Originally Posted by UALOneKPlus

They really couldn't. All they could tell is that you're using Safari and IE or FF or Chrome, if you send unencrypted traffic.

And if you encrypt your traffic, they couldn't tell at all, except by the TTL value for the IP packet as noted above, if you were using a router.

As dranz mentioned, they could try to sniff out flash cookies, which most people are unaware of, but even that is not foolproof because iPhones / iPads don't use flash. However if your Windows machine tries to connect to windowsupdate.com while they sniff Mac OSX server updates, that's another way they could tell by analyzing the traffic. But if it's all encrypted via a VPN then they can't see that either. So it becomes a guessing game.

IT has enough headaches to deal with, from regular users, I couldn't imagine them trying to go down to this low of a level to try to ferret this stuff out. It would be like trying figure out and count the number of cheerio rings you have in your cereal bowl. Who has time for that?

Maybe the Department of Defense, NSA, CIA, would go down to this low of a level to analyze the network and root out unauthorized devices, but most ISPs would not have the time or money or resources to do this.