I have a next LAN scheme:
<MyPC 10.220.0.x> --- <WinServ 2008r2 10.220.0.x> --- <Xerox WC 192.168.0.x>
Server has PrintServer role enabled and printer is shared. I want to monitor the printer's state/errors through SNMP but problem is that I haven't acess to printer directly because it is in a different network. I can operate with printer ONLY as a shared i.e. through printserver, so my question is - how I can make SNMP requests to shared printer? Is it possible?
If the device in the middle is routing the relevant traffic and the config on the printer allows it to respond to SNMP requests from outside its subnet then there's nothing to stop it from working.
But those are really big caveats, particularly the first one.
If you are doing any NAT on the box in the middle, then either replace it with a Linux box or proper router or find another problem to solve.
If it's not routing, then you need to set this up (note that you want a STATIC route).
If it is routing already then you probably need to look at the firewall to make sure its allowing the traffic.
If that's all working then you need to look at the SNMP policy on the printer.
Your network diagram is vague enough that they could all be on the same LAN.
If so lucky, then just set a static route to the 192.168 network on "My PC". eg.
route add 192.168.0.0 mask 255.255.0.0 IP-ADDRESS-OF-MY-PC
If you can ping your printer, then you can access it via SNMP, assuming
there are no firewalls on the printer disallowing this.
Related
I have a language monitor that I am trying to query the printer from.
First let me apologize for the possible confusion since "port" means 2 things in this description. There is the one use that refers to the port that the printer is configured to use, which could be TCP, USB, etc. And then there is the use of port that refers to the port address to send data to when communicating with the printer's IP address.
I need to be able to specify different port addresses to send different custom queries to a printer over the same IP that are specific to it's firmware. I can't find any examples or documentation on what the standard way is to do this communication... I can extract the IP address and open a net socket, but I am not sure if this is the appropriate way to handle this communication. It's not uncommon for printers to send status over one port, and print data over another. If i want to write to the Default port I can use pfnWritePort and pfnReadPort, but these don't allow me to specify the actual port.. it uses whatever the driver is configured as.
Can anyone provide some guidance or examples of how I should do this from my language monitor?
EDIT: As an example for clarification, all commands are sent to the same IP, but depending on the command/query I need to send, the TCP port needs to change. The way I am handling it now is opening up a net socket with the same IP and different port numbers for data and status channels).
You should be required to write an app that would be able to reconfigure driver. Ideology of OS is that EACH real device would corresponds to instance of driver and\or interface. Which might be an elevated action, because it requires to create new printer interface("port" in Windows GUI terms) and change driver settings.
This may be a silly question but I was googling a lot last days and I've just found related but not a direct answer to this. In order to express it better let me mention a comparison:
If I setup an http server in a computer behind a router , I must set port forwarding and also that computer must have an static internal IP address in order to receive the requests on that port for that particular IP address. For instance, my router does not allow port forwarding so I could not set it up for the HTTP server. However , Bittorent works like a charm behind that same router without any static IP , nothing. How bittorrent can get requests and it can also seed? How other peers will connect to my computer while seeding? I did verify that when Bittorrent is running the port it uses for example 39031, is actually open ( using yougetsignal_dot_com). How the router can be made to open the port without using its admin settings ( we can also use Bitorrent in a public hot spot where is no way to mess with the router). I know the trackers may do some help, but there are a lot of information about a decentralized way with no trackers or basically that the peers are also trackers but not details on how it works.
Finally, why this "trick" (if any) cannot be used with an HTTP server and we must always depend on the router settings ?
BitTorrent does work behind NAT, to a certain extent. It works better if port forwarding is configured, though.
BitTorrent works reasonably well behind NAT for the following reasons:
BitTorrent is peer-to-peer, and either peer can initiate a connection; therefore, communication will succeed if either of two peers is not behind NAT or properly port forwarded;
some BitTorrent clients are able to automatically set up port forwardings using uPNP or PMP;
modern BitTorrent clients use µTP instead of TCP, and some clients are able to perform UDP hole punching.
in my college lab all the PCs are connected via LAN by L2 switch. i want to capture the http data packets by wireshark but it is only showing the interface of my own PC. so how can i capture the packets of other PCs.
can somebody tell me working of wireshark?
