Ethereal-users: [Ethereal-users] SMB : TCP/445 impossible to sniff a document sent to be printed

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Pejman GOHARI <pejman.gohari@xxxxxxxxx>
Date: Fri, 19 Aug 2005 13:58:12 +0200
Hi all, 

I'm focused on SMB sniffing: TCP/445 and I have basic architecture:
( PC --> Microsoft spooler server:TCP/445 --> Printer )

I would like to prove that it's possible to capture and decrypt all
document sent by the PC to Microsoft Spooler server to be printed.

With Ethereal or just tcpdump/tcpflow, it's possible to capture the
data exchanged between the client and server ( PC --> spooler:TCP/445
), but it's a SMB file. In some case (with SMBspy, you can obtain a
data file, which contain a PCL format file, but impossible to use it.

I tested SMBsniffer but it obtained just a result for file exchange
between PC / Windows File Server.

I found nothing on this subject in Internet,
So is it impossible to sniff a LAN to capture the document, which is
sent to a Spooler to be printed?

If any idea ... 

Regards,
Pejman