SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server
Date: 19 Aug 2005 11:42:03 -0000 To: firstname.lastname@example.org('binary' encoding is not supported, stored as-is) Hi all,
I'm focused on SMB sniffing: TCP/445 and I have basic architecture:
( PC --> Microsoft spooler server:TCP/445 --> Printer )
I would like to prove that it's possible to capture and decrypt all document sent by the PC to Microsoft Spooler server to be printed.
With Ethereal/SMBspy or just tcpdump/tcpflow, it's possible to capture the data exchanged between the client and server ( PC --> spooler:TCP/445 ), but itís a SMB file. In some case (with SMBspy, you can obtain a data file, which contain a PCL format file, but impossible to use it.
I tested SMBsniffer but it obtained just a result for file exchange between PC / Windows File Server.
I found nothing on this subject in Internet,
So is it impossible to sniff a LAN to capture the document, which is sent to a Spooler to be printed?
If any idea ...