How we can determine the remote OS using simple TCP packets? Well,
it's easy, they're packets that don't make any sense, so the RFCs
don't clearly state what to answer in this case. Facing this
ambiguity, each TCP/IP stack takes a different approach to the
problem, and is why, we get a different response. In some cases
(like Linux) programming mistakes make the OS detectable.
QueSO sends:
0 SYN * THIS IS VALID, used to verify LISTEN
1 SYN+ACK
2 FIN
3 FIN+ACK
4 SYN+FIN
5 PSH
6 SYN+XXX+YYY * XXX & YYY are unused TCP flags
All packets have a random seq_num and a 0x0 ack_num.
No homepage
None
None
None