There exists what is known as "stack fingerprinting". Although
TCP/IP is guided by a plethora of RFCs, however, implimentations
can have minor differences. By sending carefully constructed
packets and looking at replies, it is sometimes possible to
identify the OS, and even kernel revision.
The
OS fingerprinting is not that easy...OS fingerprinters like nmap use
sophisticaed packet/type of packet arrivals/departures etc to determine the
kind of os..
It is pretty difficult to look at just one packet and decide...
Google for nmap and read their basic paper on OS
fingerpriting..interestin
Port scanners such as nmap and OS detectors such as queso are known to do
this, but not the way you indicate. Rather they send a set of packets to
the machine and look at the responses. By looking at the response, one
can determine the OS and even sometimes the kernel version. This is
because
