Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request for testing of HP PJL service probe

From: David Fifield <david () bamsoftware com>
Date: Sat, 10 Oct 2009 12:07:26 -0600
On Thu, Aug 27, 2009 at 03:13:52PM -0600, David Fifield wrote:

In r15334 I added Brandon Enright's Printer Job Language service probe
from http://seclists.org/nmap-dev/2009/q1/0560.html. I would like it to
have wider testing.

The probe as it stands is inactive because its ports (9100-9107) are the
same as the Exclude ports. So you will have to do a little extra work to
test it. Open the nmap-service-probes file and comment out this line
near the top:

Exclude T:9100-9107

It should look like this when you're done:

# Exclude T:9100-9107

Then, run this scan over a network with a printer or anything listening
on ports 9100-9107:

nmap --datadir . -PS9100-9107 -sV -p 9100-9107 <network>

The --datadir argument is important to make sure Nmap is using your
edited nmap-service-probes. We are interested in positive and negative
results. If the probe identified all your printers correctly, please let
us know. If you got back a service fingerprint, send it in. If the probe
messed up your printer and you have to reboot it, or if it printed
anything, that's particularly noteworthy. Check to make sure you can
still print after running after the scan.

I really don't think there will be problems with the probe. I just want
to be extra careful considering that it's potentially using a physical
resource.


I ran this against a D-Link DP-G310 wireless print server connected to a
non-networked printer. The probe caused the printer to go into its reset
state, with a blinking warning light. Here is the relevant output:

Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-02 22:12 MDT
Initiating Service scan at 22:12
Overriding exclude ports option! Some undesirable ports may be version scanned!
Scanning 1 service on 192.168.1.8
NSOCK (0.3660s) TCP connection requested to 192.168.1.8:9100 (IOD #1) EID 8
NSOCK (0.3660s) nsock_loop() started (no timeout). 1 events pending
NSOCK (0.3690s) Callback: CONNECT SUCCESS for EID 8 [192.168.1.8:9100]
Service scan sending probe NULL to 192.168.1.8:9100 (tcp)
NSOCK (0.3690s) Read request from IOD #1 [192.168.1.8:9100] (timeout: 6000ms) EID 18
NSOCK (6.3680s) Callback: READ TIMEOUT for EID 18 [192.168.1.8:9100]
Service scan sending probe hp-pjl to 192.168.1.8:9100 (tcp)
NSOCK (6.3680s) Write request for 34 bytes to IOD #1 EID 27 [192.168.1.8:9100]: .%-12345X@PJL INFO ID...%-12345X..
NSOCK (6.3680s) Read request from IOD #1 [192.168.1.8:9100] (timeout: 5000ms) EID 34
NSOCK (6.3680s) Callback: WRITE SUCCESS for EID 27 [192.168.1.8:9100]
NSOCK (11.3680s) Callback: READ TIMEOUT for EID 34 [192.168.1.8:9100]
NSOCK (11.3680s) TCP connection requested to 192.168.1.8:9100 (IOD #2) EID 40
NSOCK (11.3740s) Callback: CONNECT ERROR [Connection refused (61)] for EID 40 [192.168.1.8:9100]
Completed Service scan at 22:12, 11.01s elapsed (1 service on 1 host)
Host 192.168.1.8 is up (0.086s latency).
Interesting ports on 192.168.1.8:
PORT     STATE SERVICE    VERSION
9100/tcp open  jetdirect?
MAC Address: 00:0F:3D:53:61:76 (D-Link)

Read data files from: /usr/local/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.48 seconds
           Raw packets sent: 2 (86B) | Rcvd: 2 (86B)

Can anyone else reproduce this with a print server? If it's going to be
common I think we should keep ports 9100–9107 excluded. The command to
run is this:

nmap --allports --datadir . -PS9100-9107 -sV -p 9100-9107 <target>

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: