Comment by cookiengineer

The problem is also that different network stack implementations have different MTU values and different TCP headers.

There's a lot of tools available that can fingerprint different applications pretty well these days. For example, Firefox and TOR Browser can be fingerprinted because of their custom network library that's OS independent.

It gets worse if you use a DSL2 connection with scaling because that will uniquely make your packets fingerprintable because they have a specific MTU size that's dependent of the length of the cable from modem to the next main hub. Same for cable internet, because the frequencies and spectrums that are used are also unique.

(I'm clarifying this, because an FBI van not having access to your Wi-Fi still has access to the cable on the street when there's a warrant for surveillance / wire tapping issued)

[1] https://github.com/NikolaiT/zardaxt (detects entropies of TCP headers and matches them with applications)

[2] https://github.com/Nisitay/pyp0f (detects the OS)

[3] https://github.com/ValdikSS/p0f-mtu (detects the VPN provider)