For the last week, something has been taking most of the bandwith on my LAN, at certain times of the day (no discernible pattern.) Another team, who doesn't manage this LAN, has this tool running, http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ , and it is pretty good, telling me that our bandwith is highly in use and the times of the day.
Anyone knows any Linux or Windows tool that might tell me what host in my LAN is taking up my bandwith?
You need to run a sniffer of some sort.
You might want to use something like ethereal or tcpdump (though the network monitoring tool in NT will also work). Ethereal is a little more user friendly than tcpdump, and can be run in both windows and linux. Basically, either prog it will show you all the packets (both IP and ARP) running across the wire. If you are in a heavily switched network, you might have to log into your switches and set up some sort of span port solution to montior traffic to and from specific ports. If you do not, your network moitoring tools will only show you traffic on your specific segment and will hinder diagnosis.
The downfall of ethereal is that it will simply show you the traffic on the wire. It will not report bandwith utilization or diagnose problems. Diagonsis is up to the user. But you should be able to easily deduce things like a specific IP causing a boadcast storm, a NIC card causing an ARP storm, some sort of ICMP message saturating your network, or a host abusing a network application. In otherwords, you'll have to look at the raw traffic and play detective.