Filtering
OS Fingerprints

Source OS only
Looks at initial TCP packet
Based on p0f, by lcamtuf@coredump.cx
Can filter by general OS or specific version/patchlevel

Can be spoofed
A policy tool, not a security tool