[Semibug] Diagnosing a saturated network.

[Jeremy Gransden]

I have a network of 8 pcs and several phones all connected to the
Internet and our other locations via a single T1 line. I am just
learning more and more about networking and was hoping for some advice
on how to diagnose what is filling my network. I have a FreeBSD 11
machine between the router and switch so that all traffic goes through
it. I am able to dump the traffic and watch with tcpdump. I can watch
the load averages with systat -if.

Most of the time the single T1 is adequate, but periodically it will
saturate and will become very slow. Typically i can pinpoint the
slowdown to someone watching youtube or Windows 10 downloading
updates, but currently I walk around to each PC and look. Id like to
be able to see who the offender is from the comforts of my cushy
office.

How would i find out what host is using the most bandwidth at the
FreeBSD bridge?

I am currently reading Michael's netflow analysis book and have looked
at the tutorial here:

https://forums.freebsd.org/threads/49724/

hoping to find a better understanding of these sorts of things there.
Can you guys recommend any other reading on the topic?



thank you,
Jeremy