I've lived through this type of thing and here is what I ended up doing:
1) Install managed switches. The more your network is a "star" topology and not a serial chain of switches the better in this regard but not too big a deal - - it's just that the more switches the more setup and the less likely that mirroring via cabling will be possible.
[You can just "plug in" a managed switch just like a dumb switch and it should work. In order to use the managed features, you need to assign it an IP address on the LAN so you can access the control panel, etc. Then you can use the added features.]
2) Inside the switch control panel(s), label the ports... what's on them? Later, the monitoring will reflect these names so you'll know what you're looking at.
3) Presumably there will be a switch on the LAN that is closest to the internet gateway. I'll refer to this as the LAN Switch.
4) If you have multiple public IPs at a site then there may be a switch used to connect various "public" devices to the ISP. I'll refer to this as the Internet Switch.
5) Implement SNMP on the switches and direct the traffic to your own workstation. I found that PRTG Traffic Grapher from Paessler was the easiest to set up and there's a free version which is a great starting point.
This is a bit of work but it will serve you well on into the future. As a fallback, your existing devices may support SNMP and that would be worth setting up.
So, with this done you can see the traffic levels in real time and with most switches you can also monitor the errors on each port.
Look for high traffic and look for errors. That's how to deal with a situation like this.
Then, once you see where the high traffic is happening, you can use a packet sniffer like Wireshark. If you have cabled access to a managed switch, you can mirror one port or another to a dedicated port that goes to your worksation or laptop. Then, using Wireshark, you can see the packets on the suspect port and get IP statistics, etc. (if it's not a hardware error kind of issue) and you can perhaps figure out which traffic is causing the apparent overload.
Hint: You can add a NIC to your workstation and assign it some nonsense IP address that's not on the LAN subnet - and hook it to a mirroring port on a switch. It doesn't really matter and it will avoid confusion in your workstation re: the LAN connection. Let's assume the LAN subnet is 192.168.1.0/24. So, I set my monitoring NICs up with 192.168.2.2 and 192.168.3.2 with /24 in each case and they work great with no confusion with the LAN or between themselves.