Every operating system's TCP/IP stack has its own set of default values and extensions. Furthermore, a vendor ID string is sent when acquiring a network address via DHCP (option 60), and the padding and option layout on discovery packets make detection of a particular system possible even if said string is modified. Thus, it is possible to identify which OS a device is running merely by analyzing the above mentioned details. The following links, as well as looking for "OS fingerprinting" on your favorite search engine, provide more information, and means to (at least partially) shield yourself against this.
TCP/IP stack fingerprinting - Wikipedia, the free encyclopedia
fingerbank: Learn More
OSfuscate: Change your Windows OS TCP/IP Fingerprint to confuse P0f, NetworkMiner, Ettercap, Nmap and other OS detection tools
Bookmarks