These metrics make it possible to precisely identify operating systems and their configuration as well as network parameters and to track users efficiently and silently. Although it may seem difficult to believe that this is possible, a tool I have authored, p0f, implements most of the techniques to gather and analyze the information based on the analysis of SYN, SYN+ACK, and RST packets in a completely passive manner, with a high rate of success.

Let’s look at an example packet to see the effectiveness of this approach. Following is a set of important parameters extracted from an actual TCP packet captured on the network. What can this tell us about the sender’s operating system?