Fingerprinting the Operating System (OS) running on a device based on its traffic has several applications, such as NAT detection, policy enforcement in enterprise networks, and billing for shared access in mobile networks. In this paper, we propose to utilize several features in TCP/IP headers for OS identification, and use real traffic traces to evaluate the accuracy of fingerprinting. Our tracedriven study shows that several techniques that successfully fingerprint desktop OSes are not effective for fingerprinting mobile devices. Therefore, we propose new features for fingerprinting OSes on mobile devices. We also consider NAT/tethering detection, an important application of OS fingerprinting. We use the presence of multiple OSes from the same IP address along with TCP timestamp, clock frequency, and boot time to detect tethering. Evaluation shows that our approach effectively detects tethering and outperforms existing schemes.