Hi, Each night, without any people send anything, a printer prints 10 blank pages. When the printer is not connected to the network, it prints nothing. Impossible to know who send this (what server, what device, what machine on the network, during the night, without any people in the plant). So I'm searching a tool, that I lunch on my desktop on the afternoon, to discover which IP address sent some traffic to this printer. Our network countains 390 PC, 20 servers, 40 IP printers, and others IP tools, in 5 buildings. Question 1 : is wireshark the good tool to have this information. Q2 : if yes, how can I do this ? Q3 : if no, is there another tool to do this ? asked 20 Oct '17, 05:57  JMiG |
One Answer:
Yes, Wireshark would be my tool of choice (or any other packet capture tool). Problem is that it won't do any good to run it on your desktop: the packets going to the printer are not going to be visible there in a switched network. What you need to do is this:
For capture setup information, check out https://wiki.wireshark.org/CaptureSetup/Ethernet https://blog.packet-foo.com/2016/10/the-network-capture-playbook-part-1-ethernet-basics/ In the end you should have packets around the time the printer prints (make sure the capture laptop/PC clock is correct) and can easily see the IP/MAC the traffic is coming from. answered 20 Oct '17, 06:03  Jasper ♦♦ |
Is this a enterprise type printer, or a simple model? What kind of logging / accounting can it do? Does this allow you to at least narrow down when this job is being printed?
It's a label printer => "Intermec PD42". Normally only the MRP software (when we receeive a shipment, the software automatically prints labels for the received parts). This software runs only on a server. The server send labels. But I searched in the logs of this software, a not any label has been sent during the night.