Solved

Monitor Network Traffic between specific IP addresses

Posted on 2009-07-01
2
245 Views
Last Modified: 2012-05-07
I have a situation where a mainframe application is printing to Okidata serial printers in several remote locations.  It does this by using a Systech device that sits on the network in each location and sends print jobs to the serial port of the various printers.  One specific location is seeing a significant delay in printing (30 seconds to a minute).  I can telnet to the Systech and see when the print job arrives and know the job is delayed getting to the Systech.  I would like to look further upstream to see if I can pinpoint when the job leaves the mainframe, that way I know if the delay is in the mainframe application or the network.  The path from the mainframe to the printer is 1.)3Com 3870 switch 2.)Watchguard Firebox X700 firewall 3.) Watchguard Firebox X Edge 4.)Systech.  The two firewalls are connected via a VPN connection over the internet.

Can anyone suggest a tool I can use to watch and see when traffic from the mainframe bound for the Systech hits the 3Com switch?  I would like to get on the phone with the remote location, have them send a print job and see if I can watch it leave the mainframe.
0
Comment
Question by:merrillco
2 Comments
 
LVL 24

Accepted Solution

by:
Ken Boone earned 500 total points
Comment Utility
I would use wireshark which is an open source sniffer.  You would connect a laptop running wireshark in the 3com switch.  You would need to configure the switch so that it mirrors the traffic off of the port that the mainframe is plugged into to the port that the laptop with wireshark is plugged into.  I am not familiar with how 3com does this.  Cisco calls this a span port, others call it a mirror port.  Basically it just copies whatever traffic a particular port sees to another port so a sniffer can see the traffic.  

Then you can run wireshark and capture a trace of the traffic.  you will be able to identify the traffic with timestamps as to when it is occuring this way.
0
 

Author Closing Comment

by:merrillco
Comment Utility
That worked, 3Comm calls it a Roving Analysis Port.  Thank you.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now