Dear Team, May I request a favor for my question? I have been implementing Print Management Software in customer site. The problem is the printer could not be added to the Print Management Server . Simply , I used telnet to the device IP and required port 53213 from server and telnet failed. But the customer complained that they have opened all the ports with any-any setting in firewall and maybe the port of our device is not in the listened stage. So may I know if Wireshark can help me check which ports can be reached/which ports cannot be reached while communicating from server to device in the addition of printer to software process. Thank you so much in advance for your help. Best Regards, Natha asked 23 Jan '17, 21:11  Natha showing 5 of 7 show 2 more comments |
One Answer:
Well normally if you just see the first packet of the handshake (SYN-packet) answered by an RST it means the port is down or blocked by a Firewall. If you only the see the first SYN packet, answered by nothing it normally means the packet is lost or blocked by a FW. So in your case a FW may block the packets. BUT I think you deal with another problem. It could be that not all devices understand the ECN, CWR Bits in your packet. So please try to disable them on the client side. Some clients tries to disable the new RFC feature by itself by retransmit the SYN without these options. But in your case it seems it does not happen. So that is the reason why I suggest to disable this options. answered 29 Jan '17, 23:43  Christian_R edited 30 Jan '17, 09:02 Thank you Christian for the explanation . Let me go through with the customer and will update you the result. Best Regards, Natha (29 Jan '17, 23:55) Natha |
quick way would be to .... run Wireshark on a PC and then telnet (from same PC) to printer port 53213. Then examine the capture if a RST came back from printer, if yes then the port is closed.
if not upload that capture to here.
Dear Soochi,
Thank you for the advice. As it is in customer place, please gimme sometime to go there to try out. I will update the result once testing is done.
Thanks again and best regards, Natha
Dear Soochi,
Sorry for my late reply .
As per your advice, I did telnet and captured the wireshark. But didn't see RST so it seems the port 53213 opened ? But still could not add the device to Print Management software. Kindly see attached . Could you please help me for some more advice ?
Your understanding for not being able to upload the packet here is much appreciated because customer doesn't allow me to put their data here.
Thank you so much for your help. Looking forward to your reply .
Best Regards, Natha
I know this is a wireshark forum, but why don't you just use a tool like nmap to get a list of all the ports open in the server?
Hello Csigueros,
Thank you for the advice . nmap could not check device(Copier) port ? Kindly see the following .. 192.128.64.95 is device IP.
Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. All rights reserved.
Starting Nmap 7.40 ( https://nmap.org ) at 2017-01-27 17:54 Myanmar Standard Ti e dnet: Failed to open device eth1 QUITTING!
Thanks
If you make the telnet test you can see in most cases an RST in response to the initial SYN, if the port is down. A Firewall can manipulate this handling.
But if the port is open you should see a full 3 Way handshake (SYN,SYN/ACK,ACK) to the Port 53213.
So waht exactly do see in the trace?
Hello Christian,
Thank you for the comment.
What I see is [SYN,ECN, CWR] to the port 53213. So it means the port not open ?
Thanks..