Computer networks

How to identify a separate machine downloading the traffic of the enterprise network?

Hello! In general, there is an organization in which there are about fifty working machines + 15 servers with raised virtual machines of various kinds and purposes. Recently, for unknown reasons, the network speed has dropped in the organization - it feels like someone turned off the optics and connected the good old ADSL at a speed of 800 Kb / s (moreover, it is important to note that the speed fell exactly fixedly and has been working for about a week in this mode).

Now there is an assumption that the old Zentyal server version 4 can create a problem, but despite this, I also had a great desire to analyze the enterprise network. This is also important because there are no special restrictions on installing and configuring software on computers in an organization, so anyone can safely install a torrent client and drive traffic. To solve this problem, I thought to use Wireshark, but to be honest, I’m not sure that it is necessary to use it - firstly, because apart from this software I don’t know other sniffers, and secondly, I am also familiar with WIreshark only in absentia and therefore in I am not competent enough in this matter.

I would appreciate any help and advice. Peace everyone!