How to find the model number of a printer in wireshark

edit

There is no guaranteed way to do it.

If some protocol happens to involve a printer sending a model number indication in a packet, and you've captured the traffic containing that packet, then you could get it from that packet. The field that contains the printer model number would depend on the protocol being used.

One protocol that might include printer model number information is the Internet Printing Protocol; however, there are other protocols as well.

Hello bwillie

Welcome to ask.wireshark.org.

In general, a printer's model number is rarely broadcasted over the network. Since there is no fixed field in a network protocol there is no feature in Wireshark to identify the model.

Under certain, very specific circumstances, you might have a chance to find some information about the printer in a trace file:

• If you record traffic in the same network segment as the printer (say a SOHO network where printer and computer reside side by side) you can identify the manufacturer from the printers MAC address.
• Some printer drivers use the SNMP protocol to poll status information, like available paper, ink or toner. In rare circumstances the SNMP packets might reveal further information like manufacturer, model number or SW version.
• Many networks printers support the Simple Service Discovery Protocol (SSDP) protocol. They either broadcast their presence to the network or respond to queries from another system. These packets might include more information.
• Printers might support more protocols, which are not directly related to printing. Examples are FTP, SMB or LLTD. These packets can include further details. For FTP and SMB I would look at the banner presented during session setup.
• If the printer is poorly managed a web interface might be exposed to HTTP (opposed to HTTPS). These fields are only available if a user or administrator accesses the web interface during the capture operation.

Good luck

Eddi