This is pretty complicated to explain but i have to try.
We have had on a few different networks that we manage a device that will take down the network almost entirely. Usually this has been a debit machine and all it takes to fix it is reboot the debit machine but it would be nice if there was a way to detect a device thats causing it so we can take some action.
We also had a computer that took down the network and it was just faulty hardware this took about 2 hours to track down. Soon as we located it and disconnected it from the network then all lan activity started working.
I know this is a shot in the dark but anyone ever experienced this? I have a mikrotik router as main router.
that kind of problem must be mitigated in access layer (manged switches and/or wireless access-points), the scope of actions you can do from main router is very limited
What kind of network? Wireless, ethernet, other?
Can be very difficult to find that device. Might need at least sniffing the network, to see what is there. (Broadcast/multicast storm, DHCP Nacks, Extra DHCP server, MAC conflict, invalid packets, continous transmit, etc etc etc.)
Sure. It’s a standard task for any network administrator. Watch logs and sniff traffic. First, you should determine what happening. Next, make to avoid it (depends on kind of situation). I am sure there is some traffic analyzing software (or software-hardware complex) which could do network traffic analysis in real-time and then notify you about issues or run some automation. But, usually, you don’t need such complex approach and it’s enough to sniff traffic and watch logs.
One more idea is so-called “ethernet loops”. It could caused by faulty Ethernet card. You should configure some loop-detection feature on your switch or router.