Solved

Every day at approx 9.30am all our network printers spool a couple of pages containing some HTTP code

Posted on 2007-11-15
7
246 Views
Last Modified: 2010-04-21
Dear Gurus,

The majority, if not of our networked printers spool out two pages each morning with the following text:-

Page 1:

HEAD / HEAD\1.0

Page 2:

GET / HTTP/1.1
Host: <printer IP address>
Connection: close

I am not certain what could be causing this.  We have a single Windows 2003 server which is our domain controller, also running Exchange, IIS (and RPC over HTTPS), file & print.

It makes sense that something running on the server is sending some HTTP request to all these printers, but I'm not sure what it could be.  As well as all the Microsoft stuff, my predecessor installed some Xerox printing software and some Dell printing software.  It is possible that one of these applications is causing the prints, however I am a bit worried about uninstalling the software in case those printers stop working.

Any advice would be really appreciated, as it's becoming a real pain in the ****.

Thanks a lot,
Toby
0
Comment
Question by:geoff_austin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 11

Expert Comment

by:bsharath
ID: 20288023
See the eventlog if there is a entry of what's happening...
0
 

Author Comment

by:geoff_austin
ID: 20288272
Good idea.

Unfortunately I can't find anything that looks relevant in the event logs.
0
 
LVL 56

Accepted Solution

by:
andyalder earned 250 total points
ID: 20292474
Sounds like a virus on a laptop or desktop that 'scans' the local subnet in search of webservers that it may be able to hijack when it boots and the printers end up printing a bit of the code.

Run network monitor on a PC on the same subnet and you'll probably be able to catch the similar traffic being sent to it and identify the IP address of the sender from the trace.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:geoff_austin
ID: 20297021
Thanks for your post Andy, sounds feasible.

Are there any network monitors you'd recommend?
0
 
LVL 56

Expert Comment

by:andyalder
ID: 20297193
I was thinking to use netmon but I didn't realise that it only comes with server, not XP.

www.ethereal.com/ is the most popular free network monitor.
0
 

Author Comment

by:geoff_austin
ID: 20533830
Thx again for your reply Andy and sorry about the big delay in replying.

I installed Wireshark in the end:- http://www.softpedia.com/get/Network-Tools/Protocol-Analyzers-Sniffers/Ethereal.shtml
(Apparently this is the new name for Ethereal)

OK, so now I have a 250MB capture, some point during which this event occurred.  I have been trying some filters, but without knowing exactly what I'm looking for it's difficult to know what filters to apply.

I have seen lots of broadcasts with protocol SSDP saying "notify * HTTP/1.1"

This corresponds roughly with what is being printed out on all the printers.  Could these broadcasts cause printers to print?
0
 

Author Closing Comment

by:geoff_austin
ID: 31457458
We changed the IP address range for a different reason and the problem went away.  Thanks for your help anyway.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question