• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

Every day at approx 9.30am all our network printers spool a couple of pages containing some HTTP code

Dear Gurus,

The majority, if not of our networked printers spool out two pages each morning with the following text:-

Page 1:

HEAD / HEAD\1.0

Page 2:

GET / HTTP/1.1
Host: <printer IP address>
Connection: close

I am not certain what could be causing this.  We have a single Windows 2003 server which is our domain controller, also running Exchange, IIS (and RPC over HTTPS), file & print.

It makes sense that something running on the server is sending some HTTP request to all these printers, but I'm not sure what it could be.  As well as all the Microsoft stuff, my predecessor installed some Xerox printing software and some Dell printing software.  It is possible that one of these applications is causing the prints, however I am a bit worried about uninstalling the software in case those printers stop working.

Any advice would be really appreciated, as it's becoming a real pain in the ****.

Thanks a lot,
Toby
0
geoff_austin
Asked:
geoff_austin
  • 4
  • 2
1 Solution
 
bsharathCommented:
See the eventlog if there is a entry of what's happening...
0
 
geoff_austinAuthor Commented:
Good idea.

Unfortunately I can't find anything that looks relevant in the event logs.
0
 
Handy HolderSaggar makers bottom knockerCommented:
Sounds like a virus on a laptop or desktop that 'scans' the local subnet in search of webservers that it may be able to hijack when it boots and the printers end up printing a bit of the code.

Run network monitor on a PC on the same subnet and you'll probably be able to catch the similar traffic being sent to it and identify the IP address of the sender from the trace.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
geoff_austinAuthor Commented:
Thanks for your post Andy, sounds feasible.

Are there any network monitors you'd recommend?
0
 
Handy HolderSaggar makers bottom knockerCommented:
I was thinking to use netmon but I didn't realise that it only comes with server, not XP.

www.ethereal.com/ is the most popular free network monitor.
0
 
geoff_austinAuthor Commented:
Thx again for your reply Andy and sorry about the big delay in replying.

I installed Wireshark in the end:- http://www.softpedia.com/get/Network-Tools/Protocol-Analyzers-Sniffers/Ethereal.shtml
(Apparently this is the new name for Ethereal)

OK, so now I have a 250MB capture, some point during which this event occurred.  I have been trying some filters, but without knowing exactly what I'm looking for it's difficult to know what filters to apply.

I have seen lots of broadcasts with protocol SSDP saying "notify * HTTP/1.1"

This corresponds roughly with what is being printed out on all the printers.  Could these broadcasts cause printers to print?
0
 
geoff_austinAuthor Commented:
We changed the IP address range for a different reason and the problem went away.  Thanks for your help anyway.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now