geoff_austin
asked on
Every day at approx 9.30am all our network printers spool a couple of pages containing some HTTP code
Dear Gurus,
The majority, if not of our networked printers spool out two pages each morning with the following text:-
Page 1:
HEAD / HEAD\1.0
Page 2:
GET / HTTP/1.1
Host: <printer IP address>
Connection: close
I am not certain what could be causing this. We have a single Windows 2003 server which is our domain controller, also running Exchange, IIS (and RPC over HTTPS), file & print.
It makes sense that something running on the server is sending some HTTP request to all these printers, but I'm not sure what it could be. As well as all the Microsoft stuff, my predecessor installed some Xerox printing software and some Dell printing software. It is possible that one of these applications is causing the prints, however I am a bit worried about uninstalling the software in case those printers stop working.
Any advice would be really appreciated, as it's becoming a real pain in the ****.
Thanks a lot,
Toby
The majority, if not of our networked printers spool out two pages each morning with the following text:-
Page 1:
HEAD / HEAD\1.0
Page 2:
GET / HTTP/1.1
Host: <printer IP address>
Connection: close
I am not certain what could be causing this. We have a single Windows 2003 server which is our domain controller, also running Exchange, IIS (and RPC over HTTPS), file & print.
It makes sense that something running on the server is sending some HTTP request to all these printers, but I'm not sure what it could be. As well as all the Microsoft stuff, my predecessor installed some Xerox printing software and some Dell printing software. It is possible that one of these applications is causing the prints, however I am a bit worried about uninstalling the software in case those printers stop working.
Any advice would be really appreciated, as it's becoming a real pain in the ****.
Thanks a lot,
Toby
See the eventlog if there is a entry of what's happening...
ASKER
Good idea.
Unfortunately I can't find anything that looks relevant in the event logs.
Unfortunately I can't find anything that looks relevant in the event logs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your post Andy, sounds feasible.
Are there any network monitors you'd recommend?
Are there any network monitors you'd recommend?
I was thinking to use netmon but I didn't realise that it only comes with server, not XP.
www.ethereal.com/ is the most popular free network monitor.
www.ethereal.com/ is the most popular free network monitor.
ASKER
Thx again for your reply Andy and sorry about the big delay in replying.
I installed Wireshark in the end:- http://www.softpedia.com/get/Network-Tools/Protocol-Analyzers-Sniffers/Ethereal.shtml
(Apparently this is the new name for Ethereal)
OK, so now I have a 250MB capture, some point during which this event occurred. I have been trying some filters, but without knowing exactly what I'm looking for it's difficult to know what filters to apply.
I have seen lots of broadcasts with protocol SSDP saying "notify * HTTP/1.1"
This corresponds roughly with what is being printed out on all the printers. Could these broadcasts cause printers to print?
I installed Wireshark in the end:- http://www.softpedia.com/get/Network-Tools/Protocol-Analyzers-Sniffers/Ethereal.shtml
(Apparently this is the new name for Ethereal)
OK, so now I have a 250MB capture, some point during which this event occurred. I have been trying some filters, but without knowing exactly what I'm looking for it's difficult to know what filters to apply.
I have seen lots of broadcasts with protocol SSDP saying "notify * HTTP/1.1"
This corresponds roughly with what is being printed out on all the printers. Could these broadcasts cause printers to print?
ASKER
We changed the IP address range for a different reason and the problem went away. Thanks for your help anyway.