Each TCP packet may have zero or more options included with it.  The options can change various ways the packet and data can be sent/received.  Fingerprinting is done on options as well as the order of options!  Changing the options is recommended to emulate the OS/Browser you wish.

The following are the options you can set:

No Operation (NOP)

This is the "No Operation" or NOP option.  This has no actual function but it is used for fingerprinting.  Fingerprinting is commonly done by the number of NOPs and where they appear.

Maximum Segment Size (MSS)

The Maximum Segment Size is the amount of data that the user (the server / the proxy) can receive in a single segment without fragmenting which can increase the packet loss.  This has a maximum value of 65535.  

Selective Acknowledgements (SACK)

When packets are sent they come with a "Acknowledgment" number which is how much data has been sent.  As packets need to be re-assembled in a specific order, any packet received out of order would cause corruption or retransmission.  With Selective Acknowledgements it allows the server to accept packets out of order and will reassemble it correctly.

Window Scale (WScale)

This is a modifier to the "Window Size" option.  Window size is the number of bytes that can be received without acknowledgement.  With the advent of faster connections and faster computers the maximum Window Size has become too small and was too small.  Window Scale or Window Scaling fixes this by scaling the Window Size according to this number.  The max Window Scale possible is 14.

End of List (EOL)

This indicates the list of options has ended and is usually at the end of the list.  We have seen this before the end and can be used for fingerprinting.


The timestamp is a number to indicate the current time and is incremented at a specific interval.  This is not the time since unix epoch.  The timestamp is used for fingerprinting.