Hi, Each night, without any people send anything, a printer prints 10 blank pages. When the printer is not connected to the network, it prints nothing. Impossible to know who send this (what server, what device, what machine on the network, during the night, without any people in the plant). So I'm searching a tool, that I lunch on my desktop on the afternoon, to discover which IP address sent some traffic to this printer. Our network countains 390 PC, 20 servers, 40 IP printers, and others IP tools, in 5 buildings. Question 1 : is wireshark the good tool to have this information. Q2 : if yes, how can I do this ? Q3 : if no, is there another tool to do this ?
asked 20 Oct '17, 05:57
Yes, Wireshark would be my tool of choice (or any other packet capture tool). Problem is that it won't do any good to run it on your desktop: the packets going to the printer are not going to be visible there in a switched network.
What you need to do is this:
For capture setup information, check out
In the end you should have packets around the time the printer prints (make sure the capture laptop/PC clock is correct) and can easily see the IP/MAC the traffic is coming from.
answered 20 Oct '17, 06:03