This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Seeking help

0

Hi, I am new to wireshark. If someone help me to solve out my network issue, its highly appreciated. I have a network printer. It has static IP Address. Whenever some computers logged into the network, the printer get restarted and loses the connectivity. After reboots, stay connected some more time and again rebooted. It happens through out the day until those 'unknown users' get off.

I have installed wireshark in the network, hoping it could help me to findout who is accessing the printer just before it goes reboot. Please help how to configure ws for this purpose. It is my first time use wireshark and ofcourse i am reading the manual :)

Your expert advise is welcome

asked 20 Oct '12, 23:29

bashful's gravatar image

bashful
1111
accept rate: 0%

1

Are you sure that the static address you have assigned to the printer is outside the DHCP pool range? If a computer using DHCP connects to the network and obtains a lease to the IP address already assigned to the printer, it will cause the printer to get an error when it tries to access the network.

(24 Oct '12, 13:39) inetdog

One Answer:

0

first thing you need to do is intercept the packets at your printer. you can even get by by putting a 10/100 hub there. The other option is to span/mirror the traffic to and from the printer port to your wireshark port.

i have quite a bit of stuff on my website for you to reference www.thetechfirm.com

let me know when you have things setup and I'll walk you through the next part.

answered 21 Oct '12, 04:32

thetechfirm's gravatar image

thetechfirm
64116
accept rate: 0%

Hi Thanks for your reply. I am afraid i could fully understood the setup you mentioned above. My PC is on the same network where the printer is installed. The printer is reachable from my PC. why should i do need another hub in picture?

I have installed the Wireshark already in my PC.

Thanks and looking forward to your reply.

(21 Oct '12, 06:12) bashful

I assumed the printer is connected to a switch.
If so, you need to be able to capture all the traffic and to and from the printer.

(21 Oct '12, 06:36) thetechfirm

Ofcourse, printer is connected to the switch. I need your help how to capture, what filter to use and how to read the result.

Thanks for your help

(21 Oct '12, 07:07) bashful

before ypu can filter anything, how are you capturing the packets to and from the printer? for example, can you capture packets of anyone printing or pinging the printer?

if not, you need to either mirror the printer port - if you switch is manageable, or place a hub between the printer and switch so you can see the traffic.

(21 Oct '12, 08:59) thetechfirm

I converted your conversations to comments since it's part of the original answer. Please keep using comments unless you really have a new answer to the original question :-)

(21 Oct '12, 09:12) Jasper ♦♦

Sorry, i didnt know that, I just typed in the 'your answer' box so far :)

can you capture packets of anyone printing or pinging the printer? This is what i want to do and need your help. I am connected to same switch where printer and other clients also connected. Its a cisco 2960 switch.

I want to capture any traffic going to and fro printer (or the LPD and RAW protocols)and identify from which client it is generated.

Thanks for the help

(21 Oct '12, 20:44) bashful
(22 Oct '12, 08:14) Jaap ♦
showing 5 of 7 show 2 more comments