Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2024-05-20 13:45:01 +0000

roadlesstraveled gravatar image

following a conversation which begins with LLMNR

I have a printer to which I am connecting wirelessly, and I need to capturedata being sent to it. If I ping the printer, I get a bunch of packets showing that traffic, but if I send data, in this case by using a utility to send a hex file, I don't see any traffic at all. The printer does give me the page I expect, so I know the data transfer is working.

Again, in this case, both the computer and printer are connected to a router wirelessly (a D-Link DIR-867 retail device if that is useful to know), and the computer connects at 5GHz, whereas the printer connects at 2.5 GHz, but given that both pinging and printing work, it doesn't seem that the wireless part makes a difference. Both devices are on the same subnet.

Enlighten me. TIA

following a conversation which begins with LLMNR

I have a printer to which I am connecting wirelessly, and I need to capturedata being sent to it. If I ping the printer, I get a bunch of packets showing that traffic, but if I send data, in this case by using a utility to send a hex file, I don't see any traffic at all. The printer does give me the page I expect, so I know the data transfer is working.

Again, in this case, both the computer and printer are connected to a router wirelessly (a D-Link DIR-867 retail device if that is useful to know), and the computer connects at 5GHz, whereas the printer connects at 2.5 GHz, but given that both pinging and printing work, it doesn't seem that the wireless part makes a difference. Both devices are on the same subnet.

Enlighten me. TIA

edit: I hae come across mention that there exists an address cache similar to, but separate from, the DNS cache. I'm wondering if there also exists a tool to display the contents of that cache.

following a conversation which begins with LLMNR

I have a printer to which I am connecting wirelessly, and I need to capturedata being sent to it. If I ping the printer, I get a bunch of packets showing that traffic, but if I send data, in this case by using a utility to send a hex file, I don't see any traffic at all. The printer does give me the page I expect, so I know the data transfer is working.

Again, in this case, both the computer and printer are connected to a router wirelessly (a D-Link DIR-867 retail device if that is useful to know), and the computer connects at 5GHz, whereas the printer connects at 2.5 GHz, but given that both pinging and printing work, it doesn't seem that the wireless part makes a difference. Both devices are on the same subnet.

Enlighten me. TIA

edit: I hae come across mention that there exists an address cache similar to, but separate from, the DNS cache. I'm wondering if there also exists a tool to display the contents of that cache.

here's a theory: if Wireshark is not looking at the LLMNR cache, then the conversation "disappears". Is that possible ? Does this require a plugin which picks up the address resolved without DNS so that Wireshark can follow it ? That would make LLMNR incredibly dangerous, because it would place any such conversation into "stealth" mode.

Is there a different scanner with the ability to follow such a conversation built in ?