P0f is a great little utility to help identify or passively fingerprint another system based on network connections that are being observed by p0f. Each operating system handles things a little differently and has slight differences in the network stack. Because of this, p0f can usually determine the host machine's operating system. This is useful as you can note the operating system for all the hosts for future exploit testing.
P0f is pretty straightforward to use. It can be run against live traffic coming from or to the host you are on, or you can also feed in a network capture to determine operating systems. Here is the output of the command-line arguments to help determine your method of use:
If you wish ...