Nmap Development mailing list archives
RE: NSE PJL proof of concept
From: Aaron Leininger <rilian4 () hotmail com>
Date: Mon, 13 Jul 2009 09:54:13 -0700
Do you get any sort of response from the printer confirming that the string was set? Maybe it is worth issuing a PJL call to request the current status string to ensure it worked? It might be even more useful to do a status call first so that the output can print what the status code WAS before it was changed. Among other benefits, that makes it easier to change it back when you're done horsing around.
I did a packet dump this morning to check on this and I could find no evidence of any response from the printer after sending the display message command. I have attached the packet dump in tcpdump format to this email. Note the last 4 packets (#18-21). #18 is the PJL string being sent to the printer. #19 is an ACK from the printer. #20 is a FIN+ACK from the printer and #21 is an ACK from my scanning host. I left the capture running for 5-10 seconds after the nmap command finished to make sure there was nothing coming on the wire. I did find a PJL command that may come in handy in implementing your suggestions however. After setting the ready message to "Test" using my script, I then used ncat included w/ nmap4.85beta10 to show the following: $ncat printerip 9100 @PJL INFO STATUS @PJL INFO STATUS CODE=10001 DISPLAY="Test " ONLINE=TRUE =========== The first PJL line is the command I sent, everything after that is the response received. This particular target is a laserJet 5si. If I run the script against my laserjet 4100, there is no space in the DISPLAY variable and it always comes back in CAPS for the laserjet 4100 series regardless of how you send it in. One other thing is that a FF (form feed) character is always tacked onto the end of the response. It seems to me that it would be good to strip this off as in my tests, that FF character always rolls my display down as if I'd issued a clear command. So I guess there is a way to probe the status of the display to check that it worked. I'll have to get back to the drawing board and try to add some of this stuff in. Other PJL commands that could be useful: (I have not tested all of these out of NSE yet) @PJL INFO PAGECOUNT returns the pagecount of the printer @PJL INFO ID returns the model of the printer These work well in ncat but the 5si won't respond to many of the commands from an NSE script where the 4100 I am testing against does seem to respond. I've tried setting the timeout as high as 8 seconds (8000ms) and I get nothing back from NSE. As I am still a relative novice w/ NSE, if anyone has an idea as to why this sort of behavior would happen, feel free to enlighten me. Also, Could someone point me at some good examples of how to do string parsing in NSE/lua? I'd like to figure out how to parse the status output to grab the DISPLAY= line. Thanks, Aaron _________________________________________________________________ Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009
Attachment:
pjl-readymsg_cap
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept jah (Jul 10)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept David Fifield (Jul 10)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept Fyodor (Jul 11)
- Re: NSE PJL proof of concept Fyodor (Jul 11)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 13)
- Re: NSE PJL proof of concept David Fifield (Jul 13)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 13)
- Re: NSE PJL proof of concept David Fifield (Jul 13)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept jah (Jul 10)