Using Wireshark to validate print traffic encryption

KB Home   |   Using Wireshark to validate print traffic encryption

With PaperCut MF and NG, you can ensure that all print traffic on your network is encrypted. Before validating that your traffic is secure, follow the comprehensive guide to end-to-end print security. This article explains how to validate that all your print jobs are printing securely.

Firstly you’ll need Wireshark to analyze network protocols.

After you’ve installed Wireshark on your print server, use the ip.addr field to filter traffic between the printer server and your printer.

Print a test page and look out for TLS traffic, which is an indicator that you are printing over IPPS. You will also see that all the TCP traffic is going to the secure port 443.

If you right click on the TCP traffic to port 443, and selecting Follow → TCP Stream, the contents will be undecipherable.

However, if you are seeing IPP traffic, with example commands like “IPP Request (Print-Job)” then your print traffic is not secure. In this case, your TCP traffic will be to port 80.

You can also check the contents of the print job. Right click on the TCP traffic to port 80 just before the Print-Job command, and select Follow → TCP Stream. Search for your document name, it will appear in clear text. The actual print content will also be unencrypted, but depending on your driver language it might appear illegible. Even though you might not be able to read it, someone can easily capture the spool file and reprint it.

Similarly, you can also follow the TCP stream of other printing protocols, and again, you will see your document details in clear text.

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on March 04, 2018, at 11:35 PM
Printable View   |   Article History   |   Edit Article