Well… they wiped out my answer to your other posting. So, let’s try this again.
This is one of the best detailed questions I have seen on here in a long time. Well done!
1. Unless there is some type of traffic filtering device or service like Websense or 8e6, then I suspect the users are chewing up lots of bandwidth listening to internet streaming music or watching videos. I had the same problem on my network and the 8e6 solution greatly improved network performance. You also need to implement an appropriate network use policy and ensure the users understand what the network can and cannot be used for. I really hope that there is not any peer-to-peer sharing being done on your company network.
2. The Ntop machine is a good start in identifying how the network is being used. However, it is important that the sensor be placed in the right spot on the network. By this I am saying that if the Ntop machine is just connected to a switch port, then it is only seeing broadcast traffic and is not seeing the whole LAN picture. The sensor should be placed between the LAN and the WAN router. This can be done several different ways:
a. implement a mirror/span port on the switch to mirror the traffic from the port where the router is attached to the Ntop sensor.
b. place a hub between the LAN switch and the router and attach the sensor to this same hub. Remember hubs are half-duplex so right there you do introduce some network issues that may not have existed before.
c. purchase and install a network tap. This is not a cheap solution, but it is an effective solution. See my blogs on network taps for more details (blog 1, blog 2, blog 3, blog 4, blog 5)
3. You mention a “menagerie” of network devices. This is pretty normal for an organization that has not had consistent IT support or organized direction (no criticism intended). This is also highly likely a major cause of the network performance issues. The hubs should be definitely replaced with switches. You should get managed switches so you can see how they are performing and see issues like speed and duplex mismatches (which probably exist on your current network). I would recommend finding a local HP or Cisco reseller who also provides network health check services. Engage them for a health check on your network. See if you can negotiate the service so that some of the labor charges from the analysis can be put toward any network support services if/when you purchase LAN equipment from the vendor. This will help make the sell to your management that you have found a partner who cares about supporting your organization.
I would be glad to discuss the situation further with you and you may make contact with me through the ITKE moderator. Good luck and let us know your discoveries and resolutions.