Results 1 to 8 of 8

Thread: HP printer discovery rules

  1. #1
    Member
    Join Date
    Feb 2012
    Location
    Slovenia
    Posts
    65

    HP printer discovery rules

    Hi.
    I think that discovery rules for HP printers are not correct, because it looks at openports(631,9100).
    What about print servers? They also have this ports :P

    Would it be better if discovery rule is one (or combination of more) of the following:
    osvendor HP
    ostype printer
    macvendor hewlet packard

    Just mentioning this as a suggestion, so discovery for others will work better I have already modified my configuration..

  2. #2
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,130

    Re: HP printer discovery rules

    You means CUPS-like tools also open the 9100 port?

    I'll try your rule and scan my own cups and printers to see the problem, and commit your version

    Thanks
    No direct support by personal message. Please open a thread so everyone can see the solution

  3. #3
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,130

    Re: HP printer discovery rules

    Can you send me an outpout of the command :
    Code:
    nmap_discovery_runner.py -t PRINTERIP
    Thanks
    No direct support by personal message. Please open a thread so everyone can see the solution

  4. #4

    Re: HP printer discovery rules

    I'll anwser instead of matjaz with printers here

    But there is a problem with this rules as it tests ports 631 et 9100 but shinken discovery exit function with true when there are one of the port in the list matching. So it match at 631 but doesn't test 9100 and so when we want to scan a linux server with cups server then it will be tagged with printer-hp but it isn't.
    So either match test code must to be rewrite to test every items in a list to exit true or rewrite the rule with one line for each port, like that :

    Code:
    define discoveryrule {
        discoveryrule_name    HPPrinterState
        creation_type      host
        openports        631
        openports        9100
        +use           printer-hp
    }
    Or we can use rule proposed by matjaz.

    There is my output :

    Code:
    nmap_discovery_runner.py -t hplaser5
    Got our target ['hplaser5']
    propose a tmppath /tmp/tmpvWPHXC
    Launching command, sudo nmap hplaser5 -sU -sT --min-rate 1000 --max-retries 0 -T4 -O --traceroute -oX /tmp/tmpvWPHXC
    Try to communicate
    Got it ('\nStarting Nmap 5.21 ( http://nmap.org ) at 2012-07-16 15:36 CEST\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nNmap scan report for hplaser5 (xxx.xxx.xxx.xxx)\nHost is up (0.0013s latency).\nrDNS record for xxx.xxx.xxx.xxx: hplaser5.syleps.fr\nNot shown: 1943 closed ports, 35 filtered ports\nPORT   STATE     SERVICE\n23/tcp  open     telnet\n80/tcp  open     http\n280/tcp  open     http-mgmt\n443/tcp  open     https\n7627/tcp open     unknown\n9100/tcp open     jetdirect\n14000/tcp open     unknown\n37/udp  open|filtered time\n111/udp  open     rpcbind\n137/udp  open|filtered netbios-ns\n161/udp  open|filtered snmp\n363/udp  open|filtered rsvp_tunnel\n2049/udp open     nfs\n5353/udp open     zeroconf\n6004/udp open|filtered X11:4\n8900/udp open|filtered unknown\n33459/udp open|filtered unknown\n34125/udp open|filtered unknown\n34861/udp open|filtered unknown\n34862/udp open|filtered unknown\n48761/udp open|filtered unknown\n58178/udp open|filtered unknown\nMAC Address: 00:12:79:E0:09:47 (Hewlett Packard)\nDevice type: printer|storage-misc|broadband router|WAP\nRunning: HP embedded, IBM embedded, Siemens embedded, Kaiomy embedded, Planet embedded\nOS details: HP LaserJet 2420 printer, IBM DF-4000 ProFibre Storage Array, or Siemens C-110 ADSL modem, Kaiomy AL-2014PW wireless ADSL modem or Planet ADE-4110 ADSL modem\nNetwork Distance: 1 hop\n\nOS detection performed. Please report any incorrect results at http://nmap.org/submit/ .\nNmap done: 1 IP address (1 host up) scanned in 2.18 seconds\n', 'Warning: Traceroute does not support idle or connect scan, disabling...\n')
    Can be ('embedded', '', '100', 'printer', 'HP')
    Will dump ('embedded', '', 'printer', 'HP')
    hplaser5::isup=1
    hplaser5::os=embedded
    hplaser5::osversion=
    hplaser5::ostype=printer
    hplaser5::osvendor=hp
    hplaser5::macvendor=hewlett packard
    hplaser5::openports=23,80,280,443,7627,9100,14000,111,2049,5353
    hplaser5::fqdn=hplaser5
    hplaser5::ip=xxx.xxx.xxx.xxx
    And another ones slightly different :

    Code:
    ../libexec/nmap_discovery_runner.py -t hplaser6
    Got our target ['hplaser6']
    propose a tmppath /tmp/tmpk320iJ
    Launching command, sudo nmap hplaser6 -sU -sT --min-rate 1000 --max-retries 0 -T4 -O --traceroute -oX /tmp/tmpk320iJ
    Try to communicate
    Got it ('\nStarting Nmap 5.21 ( http://nmap.org ) at 2012-07-16 15:36 CEST\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nWarning: xxx.xxx.xxx.xxx giving up on port because retransmission cap hit (0).\nNmap scan report for hplaser6 (xxx.xxx.xxx.xxx)\nHost is up (0.0044s latency).\nrDNS record for 10.145.3.24: hplaser6.syleps.fr\nNot shown: 836 closed ports, 631 filtered ports, 529 open|filtered ports\nPORT  STATE SERVICE\n21/tcp open ftp\n23/tcp open telnet\n80/tcp open http\n631/tcp open ipp\nMAC Address: 00:10:83:54:86:54 (Hewlett-packard Company)\nDevice type: print server\nRunning: HP embedded\nOS details: HP JetDirect J3110A print server\nNetwork Distance: 1 hop\n\nOS detection performed. Please report any incorrect results at http://nmap.org/submit/ .\nNmap done: 1 IP address (1 host up) scanned in 6.20 seconds\n', 'Warning: Traceroute does not support idle or connect scan, disabling...\n')
    Can be ('embedded', '', '100', 'print server', 'HP')
    Will dump ('embedded', '', 'print server', 'HP')
    hplaser6::isup=1
    hplaser6::os=embedded
    hplaser6::osversion=
    hplaser6::ostype=print server
    hplaser6::osvendor=hp
    hplaser6::macvendor=hewlett-packard company
    hplaser6::openports=21,23,80,631
    hplaser6::fqdn=hplaser6
    hplaser6::ip=xxx.xxx.xxx.xxx

  5. #5
    Shinken project leader
    Join Date
    May 2011
    Location
    Bordeaux (France)
    Posts
    2,130

    Re: HP printer discovery rules

    Hum... catch mutiple lines is not managed. I don't see how to manage this case so :'(
    No direct support by personal message. Please open a thread so everyone can see the solution

  6. #6

    Re: HP printer discovery rules

    You mean that we must have only one condition to match in a discovery_rule ?

    matjaz rules with filtering by ostype + osvendor isn't enough ?

    Else some modifications in matchingitems.py to ask to match all values if comma separated list is provided, no ? I can handle that

  7. #7
    Low-level discovery rule in “not supported” state - matches events

  8. #8
    TFTP Incoming Port: HP Web Jetadmin uses this port as a staging area for firmware images during HP Jetdirect firmware updates. Through SNMP, HP Web Jetadmin triggers HP Jetdirect to retrieve firmware through this port.
    80

    TCP

    O

    HP Web Jetadmin uses this port to qualify the link to the HP Embedded Web Server on the device and to retrieve the firmware images from the web.
    161

    UDP

    O

    SNMP: HP Web Jetadmin and other management applications use SNMP to communicate with and manage devices. HP Web Jetadmin uses this port on the printer to issue Set and Get commands to the SNMP agent.
    427

    UDP

    I

    SLP Listen: HP Jetdirect-connected devices use Service Location Protocol (SLP) to advertise their existence. When the passive SLP discovery feature is enabled on HP Web Jetadmin, devices send multicast packets to this port on the HP Web Jetadmin server.
    443

    TCP

    O

    HTTPS: The HP Web Jetadmin service and HPWSProAdapter service send device configurations and queries to this port over HTTPS.
    HPWSProAdapter uses this port to communicate with devices that do not support Web Services and are configured to redirect all of the network traffic to HTTPS.
    843

    TCP

    O

    HP Web Jetadmin uses this port to configure some settings, such as fax and digital sending, on some HP MFP device models.
    1433

    UDP

    O

    Microsoft SQL Server: By default, HP Web Jetadmin installs the SQL Server database on the same host. Optionally, you can configure HP Web Jetadmin to communicate with a SQL Server database on a different host. HP Web Jetadmin uses this port to facilitate communication with a remote SQL Server database.
    2493

    UDP

    I/O

    Build Monitor: This is an HP Web Jetadmin server port that is kept open. Other HP Web Jetadmin servers use this port to discover running instances of HP Web Jetadmin.
    37022

    UDP

    O

    WS Discovery: HP Web Jetadmin uses this port to perform a Web Services discovery on newer HP devices.
    39102, 3911

    TCP

    O

    WS Discovery: HP Web Jetadmin uses this port to retrieve details about the device Web Services during a discovery. HP Web Jetadmin uses these details to establish the WS communication paths that it needs to manage devices.
    HP Web Jetadmin uses port 3910 to retrieve print requests and uses port 3911 to retrieve the printer status.
    4088

    TCP

    I

    Remoting: HP Web Jetadmin uses this port as the primary communication channel between a started HP Web Jetadmin client and its corresponding HP Web Jetadmin server.
    4089

    TCP

    I

    Client Event Notification: HP Web Jetadmin uses this port to communicate change events from the HP Web Jetadmin server to the client. These events trigger the client to pull updates from the server through the Remoting interface. In previous releases of HP Web Jetadmin, Windows assigned this port.
    76272

    TCP

    O

    Web Services (HTTPS): HP Web Jetadmin uses this port to communicate with HP FutureSmart devices and older laser devices for some operations, such as OXPd.
    For devices that do not support Web Services, the HPWSProAdapter Service acts as a gateway between HP Web Jetadmin and the devices. The HPWSProAdapter Service receives Web Services requests from HP Web Jetadmin, and then sends the translated requests to the devices over port 8080 (an unsecure connection, an HP Embedded Web Server password is not configured on the devices) or port 443 (a secure connection, an HP Embedded Web Server password is configured on the devices).
    8000

    UDP

    O

    HP Web Jetadmin Discovery Listen: HP Web Jetadmin uses this port on remote IP hosts to detect earlier versions of the HP Web Jetadmin software.
    8000

    TCP

    I

    Web Server: HP Web Jetadmin provides an HTTP listener for the initial client launch and online Help content.
    8050

    TCP

    I

    Device Eventing Callback (HTTPS): Newer HP devices use a WS eventing protocol for management communications.
    8080

    TCP

    O

    HPWSProAdapter: HPWSProAdapter uses this port to communicate with devices that do not support Web Services and are not configured to redirect all of the network traffic to HTTPS. HP Web Jetadmin sends device configurations and queries to this port.
    8140

    TCP

    I

    OXPm Web Services (HTTP): This is the communication port for HP Open Extensibility Platform (management operations).
    8143

    TCP

    I

    OXPm Web Services (HTTPS): This is a secure communication port for HP Open Extensibility Platform (management operations).
    8443

    TCP

    I

    Secure Web Server (HTTPS): HP Web Jetadmin provides a secure HTTPS listener for the initial client launch, Help content, and device file transfer operations.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •