Nmap Development mailing list archives
Re: Request for testing of HP PJL service probe
From: Vijay Sankar <vsankar () foretell ca>
Date: Mon, 12 Oct 2009 23:18:52 -0500
David Fifield wrote:
On Thu, Aug 27, 2009 at 03:13:52PM -0600, David Fifield wrote:In r15334 I added Brandon Enright's Printer Job Language service probe from http://seclists.org/nmap-dev/2009/q1/0560.html. I would like it to have wider testing. The probe as it stands is inactive because its ports (9100-9107) are the same as the Exclude ports. So you will have to do a little extra work to test it. Open the nmap-service-probes file and comment out this line near the top: Exclude T:9100-9107 It should look like this when you're done: # Exclude T:9100-9107 Then, run this scan over a network with a printer or anything listening on ports 9100-9107: nmap --datadir . -PS9100-9107 -sV -p 9100-9107 <network> The --datadir argument is important to make sure Nmap is using your edited nmap-service-probes. We are interested in positive and negative results. If the probe identified all your printers correctly, please let us know. If you got back a service fingerprint, send it in. If the probe messed up your printer and you have to reboot it, or if it printed anything, that's particularly noteworthy. Check to make sure you can still print after running after the scan. I really don't think there will be problems with the probe. I just want to be extra careful considering that it's potentially using a physical resource.I ran this against a D-Link DP-G310 wireless print server connected to a non-networked printer. The probe caused the printer to go into its reset state, with a blinking warning light. Here is the relevant output: Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-02 22:12 MDT Initiating Service scan at 22:12 Overriding exclude ports option! Some undesirable ports may be version scanned! Scanning 1 service on 192.168.1.8 NSOCK (0.3660s) TCP connection requested to 192.168.1.8:9100 (IOD #1) EID 8 NSOCK (0.3660s) nsock_loop() started (no timeout). 1 events pending NSOCK (0.3690s) Callback: CONNECT SUCCESS for EID 8 [192.168.1.8:9100] Service scan sending probe NULL to 192.168.1.8:9100 (tcp) NSOCK (0.3690s) Read request from IOD #1 [192.168.1.8:9100] (timeout: 6000ms) EID 18 NSOCK (6.3680s) Callback: READ TIMEOUT for EID 18 [192.168.1.8:9100] Service scan sending probe hp-pjl to 192.168.1.8:9100 (tcp) NSOCK (6.3680s) Write request for 34 bytes to IOD #1 EID 27 [192.168.1.8:9100]: .%-12345X@PJL INFO ID...%-12345X.. NSOCK (6.3680s) Read request from IOD #1 [192.168.1.8:9100] (timeout: 5000ms) EID 34 NSOCK (6.3680s) Callback: WRITE SUCCESS for EID 27 [192.168.1.8:9100] NSOCK (11.3680s) Callback: READ TIMEOUT for EID 34 [192.168.1.8:9100] NSOCK (11.3680s) TCP connection requested to 192.168.1.8:9100 (IOD #2) EID 40 NSOCK (11.3740s) Callback: CONNECT ERROR [Connection refused (61)] for EID 40 [192.168.1.8:9100] Completed Service scan at 22:12, 11.01s elapsed (1 service on 1 host) Host 192.168.1.8 is up (0.086s latency). Interesting ports on 192.168.1.8: PORT STATE SERVICE VERSION 9100/tcp open jetdirect? MAC Address: 00:0F:3D:53:61:76 (D-Link) Read data files from: /usr/local/share/nmap Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.48 seconds Raw packets sent: 2 (86B) | Rcvd: 2 (86B) Can anyone else reproduce this with a print server? If it's going to be common I think we should keep ports 9100–9107 excluded. The command to run is this: nmap --allports --datadir . -PS9100-9107 -sV -p 9100-9107 <target> David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Good day,I did a regular ./configure, gmake, and sudo gmake install on OpenBSD 4.5 -stable.
. . . running install_data running install_egg_info NMAP SUCCESSFULLY INSTALLED Tried the following against a Brother 5250N Printerserver11$ nmap --allports --datadir . -PS9100-9107 -sV -p 9100-9107 10.0.0.51
Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-12 22:56 CDT Interesting ports on printer1.sankars.local (10.0.0.51): PORT STATE SERVICE VERSION 9100/tcp open jetdirect? 9101/tcp closed jetdirect 9102/tcp closed jetdirect 9103/tcp closed jetdirect 9104/tcp closed jetdirect 9105/tcp closed jetdirect 9106/tcp closed jetdirect 9107/tcp closed jetdirectService detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 122.89 secondsAfter the scan, the printer started printing pages -- most of the pages have some gibberish, but some are blank. I turned off the printer and restarted it and then was able to send real print jobs.
I tried the same against an HP OfficeJet Pro 7780 printer and got the following results.
server11$ nmap --allports --datadir . -PS9100-9107 -sV -p 9100-9107 10.0.0.56
Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-12 23:00 CDTNote: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.08 secondsThe printer was up during this time and I am not sure why the scan is not working (pings etc. work)
If useful, I can try this again using OpenBSD 4.6 simce I recently received those CDs and report back to the list if it works differently. It may take me a few days to find a spare machine. Please let me know.
Thanks, Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsankar () foretell ca _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Request for testing of HP PJL service probe David Fifield (Oct 10)
- Re: Request for testing of HP PJL service probe Vijay Sankar (Oct 12)
- Re: Request for testing of HP PJL service probe David Fifield (Oct 15)
- Re: Request for testing of HP PJL service probe Vijay Sankar (Oct 12)