A couple of things that I always check when working on odd performance issues:

DNS - Use an internal DNS server (Required if you use any form of dynamic hostname registration!) and DO NOT use forwarders. Forwarders are often improperly used and when deployed for primary name resolution, you then limit yourself to just those servers, and any issues with those servers has a ripple effect in your network. Use the root hints on your internal server - that's what they're for.

Use a quality, managed switch - even if it's one you own and bring on-site for troubleshooting. The diagnostic information available is priceless. (I just bought a Cisco 4506 with dual power and 144 Gig-E POE ports for $300 USD when we had issues in our office. I have one at home as well and it interfaces well with OpenNMS - a free, commercial grade network monitor application.) With the data available, you can pinpoint the port(s) where errors are occurring.

Wiring - do a visual inspection and repair any termination that isn't 100%. I once visited a client who had 3 switches, 3 Internet connections (1 per switch) and 3 NICs in their server. 54 workstations and 1 server at the site. The tech told me it wasn't possible to put more than 16 hosts on a switch, hence the "3 of everything". We came in with a Cisco managed switch, moved everything over, and - sure enough - nothing worked! He also said he had one system that took 5 minutes to boot and he could not figure it out. Looking at that PC, I saw that the network cable came out of the ceiling, down the wall, and plugged right into the back of the PC's NIC. The jacket was stripped back about an inch, so no strain relief, and it used the wrong RJ45 plug. When I snipped the end off, he freaked out, saying he had just rewired the entire building. (Uh-oh!) I re-terminated the cable with the correct RJ45 plug type, plugged it in, and the system rebooted in about 40 seconds. At that point, we did a visual inspection and found that most of the cables were poorly terminated. We spent the entire day replacing the terminations with wall jacks and patch cords.

Cabling isn't magic, but it is an art, and it's easy to do things wrong. For example, the RJ45 plugs come in two types - the common (and cheap! around 5-7 cents ea) 2-point and the less common and more expensive (85 cents each) tri-point. The Tri-Point is designed for solid connectors, with two fingers on one side and one on the other side of the conductor. It will work for stranded cable as well, but that results in an expensive job. The 2-point plugs are designed for stranded conductor wire ONLY, and using them on solid conductor WILL result in a poor connection (just two tiny points of contact) that will often become high-resistance connections if your strain-relief isn't rock solid. When it isn't, a tug on the cable can cause the wire to move, the insulation slides under one or both points, and that connection becomes poor or dead entirely. What had happened at this client was that enough bad connections was generating so much noise and retry traffic that the switch was unable to cope. After replacing the cable ends with proper terminations, we moved onto a single subnet using the new 48 and an existing 24 port switch, and eliminated 2 NICs and 2 Internet service connections.

Ideally, you use solid wire for a run from a patch panel to a wall jack, then use patch cords from the switch to patch panel and jack to computer. Those are the cables most likely to be damaged through use and thus are easy to examine and inexpensive to replace.

You seem to be on the right track for diagnosing the issue - use a single laptop (for consistent readings) and work from the Edge Router, Firewall, Switch, endpoint jack, first with no devices on the switch and then add them back. You'll need an assistant for this, but it goes quick and will help identify a specific cable or workstation that's causing the issue.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D