Re: SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server
no_spam_at_me.com
Date: 08/25/05
- Previous message: Christoph Gruber: "Re: Linux hardening"
- Maybe in reply to: pejman.gohari_at_gmail.com: "SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Aug 2005 09:14:54 -0000 To: focus-linux@securityfocus.com('binary' encoding is not supported, stored as-is) Hi,
Nothing to prove, it's already unencrypted :)
You can sniff the print job at two places:
or between PC->print_server on TCP/445
(RAW which is PS/TXT/PCL/ blabla or EMF in this case)
or between Print_server->Printer on TCP/515 (LPR) or TCP/9100(Raw printer)
(PS/TXT/PCL/HPGL/GDI/device dependent language in this case)
Depending on the print processor used in Windows,
sniffed print file (prn) will be either in PCL/TXT/PS/ .... (RAW print processor) or EMF
You have viewer for each type of file (dig internet ...)
For ex:
EMF: EMF VIEWER (Win32)
PS: GHOST SCRIPT/GHOST VIEW (LINUX/Win32)
PCL: REDTITAN or SWIFTVIEW (Win32)
...
HTH
Regards
traxx
=================================
Visit us at www.knowledgecave.com
=================================
- Previous message: Christoph Gruber: "Re: Linux hardening"
- Maybe in reply to: pejman.gohari_at_gmail.com: "SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
