“…Unfortunately, most of the devices used nowadays are produced by manufacturers which produce both types of devices (e.g., Samsung, Apple): therefore such a method can be used only on a very small percentage of devices. To overcome this issue, two alternative methods are generally used in the literature, both resorting to traffic inspection tools which "read inside" application-layer traffic: DHCP fingerprinting [34] and inspection of the User Agent field of HTTP headers [27,30,33,35,36]. Unfortunately, both methods have two major drawbacks: first, they require the use of dedicated hardware (e.g., Deep Packet Inspectors) or software licenses (e.g., Cisco Identity Services Engine) on the existing network architecture, which might not be always possible due to high costs and administrative, management or privacy issues.…”