This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture traffic from printer to smtp relay

0

Hi all, I've been searching online for some help to this, but so far I haven't found an answer (or at least I have not recognized the answer).

I have a MFP (mock IP 192.168.0.20) and a SMTP relay which is setup on our DC/print server (mock IP 192.168.0.10). I've installed wireshark and winpcap on the DC/print server.

I'm trying to configure the MFP for scan to email using the SMTP relay on the DC/print server which is pointing to a Office 365 SMTP server.

When a scan to email job is started from the printer, I get a connection error message (it is not descriptive at all. Just "error connecting".) I am not sure if the job is being rejected by the SMTP relay on the DC/print server or if it is being rejected by Office 365 SMTP.

I'd like to setup Wireshark to capture traffic from the MFP (192.168.0.20) to the DC/print server SMTP relay (IP 192.168.0.20). I'd consider myself a novice when it comes to Wireshark, though I'm understanding more and more as I use it.

I've googled for help as well, but I just might not have enough understanding of wireshark/packet capturing to utilize the advise/info I've found in my google searches.

Any help is greatly appreciated.

Thanks

asked 13 Sep '13, 06:53

tkal's gravatar image

tkal
11114
accept rate: 0%

edited 13 Sep '13, 06:56


3 Answers:

2

Alright, installing WinPCAP and Wireshark on a Domain Controller? I wouldn't dare to do that... :-)

Anyway, since you've already done it and it obviously didn't crash or otherwise have an impact on the server (you'd be asking other questions otherwise) you can proceed. I'd go with a capture on the network card where the MFP data is due to arrive at (the card with IP 192.168.0.10), and set a capture filter on the IP of the MFP to ignore everything that is not coming from the device. The filter would be set in the capture options of the NIC you capture on, and be something like "host 192.168.0.20 and tcp port 25" - without the quotation marks. That way you only get packets that arrive from your MFP and are coming in on port 25.

Two things might happen:

  1. you see no traffic at all. In that case you have set the wrong capture filter, or the traffic is never even arriving at the DC
  2. you see SMTP packets and it is your task to interpret what is happening. If the communication to the printer looks fine you need to repeat the capture, but this time using the office 365 IP for your filter.

Good luck!

answered 13 Sep '13, 07:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 13 Sep '13, 07:23

Thank you for the info. Seeing the traffic come through. Now I need to wait for a user to run a scan to email test.

Much appreciated :)

(13 Sep '13, 09:29) tkal

1

Presumably the MFP will be attempting to connect to the standard SMTP port which is TCP port 25, so setting a capture filter of "port 25" in Wireshark should get you the traffic, make sure you select the correct interface on the

Once you've captured the traffic, then you'll need to look at the actual SMTP conversation, however given your error message of "error connecting" it's likely that the MFP isn't able to make a connection at all. You should at least see the TCP "SYN" packets coming in from the MFP to open the connection.

answered 13 Sep '13, 07:24

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

0

Just "error connecting". I am not sure if the job is being rejected by the SMTP relay on the DC/print server or if it is being rejected by Office 365 SMTP.

The connection error results from your local system, otherwise the error message would be different. Reason: Your mail relay works with the principle store and forward, that means it will receive the full mail from your local client and then forward it to the Office 365 server. So, if you get a "connection error" in your client log, the chances are pretty good, that it was not able to connect to port 25 on your DC/print server. As you did not explain how you setup a mail relay on that system I cannot give any advice, other than trying to telnet to port 25 on that machine and to check if it reacts at all.

telnet 192.168.0.10 25

If there is no telnet client on your Win 7, install it from an elevated DOS box with

pkgmgr /iu:"TelnetClient"

  1. If you don't get a connection to the SMTP server (timeout in the client), you have found the problem. Then you need to check the firewall on the DC, if it allows connections to port 25 (I doubt it).

  2. If you do get a connection, the problem is either only related to your MFP, or somewhere else. Here only a cpature of the traffic would help.

I tend to believe that 1.) is your problem.

Regards
Kurt

answered 14 Sep '13, 04:27

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%