Solved

Monitor Network Traffic between specific IP addresses

Posted on 2009-07-01
2
246 Views
Last Modified: 2012-05-07
I have a situation where a mainframe application is printing to Okidata serial printers in several remote locations.  It does this by using a Systech device that sits on the network in each location and sends print jobs to the serial port of the various printers.  One specific location is seeing a significant delay in printing (30 seconds to a minute).  I can telnet to the Systech and see when the print job arrives and know the job is delayed getting to the Systech.  I would like to look further upstream to see if I can pinpoint when the job leaves the mainframe, that way I know if the delay is in the mainframe application or the network.  The path from the mainframe to the printer is 1.)3Com 3870 switch 2.)Watchguard Firebox X700 firewall 3.) Watchguard Firebox X Edge 4.)Systech.  The two firewalls are connected via a VPN connection over the internet.

Can anyone suggest a tool I can use to watch and see when traffic from the mainframe bound for the Systech hits the 3Com switch?  I would like to get on the phone with the remote location, have them send a print job and see if I can watch it leave the mainframe.
0
Comment
Question by:merrillco
2 Comments
 
LVL 24

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 24758476
I would use wireshark which is an open source sniffer.  You would connect a laptop running wireshark in the 3com switch.  You would need to configure the switch so that it mirrors the traffic off of the port that the mainframe is plugged into to the port that the laptop with wireshark is plugged into.  I am not familiar with how 3com does this.  Cisco calls this a span port, others call it a mirror port.  Basically it just copies whatever traffic a particular port sees to another port so a sniffer can see the traffic.  

Then you can run wireshark and capture a trace of the traffic.  you will be able to identify the traffic with timestamps as to when it is occuring this way.
0
 

Author Closing Comment

by:merrillco
ID: 31599179
That worked, 3Comm calls it a Roving Analysis Port.  Thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Access point 6 56
Update HP 4300 SAN from OS 9 to 12 without loosing data. 3 88
CMDB relationships for hardware assets 2 24
slow vpn connection 9 39
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now