Solved

Every day at approx 9.30am all our network printers spool a couple of pages containing some HTTP code

Posted on 2007-11-15
7
241 Views
Last Modified: 2010-04-21
Dear Gurus,

The majority, if not of our networked printers spool out two pages each morning with the following text:-

Page 1:

HEAD / HEAD\1.0

Page 2:

GET / HTTP/1.1
Host: <printer IP address>
Connection: close

I am not certain what could be causing this.  We have a single Windows 2003 server which is our domain controller, also running Exchange, IIS (and RPC over HTTPS), file & print.

It makes sense that something running on the server is sending some HTTP request to all these printers, but I'm not sure what it could be.  As well as all the Microsoft stuff, my predecessor installed some Xerox printing software and some Dell printing software.  It is possible that one of these applications is causing the prints, however I am a bit worried about uninstalling the software in case those printers stop working.

Any advice would be really appreciated, as it's becoming a real pain in the ****.

Thanks a lot,
Toby
0
Comment
Question by:geoff_austin
  • 4
  • 2
7 Comments
 
LVL 11

Expert Comment

by:bsharath
ID: 20288023
See the eventlog if there is a entry of what's happening...
0
 

Author Comment

by:geoff_austin
ID: 20288272
Good idea.

Unfortunately I can't find anything that looks relevant in the event logs.
0
 
LVL 55

Accepted Solution

by:
andyalder earned 250 total points
ID: 20292474
Sounds like a virus on a laptop or desktop that 'scans' the local subnet in search of webservers that it may be able to hijack when it boots and the printers end up printing a bit of the code.

Run network monitor on a PC on the same subnet and you'll probably be able to catch the similar traffic being sent to it and identify the IP address of the sender from the trace.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:geoff_austin
ID: 20297021
Thanks for your post Andy, sounds feasible.

Are there any network monitors you'd recommend?
0
 
LVL 55

Expert Comment

by:andyalder
ID: 20297193
I was thinking to use netmon but I didn't realise that it only comes with server, not XP.

www.ethereal.com/ is the most popular free network monitor.
0
 

Author Comment

by:geoff_austin
ID: 20533830
Thx again for your reply Andy and sorry about the big delay in replying.

I installed Wireshark in the end:- http://www.softpedia.com/get/Network-Tools/Protocol-Analyzers-Sniffers/Ethereal.shtml
(Apparently this is the new name for Ethereal)

OK, so now I have a 250MB capture, some point during which this event occurred.  I have been trying some filters, but without knowing exactly what I'm looking for it's difficult to know what filters to apply.

I have seen lots of broadcasts with protocol SSDP saying "notify * HTTP/1.1"

This corresponds roughly with what is being printed out on all the printers.  Could these broadcasts cause printers to print?
0
 

Author Closing Comment

by:geoff_austin
ID: 31457458
We changed the IP address range for a different reason and the problem went away.  Thanks for your help anyway.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to clone Linux server? 15 77
HP Officejet Deskjet 460 Mobile Inkjet Printer 30 96
Joining Domain Issue 4 50
Scan to email stopped working for 2 clients. 9 60
Causes of paper jams:The following are the main causes of paper jams. Guides:If the guides for the paper are not set correctly they may cause the paper to enter at an angle. You should ensure that the guides are set correctly for the paper type a…
Learn about cloud computing and its benefits for small business owners.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

1 Experts available now in Live!

Get 1:1 Help Now