Despite ample bandwidth something is causing bottleneck in LAN and affecting VOIP

theadstudio used Ask the Experts™
Over the past 2/3 months something in our network is generating a lot of traffic and it is causing VOIP calls to sound garbly and occasional web browsing hiccups. Both the VOIP and the ISP have tested their networks and said all seems well.

Question: is there a software or service that allows me to visually understand if the issue is due to a specific computer running some sort of bandwidth-sucking software or perhaps some malware generating insane outbound traffic?

We have even received a warning page when accessing Google telling us that there is too much traffic coming from our network and asking us to prove that we are humans by filling a Capcha screen.

Our basic configuration:
100mbps / 20mbps Cable Internet, consistently testing at the advertised speed
Gateway is a CheckPoint 600 appliance, doubles as UTM and firewall, QoS function enabled
3 unmanaged switches at key points in the network (including 2 Ciscos)
About 20 users on the LAN plus some stuff on wi-fi
16 VOIP phones, not very actively used
Do not believe there are any p2p/torrent users or something like that going on
Degradation in VOIP quality happened recently and NOT as a result of any significant changes in the network

I am puzzled by this, first time in 20 years that I have encountered a network issue that stumped me.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Since the switches are unmanaged then something like SNMP wouldn't be the most direct approach.
But the CheckPoint should support setting up a mirror port that mirrors the main LAN port.
Do that.
Then set up a laptop with no particularly related IP address on its NIC or with no TCP/IP at all and plug it into the mirror port.
Install Wireshark on the laptop and monitor the NIC traffic.
Then look at statistics to see which LAN IP address has the high traffic.  No particular Wireshark experience needed for this.
You will need to wireshark/netflow your router to get insight, you will have to setup a mirror port to capture all the data.

Now remember, by the sounds of it you are running voip over the internet, QoS makes no difference once the packet leaves your network.  The internet does not honor VPN tags.  You should also be able to see the utilization of the wan interface on your router as well.  Does it provide any user activity reporting?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial