We have a network printer that will suddenly fire up and print five lines (three times this month)
GET / HTTP/1.1
TE: deflate, gzip;q=0.03
Connection: TE, close
Host : <printer IP>:9100
User-Agent: libwww-perl/6.13
I'm guessing that something is scanning ports, but don't know where it's coming from - it only identifies the printer IP address. The network is all cable, no Wi-Fi enabled...
Any idea what could be doing this, and how it can it be located?
The printer is an old (probably 15 years at least) HP Colour LaserJet 4500N with it's own network card and will reply to a ping request from anywhere on the internet...
Thanks
It seems like some automated Perl script is trying to access the printer's web console. The User-Agent line tells the request comes from LWP, the most commonly used library to make web requests from Perl.
As you just found out, similar behavior can be invoked by just entering http://<printerIP>:9100 in a web browser. Now it is only a matter of tracking down the visitor. You may find a log in the management console that gives you the visitor's IP address.
Related
Breif Description of what I am trying to accomplish. So I am working with Crestrons Simpl+ software. My job is to create a module for a sound masking system called QT Pro. Now, QT Pro has an API where you can control it via HTTP. I need a way to establish a connection with the QT Pro via HTTP( I have everything I need, IP, Username, Password).
Whats the problem? I have just started working with this language. Unfortunately there isn't as much documentation as I would like, otherwise I wouldn't be here. I know I need to create a socket connection via TCP on port 80. I just don't know what I'm supposed to send through it.
Here is an example:
http://username:password#address/cmd.htm?cmd=setOneZoneData&ZN=Value&mD=Value
&mN=Value&auxA=Value&auxB=Value&autoR=Value
If I were to put this into the URL box, and fill it in correctly. then it would change the values that I specify. Am I supposed to send the entire thing? Or just after cmd.htm? Or is there some other way I'm supposed to send data? I'd like to stay away from the TCP/IP Module so I can keep this all within the same module.
Thanks.
You send
GET /cmd.htm?cmd=setOneZoneData&ZN=Value&mD=Value&mN=Value&auxA=Value&auxB=Value&autoR=Value HTTP/1.1
Host: address
Connection: close
(End with a couple of newlines.)
If you need to use HTTP basic authentication, then also include a header like
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
where the gibberish is the base64-encoded version of username:password.
But surely there is some mechanism for opening HTTP connections already there for you? Just blindly throwing out headers like this and hoping the response is what you expect is not robust, to say the least.
To see what is going on with your requests and responses, a great tool is netcat (or telnet, for that matter.)
Do nc address 80 to connect to server address on port 80, then paste your HTTP request:
GET /cmd.htm HTTP/1.1
Host: address
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Connection: close
and see what comes back. SOMETHING should come back. (Remember to terminate with two newlines.)
To see what requests your browser is sending when you do something that works, you can listen like this: nc -l -p 8080.
Then direct your browser to localhost:8080 with the rest of the URL as before, and you'll see the request that was sent. (Then you can type back to see how the browser handles the response.)
I have Windows 8.1 installed on my computer and regularly use Fiddler to capture web traffic.
Recently, however, when I open Fiddler and
it strats to capture web traffic, my Internet connectivity dies.
The error I get when I open IE is "the proxy server isn't responding."
In Chrome, I get "Could not connect to proxy server" with the following error: "Error code: ERR_PROXY_CONNECTION_FAILED."
Fiddler doesn't even capture any of the requests going out. The weird thing is that Fiddler was working ok just some days ago and nothing was recently installed on my system.
Searching the Internet for 5 hours, trying everything, and no effective response.
This also had no effect: http://www.telerik.com/blogs/fiddler-and-internet-explorer-11-on-windows-8-1
It seems that the proxy server created by Fiddler is simply not attending to any traffic.
If I close Fiddler or disable the capture mode my internet come back to normal.
Uninstall and reinstall Fiddler does not solve the problem, neither restart Windows.
This question has some similarities with my problem, but as I said, none of the answers worked for me.
Why is Fiddler having this problem, and how can I fix it?
99% of the time, this is caused by running a 3rd-party firewall which is blocking access to Fiddler.
1% of the time, this is caused by plugging a Windows Phone device into your PC over USB. The Windows Phone team steals Fiddler's default port (8888) from it.
Running Help > Troubleshoot and updating your question with its output may help.
I have a Gwan server set up at home on my Arch Linux box. I'm running "motion". I have a router that, of course, handles my external IP address.
I want to access the avi movie shorts generated by motion through port 1000 which is port forwarded through my router to the box on my internal network. I've written an event_end script that copies these motion videos to my Gwan "Document Root". I've set the particular directory up according to the Gwan docs and can see these videos using the external ip address:1000 just fine when I'm at home. But when I click on the very same link from the machine at my office, I get this error message in Firefox: "Firefox can't establish a connection to the server at 99.99.99.99:1000.".
So I don't understand why I can see that link when I'm at home but not from anyplace else. What setting have I missed?
Thanks.
Are you sure that your firewall at work allows traffic on port :1000 at all?
port 1000 which is port forwarded through my router to the box on my internal network [at home]... but I get an error "Firefox can't establish a connection to the server at 99.99.99.99:1000" [from my office].
As Pete noticed, this sounds like a routing error.
As the HTTP client, Firefox, cannot even establish a connection, the problem happens before G-WAN can do anything.
while I was using quickserve, I could view those videos just fine while using port:1000
...probably from your private network at home, and not from your office.
If quickserve was available from your office then, since then, you have messed with the router port mapping OR with the G-WAN listener (hence the connection failure).
Unfortunately, since G-WAN won't receive anything until you get this right, its log files won't help.
And as you do not provide any information about your port mapping and G-WAN listener, we can't help you to spot obvious errors.
Note that this issue is a system configuration problem and has little to do with the G-WAN application server itself (remember that Stackoverflow is a Q&A site for developers). The Serverfault site might be a better place to discuss your problem.
Hi guys I run a busy CentOS webserver (nginx/php-fpm) an to protect it to certain attacks I used http://deflate.medialayer.com/ for a while. I had setup a white-list with 127.0.0.1, my external databes server IP and about 100 search engine scrapers.
This system was working well for a while until for a yet unknown reason DDos deflate decided to ban 127.0.0.1 out of the blue. This prevented a php-fpm of things from running. I switched FPM to unix socket instead, so if localhost was banned again, it would run fine.
But today out of the blue DDOS deflate banned my external database server. This IP was always whitelisted, and this IP always has well over the set limit of connections, so the whitelisting worked. But today out of the blue, boom also this IP got banned, and was removed from the whitelist.
I am totally freaked out, and have stopped using DDOS deflate for now. What could be causing this? DDOS deflate was successfully banning/unbanning new IP's all the time, and it would honor the whitelist. But once in a while, it just randomly removes items from that whitelist, and bans them.
Maybe someone also knows a good alternative to DDOS deflate? I work with IPTABLES.
I started using https://github.com/ess/citadel which works very well so far.
Here's what I've done:
I wrote a minimal web server (using Qt, but I don't think it's relevant here).
I'm running it on a legal Windows 7 32-bit.
The problem:
If I make a request with Firefox, IE, Chrome or Safari it takes takes about one second before my server sees that there is a new connection to be accepted.
Clues:
Using other clients (wget, own test client that just opens a socket) than Firefox, IE, Chrome, Safari seeing the new connection is matter of milliseconds.
I installed Apache and tried the clients mentioned above. Serving the request takes ~50ms as expected.
The problem isn't reproducible when running Windows XP (or compiling and running the same code under Linux)
The problem seems to present itself only when connecting to localhost. A friend connected over the Internet and serving the connection was a matter of milliseconds.
Running the server in different ports has no effect on the 1 second latency
Here's what I've tried without luck:
Stopped the Windows Defender service
Stopped the Windows Firewall service
Any ideas? Is this some clever 'security feature' in Windows 7? Why isn't Apache affected? Why are only the browsers affected?
If you're saying "localhost" instead of "127.0.0.1", you're forcing a name lookup before the actual connection attempt, adding delay.
In addition, some browsers, like Firefox 3.5+, don't use the operating system's DNS lookup mechanism, which is why it can have different performance than, say, wget.
You may be running into some automatic proxy discovery problem. In Firefox, you can disable this in Options | Advanced | Network | Settings; select either "No proxy" or give it explicit values. There's also the Internet Properties control panel, which is IE's network settings, but other browsers on Windows may obey settings here, too. Again, disable auto-proxy discovery. This can speed connections outside localhost, too.
For some reason Windows 7 takes 1 second to resolve address localhost regardless of it being in hosts file.
Adding localhost1 to hosts file and using that works around the problem.
When connecting to localhost on a IPv4/IPv6 dual stack host:
A DNS lookup is performed for localhost.
The DNS server (whether IPv6 enabled or not - this doesn't matter) returns both the AAAA record ::1, and the A record 127.0.0.1.
The client first attempts to connect to ::1.
We assume your server program is not IPv6-capable, which is a common case - due to historical reasons, many servers bind their socket to 0.0.0.0 by default rather than [::].
Here an ECONNREFUSED error would be raised for the client. This happens immediately on most platforms; on Windows however, a single call to connect() would try 3 times in 500ms intervals before giving up, hence taking a bit more than one second (See http://stackoverflow.com/q/19440364 for more details).
The client then creates a connection to 127.0.0.1 instead.
This would explain all your clues above:
If you make a request with Firefox, IE, Chrome, Safari or any other IPv6-capable clients, it takes takes about one second trying for ::1 before connecting to 127.0.0.1.
Your own test client just opens a INET socket, so it won't try ::1 at all.
Using a dual-stack server such as Apache, the clients will connect to ::1 happily.
The problem isn't reproducible on Windows XP, of which IPv6 support is not enabled by default.
The problem seems to present itself only when connecting to localhost, as your friend connected with an IPv4-only network.
Running the server in different ports has no effect on the 1 second latency.