darwin/14.0.0 18. Sep. 2013
CFNetwork/672.0.2 iOS 7.0.1 Darwin/14.0.0 19. Sep. 2013
CFNetwork/672.0.2 iOS 7.0.2 Darwin/14.0.0 26. Sep. 2013
CFNetwork/672.0.8 iOS 7.0.3 Darwin/14.0.0 22. Oct. 2013
CFNetwork/672.0.8 iOS 7.0.4 Darwin/14.0.0 14. Nov. 2013
CFNetwork/672.0.8 iOS 7.0.5 Darwin/14.0.0 29. Jan. 2014
CFNetwork/672.0.8 iOS 7.0.6 Darwin/14.0.0 21. Feb. 2014
CFNetwork/672.1.9 Darwin/14.0.0
CFNetwork/672.1.10 Darwin/14.0.0
CFNetwork/672.1.11 Darwin/14.0.0
CFNetwork/672.1.12 iOS 7.1-b5 Darwin/14.0.0
CFNetwork/672.1.13 iOS 7.1 Darwin/14.0.0 10. Mar. 2014
CFNetwork/672.1.14 iOS 7.1.1 Darwin/14.0.0 22. Apr. 2014
CFNetwork/672.1.15 iOS 7.1.2 Darwin/14.0.0 30. Jun. 2014

clearly anything with darwin in it wouldn't be a windows machine - if that is your goal ;)

Looks to be only iOS and not os X to me.

I wouldn't expect you point all your machines there - was just suggestion to try and validate your suspicions of specific device/software could point there for verification ;)

You could paste your useragent here and have it spit out details about it for you.
http://www.useragentstring.com/

#5 OP MidnightDevil

MidnightDevil

    Resident Evil

  • Joined: 30-June 04
  • Location: Hell!

Posted 05 August 2014 - 14:10

Thanks! It's helping in some of my uncommon UA's :) 

There's a few specially java apps or sdk's and some UA's like "_" which I have to leave it as N/A, but i was able to identify above 95% :)

 

Thanks a lot for your help! :)