Based on network traffic between hosts, it is possible to predict what OS is running on a system. Every operating system has its own unique way to implement TCP/IP stack. A very simple but effective passive method is to inspect the initial time-to-live (TTL) in the IP header:
I am on a Windows 10 machine and tried the ICMP ping to host 4.2.2.2. In the Wireshark capture attached below, you can see that the Windows 10 initial TTL value is 128:
I expended the first packet from Wireshark, which confirms TTL 128:
Let's try to ...