Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-10-09 18:29:29 +0000

Chuckc gravatar image
  1. Do you have a test/victim printer on the local LAN such that firewall rules won't interfere with testing?
    How about scanning a printer with nmap or zenmap to try to recreate the issue.
    Might help to see what ports the printers are listening on.
  2. If you're pretty sure that it's TCP traffic, a capture filter like this will limit the capture to the first two packets of the TCP handshake:
    ip host 192.168.200.50 and (tcp[tcpflags] & tcp-syn != 0)
    These would show up in the Wireshark Statistics -> Conversations:TCP.
    (Capture filter syntax with more examples: pcap-filter.7)
  3. If uncertain about whether it's TCP or UDP, you could generate netflow records with something like nprobe then capture and view the records in Wireshark.