SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server

pejman.gohari_at_gmail.com
Date: 08/19/05

  • Next message: ben creitz: "Re: Content Filtering Firewall in Linux.." 
    Date: 19 Aug 2005 11:42:03 -0000
To: focus-linux@securityfocus.com
    ('binary' encoding is not supported, stored as-is) Hi all,

    I'm focused on SMB sniffing: TCP/445 and I have basic architecture:
    ( PC --> Microsoft spooler server:TCP/445 --> Printer )

    I would like to prove that it's possible to capture and decrypt all document sent by the PC to Microsoft Spooler server to be printed.

    With Ethereal/SMBspy or just tcpdump/tcpflow, it's possible to capture the data exchanged between the client and server ( PC --> spooler:TCP/445 ), but it’s a SMB file. In some case (with SMBspy, you can obtain a data file, which contain a PCL format file, but impossible to use it.

    I tested SMBsniffer but it obtained just a result for file exchange between PC / Windows File Server.

    I found nothing on this subject in Internet,
    So is it impossible to sniff a LAN to capture the document, which is sent to a Spooler to be printed?

    If any idea ...

    Regards,
    Pejman

  • Next message: ben creitz: "Re: Content Filtering Firewall in Linux.."