Nmap Development mailing list archives
RE: Request for testing of HP PJL service probe
From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Fri, 28 Aug 2009 01:57:24 +0100
I just tried it out at home and got: Interesting ports on 192.168.xxx.xxx: PORT STATE SERVICE VERSION 9100/tcp open hp-pjl HP Color LaserJet CP2025dn 9101/tcp closed jetdirect 9102/tcp closed jetdirect 9103/tcp closed jetdirect 9104/tcp closed jetdirect 9105/tcp closed jetdirect 9106/tcp closed jetdirect 9107/tcp closed jetdirect MAC Address: 00:21:5A:xx:xx:xx (Hewlett Packard) Service Info: Device: printer This picked up the correct version/matched the Device Description field. The version detection stage knocked the printer out of "PowerSave" mode, and into "Ready", but it doesn't appear to have screwed anything up (it didn't print anything out). I'm able to print okay afterwards. However, if I run a default version scan it ends up printing several pages (before I kill nmap). I've identified the cause as version detection against port 9999. I don't know how many other (modern) HP printers are affected by this, is it worth adding 9999 to the exclude list? Rob -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of David Fifield Sent: 27 August 2009 22:14 To: nmap-dev () insecure org Subject: Request for testing of HP PJL service probe Hi, In r15334 I added Brandon Enright's Printer Job Language service probe from http://seclists.org/nmap-dev/2009/q1/0560.html. I would like it to have wider testing. The probe as it stands is inactive because its ports (9100-9107) are the same as the Exclude ports. So you will have to do a little extra work to test it. Open the nmap-service-probes file and comment out this line near the top: Exclude T:9100-9107 It should look like this when you're done: # Exclude T:9100-9107 Then, run this scan over a network with a printer or anything listening on ports 9100-9107: nmap --datadir . -PS9100-9107 -sV -p 9100-9107 <network> The --datadir argument is important to make sure Nmap is using your edited nmap-service-probes. We are interested in positive and negative results. If the probe identified all your printers correctly, please let us know. If you got back a service fingerprint, send it in. If the probe messed up your printer and you have to reboot it, or if it printed anything, that's particularly noteworthy. Check to make sure you can still print after running after the scan. I really don't think there will be problems with the probe. I just want to be extra careful considering that it's potentially using a physical resource. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Request for testing of HP PJL service probe David Fifield (Aug 27)
- RE: Request for testing of HP PJL service probe Rob Nicholls (Aug 27)
- Re: Request for testing of HP PJL service probe David Fifield (Aug 28)
- Re: Request for testing of HP PJL service probe Fyodor (Aug 28)
- RE: Request for testing of HP PJL service probe Rob Nicholls (Aug 27)