Had a case where a portion of the network was losing connectivity at the voip phones and internet at the computers. This portion of the network was through an unmanaged switch to a few other smaller switches. As far as I know, the ethernet cables are physically connected correctly from switch to switch - it's connected only one way.
I hooked myself up to the unmanaged switch and captured a good amount of traffic. In wireshark, I then looked in conversations > ipv4 and sorted by Bytes. By looking at the top devices on this list, do I have confirmation that they are the offenders? What other information do I need to look at to find the underlying issue?