Port 9100 printing
Raw printing is what we define as the process of making a connection to port 9100/tcp of a network printer – a functionality which was originally introduced by HP in the early 90s using separate hardware modules. It is the default method used by CUPS and the Windows printing architecture [1] to communicate with network printers as it is considered as `the simplest, fastest, and generally the most reliable network protocol used for printers' [2]. Raw port 9100 printing, also referred to as JetDirect, AppSocket or PDL-datastream actually is not a printing protocol by itself. Instead all data sent is directly processed by the printing device, just like a parallel connection over TCP. In contrast to LPD, IPP and SMB interpreted printer control or page description languages can send direct feedback to the client, including status and error messages. Such a bidirectional channel is not only perfect for debugging, but gives us direct access to results of PJL, PostScript or PCL commands, for example for [information disclosure] attacks. Therefore raw port 9100 printing – which is supported by almost any network printer – is used as the channel for security analysis with PRET and PFT.
→ Related aricles: Fundamentals, Attack carriers, PRET, PFT
- ↑ Windows Printer Driver Architecture, Microsoft Corporation
- ↑ Network Protocols supported by CUPS – AppSocket Protocol, M. Sweet
