Network subsidence options -
1. Lokalka - loops, dead switches, crookedly crimped / trampled cable, someone actively floods, crooked network 2. Vneshka -
someone shakes something or messes up the provider
With openwrt is not very familiar. I suspect that it allows you to somehow monitor the problems of clause 2.
But for good solutions:
1. Replace the router with a server. Take some thread for Windows Traffic Inspector (paid) and out of the box there will be beautiful graphics or free solutions on FreeBSD or Linux. The same PfSense for example. All external problems will be at least diagnosable.
2. Replace the router with a router :) Mikrotik or Tsiska will give a huge amount of monitoring and filtering functionality. Take a look, for example, at a Mikrotik virtual machine (a month for free) and Winbox to work with it. There is room to roam. Mikrotik router from one and a half thousand. Interestingly, such a squalor in the giblets carries the same OS with the same bells and whistles, the only thing is that there will be slightly fewer resources compared to a more advanced model .
I advise Mikrotik, with some skills, you can poke the config with the mouse, with a cisco question - it’s still more complicated and more expensive there.
3. Armenian Radio speaks correctly - normal managed switches.
They will allow you to look into the giblets of the network in all details. Plus, "normal" is really normal, which does not hang from the slightest overload.
Which thread SNR-S2965-24T (carefully imitate cisco) or used Cisco Catalyst WS-C2950G-48-EI cisco will fit into the top ten. At the same time, port load monitoring is provided using quite standard SNMP, loop control, one thick LAN can be divided into VLAN`s, so that broadcast domains will suddenly narrow sharply.
The same Port Security will prevent you from plugging an unfamiliar device into the network (blocking with an alert to the administrator with a new MAC)
This is how Zabbix drags load on ports from Cisco managed switches, and you can set triggers with a notification, for example, "the load on the port over the past 5 minutes has exceeded 90%." Here you can see the general graph and look at individual ports.
If there is a sign "who is on which port", it allows you to aim to go and knock on the head of a specific employee. Considering that a managed switch allows you to programmatically view the list of poppies on the port without getting up from your computer, your stomach will only increase from stable sitting in one place :)))
There is a similar situation with monitoring on the router, but there you can still clarify who and where climbs, according to the results of the month, the leading sites and leading consumers are reduced to a table (by IP, the rest already requires more costs, because https is still in the general case encrypt traffic)

Throw out an unmanaged cheap switch and put in a normal, manageable one. Most likely, this will solve the problem with the network. And if it does not decide - on the managed there will be means for collecting statistics.
You can also deploy NAGIOS, install a statistics collection client on all machines and look at the traffic.