I’m using RB450G with ROS V4.11
I suspect somebody is running torrent (downloading or uploading) in the network. How can I find out for sure? from connections tab from menu IP | firewall ? What should I’m looking for?
Somebody please help 
Thanks in advance.
Torrents are some of the hardest programs to detect, especially on a layer3 device. You can guess based off of the p2p firewall matcher provided by MikroTik, but that is unreliable as the definitions are out of date. It is also very easy for someone to encrypt their p2p traffic, or even send it over port 80 to masquerade what they are really doing. To reliably detect a torrent, you need something that operates and inspects the packets at layer7, very expensive hardware, or very expensive on the CPU time for a router.
What it all comes down to is guess work.
1.) Is the end user maxing out their upload on a regular basis for extended periods of time? If so this could be an indication of a torrent user.
2.) Is the end user opening up several TCP and UDP sessions to several remote IPs, more than normal. This can be an indication of a torrent user, or a virus.
Those are some of the more common give a ways, but by no means are it. It is also easy for an end user to set limits on their client so they come in at under those values, so there is no definite answer to your question. Also torrents can be, and are often used for legitimate reasons. You can try to actively identify and do stuff about people that torrent, but chances are you are going to spend more time and money dealing with it than it is worth.
If you want to find a way to deal with it, probably the best approach is to identify traffic that you “like” and assume everything else is stuff you don’t. Then set up queues and priorities for those kinds of traffic.