This is our old Q&A Site. Please post any new questions and answers at

Okay, here is the scenario: 100 users printing to an HP printer, (not through a server). One of the computers keeps sending a corrupt print job and locking up the HP printer. Would WireShark be able to tell us which user is sending the print job to the HP? Maybe by giving us the mac address, or IP or user name?

asked 01 Dec '15, 16:17

Robert%20Merrick's gravatar image

Robert Merrick
accept rate: 0%

Sure for IP address, possibly for MAC (if the computers are on the same LAN like the printer), maybe for user name (depending on whether the protocol is encrypted). But your part will be to identify in all the streams what exactly is the corrupt job. I assume that you cannot ask all the 100 users to stop using the printer for 20 minutes, but it would be the best way, as then only the corrupt job which I assume is retried automatically, without the user knowing about it, would be sent to the printer.

As I doubt you could run Wireshark on the printer directly, you'll need to mirror the traffic at the printer port of the switch to another port of that switch and connect the computer running Wireshark to it, or run Wireshark on a computer with two network cards bridged together, inserted between the printer and the switch.

permanent link

answered 02 Dec '15, 00:39

sindy's gravatar image

accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 01 Dec '15, 16:17

question was seen: 3,390 times

last updated: 02 Dec '15, 00:39

p​o​w​e​r​e​d by O​S​Q​A