Monitor Network Traffic between specific IP addresses

I have a situation where a mainframe application is printing to Okidata serial printers in several remote locations.  It does this by using a Systech device that sits on the network in each location and sends print jobs to the serial port of the various printers.  One specific location is seeing a significant delay in printing (30 seconds to a minute).  I can telnet to the Systech and see when the print job arrives and know the job is delayed getting to the Systech.  I would like to look further upstream to see if I can pinpoint when the job leaves the mainframe, that way I know if the delay is in the mainframe application or the network.  The path from the mainframe to the printer is 1.)3Com 3870 switch 2.)Watchguard Firebox X700 firewall 3.) Watchguard Firebox X Edge 4.)Systech.  The two firewalls are connected via a VPN connection over the internet.

Can anyone suggest a tool I can use to watch and see when traffic from the mainframe bound for the Systech hits the 3Com switch?  I would like to get on the phone with the remote location, have them send a print job and see if I can watch it leave the mainframe.
merrillcoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ken BooneNetwork ConsultantCommented:
I would use wireshark which is an open source sniffer.  You would connect a laptop running wireshark in the 3com switch.  You would need to configure the switch so that it mirrors the traffic off of the port that the mainframe is plugged into to the port that the laptop with wireshark is plugged into.  I am not familiar with how 3com does this.  Cisco calls this a span port, others call it a mirror port.  Basically it just copies whatever traffic a particular port sees to another port so a sniffer can see the traffic.  

Then you can run wireshark and capture a trace of the traffic.  you will be able to identify the traffic with timestamps as to when it is occuring this way.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
merrillcoAuthor Commented:
That worked, 3Comm calls it a Roving Analysis Port.  Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.