RE: NSE PJL proof of concept

[Aaron Leininger <rilian4 () hotmail com>]

> Do you get any sort of response from the printer confirming that the
> string was set?  Maybe it is worth issuing a PJL call to request the
> current status string to ensure it worked?  It might be even more
> useful to do a status call first so that the output can print what the
> status code WAS before it was changed.  Among other benefits, that
> makes it easier to change it back when you're done horsing around.

I did a packet dump this morning to check on this and I could find no evidence of any response from the printer after 
sending the display message command. I have attached the packet dump in tcpdump format to this email. Note the last 4 
packets (#18-21). #18 is the PJL string being sent to the printer. #19 is an ACK from the printer. #20 is a FIN+ACK 
from the printer and #21 is an ACK from my scanning host. I left the capture running for 5-10 seconds after the nmap 
command finished to make sure there was nothing coming on the wire. 

I did find a PJL command that may come in handy in implementing your suggestions however.
After setting the ready message to "Test" using my script, I then used ncat included w/ nmap4.85beta10 to show the 
following:

$ncat printerip 9100
@PJL INFO STATUS
@PJL INFO STATUS
CODE=10001
DISPLAY="Test   "
ONLINE=TRUE
===========
The first PJL line is the command I sent, everything after that is the response received. This particular target is a 
laserJet 5si. If I run the script against my laserjet 4100, there is no space in the DISPLAY variable and it always 
comes back in CAPS for the laserjet 4100 series regardless of how you send it in. One other thing is that a FF (form 
feed) character is always tacked onto the end of the response. It seems to me that it would be good to strip this off 
as in my tests, that FF character always rolls my display down as if I'd issued a clear command. 

So I guess there is a way to probe the status of the display to check that it worked. I'll have to get back to the 
drawing board and try to add some of this stuff in. 

Other PJL commands that could be useful: (I have not tested all of these out of NSE yet)
@PJL INFO PAGECOUNT
returns the pagecount of the printer

@PJL INFO ID
returns the model of the printer 

These work well in ncat but the 5si won't respond to many of the commands from an NSE script where the 4100 I am 
testing against does seem to respond. I've tried setting the timeout as high as 8 seconds (8000ms) and I get nothing 
back from NSE. As I am still a relative novice w/ NSE, if anyone has an idea as to why this sort of behavior would 
happen, feel free to enlighten me. Also, Could someone point me at some good examples of how to do string parsing in 
NSE/lua? I'd like to figure out how to parse the status output to grab the DISPLAY= line. 

Thanks,
Aaron

_________________________________________________________________
Windows Live™ SkyDrive™: Get 25 GB of free online storage.
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009

Attachment: pjl-readymsg_cap
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org