Do you have a test/victim printer on the local LAN such that firewall rules won't interfere with testing?
How about scanning a printer with nmap or zenmap to try to recreate the issue.
Might help to see what ports the printers are listening on.
If you're pretty sure that it's TCP traffic, a capture filter like this will limit the capture to the first two packets of the TCP handshake: ip host 192.168.200.50 and (tcp[tcpflags] & tcp-syn != 0)
These would show up in the Wireshark Statistics -> Conversations:TCP.
(Capture filter syntax with more examples: pcap-filter.7)
If uncertain about whether it's TCP or UDP, you could generate netflow records with something like nprobe then capture and view the records in Wireshark.