Device Profiler

[Type]: Network Security & Automation
[Language]: Python
[Focus]: Device Profiling & IoT Security

Overview

An automated network device profiling system that transforms how enterprise networks handle unknown devices. Device Profiler detects devices on quarantine VLANs, fingerprints them using multiple methods, intelligently classifies them with a weighted scoring system, and automatically provisions network access through RADIUS integration.

This project solves the critical challenge of IoT and headless device onboarding in enterprise networks, where traditional NAC solutions struggle with devices that can't authenticate interactively. By combining multiple detection methods with intelligent fingerprinting, Device Profiler provides automated, secure device provisioning at scale.

The system features a modern React-based dashboard for real-time monitoring and management, while the backend handles DHCP monitoring, ARP tracking, DNS analysis, and active network scanning to build comprehensive device profiles with confidence scoring.

Key Features

Multi-Method Detection

DHCP request monitoring, ARP table analysis, and DNS query pattern recognition for comprehensive device discovery

Intelligent Fingerprinting

Fingerbank API integration, MAC OUI lookups, Nmap OS detection, and DNS pattern analysis for accurate identification

Weighted Classification

Sophisticated scoring system with confidence thresholds and 14 built-in device profiles for intelligent categorization

RADIUS Integration

Automated provisioning through Cloudpath RADIUS with dynamic access policy assignment based on device classification

React Dashboard

Real-time web interface for device monitoring, manual classification, and system management with WebSocket updates

Multi-Switch Support

Dynamic management of multiple network switches via SSH and SNMP for enterprise-scale deployments

Screenshots

Device Profiler Dashboard Overview
Dashboard Overview - Real-time device monitoring and management interface
Device List View
Device List - Comprehensive view of all discovered and classified devices
Device Details View
Device Details - In-depth profiling information with confidence scores and classification data

Technical Implementation

Device Profiler uses a multi-layered approach to device discovery and classification. The system monitors Kea DHCP server hooks, tracks ARP tables on network switches, and analyzes DNS query patterns to detect new devices entering quarantine VLANs. Key technical capabilities include:

  • Fingerbank API: Commercial device fingerprinting database for accurate device identification
  • MAC OUI Lookup: Vendor identification from IEEE OUI database to determine manufacturers
  • Nmap Scanning: Active OS detection and service discovery for comprehensive profiling
  • DNS Analysis: Pattern matching on DNS queries to identify device types and cloud services
  • Confidence Scoring: Weighted algorithm combining multiple signals for classification accuracy
  • Automated Onboarding: Threshold-based provisioning with manual review fallback for ambiguous cases
  • Switch Management: SSH/SNMP integration for multi-vendor network device control

The FastAPI backend provides RESTful APIs for the React frontend while maintaining persistent device state and classification history. WebSocket connections enable real-time dashboard updates as devices are discovered and classified.

Device Classification System

The system includes an extensible device taxonomy with 14 built-in profiles for common enterprise device types:

  • Access Points: Wireless infrastructure devices
  • Printers: Network-connected printing devices
  • IoT Sensors: Environmental and monitoring sensors
  • IP Cameras: Video surveillance equipment
  • VoIP Phones: SIP-based communication devices
  • Smart TVs: Media display devices
  • Network Equipment: Switches, routers, and infrastructure
  • And more... Badge readers, building automation, industrial controllers

Security & Automation Innovation

This project demonstrates advanced network security automation by combining multiple fingerprinting techniques with intelligent decision-making. The confidence-based classification system reduces false positives while maintaining security, and the automated RADIUS provisioning eliminates manual device onboarding workflows. Perfect for enterprises with complex IoT device ecosystems requiring secure, scalable, and intelligent network access control.

Technology Stack

Python 3.8+ FastAPI React Kea DHCP Server Nmap Fingerbank API WebSocket SSH/SNMP Cloudpath RADIUS

Enterprise Impact

Device Profiler demonstrates expertise in:

  • IoT Security: Automated secure onboarding for headless devices at scale
  • Network Automation: Eliminating manual provisioning workflows and reducing operational overhead
  • Multi-Source Intelligence: Combining passive and active fingerprinting for accurate classification
  • Real-Time Systems: WebSocket-based dashboard with instant device discovery notifications
  • Enterprise Architecture: Multi-switch support and extensible device taxonomy for large deployments
View on GitHub Back to Projects