It is in the nature of switches that you will only see either broadcast packets or traffic that has your MAC address as a destination, that is one of the crucial differences between a switch and a hub.
It is possible for most switches to be configured to copy traffic from one port to another, this is commonly done for monitoring purposes, but that has to be done via administrative access to the device.
You can manipulate the switch's behavior by means of ARP-Spoofing. But be cautious! Doing so might be seen as a criminal act.
So be sure that you're allowed to do so in the lab, sometimes that's OK if it serves the educational purpose. Ask your supervisor or the school's administrator.
My weapon of choice for such things is Ettercap.
A far less intrusive approach would be to use one of your own switches and configure it to forward all traffic. Then you can connect one port as an uplink to the lab's switch, one port to the device under test and one port to your machine running wireshark. (I would recommend using tcpdump for capturing, though.) If you don't have a manageable switch at hand, you can also use a router running OpenWRT.
I would like to setup a network connection (RTP or UDP) between two computers at different locations, each of which is behind a NAT modem/firewall. I do not want any modification of the firewalls.
My working assumption is that I need a bot somewhere that both computers can reach (eg a shell account on an internet server). Each computer connects out to the bot and the bot allows the two computers to update and query status and to exchange data.
This is ok as far as it goes, but it means that all data travels via the bot. Is there a way I can connect the two computers without the bot, or failing that, allow the bot to drop out of the data exchange once a connection has been setup? My feeling is that there is no way to do this, but my TCP/IP is a bit rusty...
If you assume nothing on the NAT/Firewall your are correct.
Hole-Punching for example will not work with overloaded NAT (PAT) as far as I know, because the source port is randomized by the NAT device, and it maps/match both the destination public address and the picked up source port elected.
UPnP may work, but again you need to assume it exist and enabled on the NAT device.
As I see it, you got only two options if you want to be generic:
1. Configure the NAT.
2. Use a proxy (the bot you mentioned).
Skype for example uses the second, but does it in a distributed manner by using every Skype client as a potential proxy (probably only if it detects it is not behind a NAT or not limited by it).
I need to connect to a VPN Server , I can`t use windows Connections , My Application should work independently !
I tested some Components using RAS Api , they works ! but by using windows connections .
how can i do that without any dependency to windows connections ?
The problem with this question
"VPN" stands for "Virtual Private Network". It's a way to make a private network available to your computer, possibly in a secure way, so your computer can use standard IP protocols as if it were physically connected to the private network.
The operating system needs to know about that network, so of course all VPN implementations use "windows connections". From a different perspective: When you're connected to a VPN you can open a TCP connection to an IP on the private network as if it were on your local network. Since it's the operating system's job to set up your TCP connection and route your TCP/IP packets, of course it needs to know about the VPN! If it doesn't, it'll simply forward all your requests for the given IP to it's default router and fail with a "no route to destination" message (or a "time out", if your router is not kind enough to tell your system it has no idea what the private IP is).
Can it be done?
From a theoretical point of view, of course, you can bypass Windows completely, but then you'll have to "roll your own" everything. You can't use the Windows IP services, you'll have to implement your own TCP. I'm sure there are about a million other little things that need re-implementing.
For a starting point I'd look at the Open VPN: it's Open Source and available for Windows. It uses the UDP protocol as the bases for the VPN implementation, unlike the Windows VPN (that one uses GRE - General Routing Encapsulation, protocol 47). Open VPN itself, of course, uses a "windows connection" to do it's job, because it aims to provide a useful service, but you can use the source code as the bases for your own implementation.
I personally wouldn't even think about doing this, I'm just showing you the way and proving it's possible.
What should be done
I assume you want some kind of secure communication channel to your own service. Look into simple secure connections, tunneling protocols and proxies.
If this needs to be done for one service on one server, I'd look into a simple SSL implementation. Even better, look into using HTTPS.
If you need to access many different services on possibly different servers on the given private network I'd look into proxies.