IPID Attacks
OpenBSD Reality

Pseudo-random IPID
since 1998

Attack (mostly) no longer possible
You could do it with a large number of spoofed probe packets and watch for the most significant bit to flip.