my isp blocks 139 so will i still be able to fingureprint
which is the best program ?

I use nmap to for os detection, it can usually detect common os's without any open ports and for accurate detection it really only needs any 1 open and 1 closed port. You can also try things like banner grabbing or sniffing (if your local).

Scanners that claim to find the OS use a finger print of the ports that are open, filtered (closed), and stealth. So they dont use a specific port. It needs a minimum of 1 open and one filtered, but the more the ports the more accurate. It compares the open and closed ports with a file that has fingerprints of various OS's.

Example (fake)
Scan completed and finds:
Port 1 open
Port 2 filtered
Port 8 open


Known finger prints:
Windows 3.1 linux 1.3.4
Port 1 open Port 1 open
Port 2 filtered Port 2 filtered
Port 134 open Port 8 open

Results: The host is Linux 1.3.4

Note: It really uses a fingerprint system and not a port listing like i have shown, but this hopefully helps you to understand how it works

Port 139 is not used specifically for Os fingerprinting.
That is done by deploying techniques associated with ICMP timestamp/TTL's and the error messages.
But that is not all, OS figerprinting is a complex job which involves a lot of TCP/IP based enumeration to guess the OS.

http://www.insecure.org/nmap/nmap-fingerpr...ng-article.html -- Is a nice whitepaper for fingerpinting an OS, using nmap.

Rather than how many ports are open .
and what ports are open.
we should only consider what ports will be useful for us to fingerprint.
and what fingerprints does the tool youre using have.

For example if the host is Running SSH and NFS the tool confirms it as a *nix service.

yes 135 is very important when it comes to fingerprining..
but remember ,thats not the only source of information either

OS fingerprinting is done in many ways...

1) checking services on well known / standard ports
2) IP-Stack fingerprinting (TTL, RTT ....)
3) many things more, depending on the program u use to

one very handy tool i can only recommend is p0f, which can be found here

Port 0 is used by some programs to fingerprint.... as there is no RFC about how to respond to requests on port 0, every OS uses its own implementation.... there fore you can recognize which OS you are talking to by disecting the port 0 response.

http://www.securityfocus.com/guest/24226

read that , it's not about fingerprinting. But you learn one of the basic things between linux and windows. witch makes it easy to tell the defrence between them.

It's normally not onely open ports, but olso how the system responts to things.

139 is kinda important for fingering windows but windows has other common ports 135,445,1025.

Some other program that fingerprint are Eeye retina, shadow security scanner, nmap,THC-Amap