Okay, here is the scenario: 100 users printing to an HP printer, (not through a server). One of the computers keeps sending a corrupt print job and locking up the HP printer. Would WireShark be able to tell us which user is sending the print job to the HP? Maybe by giving us the mac address, or IP or user name? asked 01 Dec '15, 16:17 Robert Merrick |
One Answer:
Sure for IP address, possibly for MAC (if the computers are on the same LAN like the printer), maybe for user name (depending on whether the protocol is encrypted). But your part will be to identify in all the streams what exactly is the corrupt job. I assume that you cannot ask all the 100 users to stop using the printer for 20 minutes, but it would be the best way, as then only the corrupt job which I assume is retried automatically, without the user knowing about it, would be sent to the printer. As I doubt you could run Wireshark on the printer directly, you'll need to mirror the traffic at the printer port of the switch to another port of that switch and connect the computer running Wireshark to it, or run Wireshark on a computer with two network cards bridged together, inserted between the printer and the switch. answered 02 Dec '15, 00:39 sindy |