I have seen a consistent spike in traffic over my network since Monday morning and I don't know where it's coming from!
I don't have netflow routers (like I would like), I have IPCop firewalls.
Is there any way that's built in to Linux that I can see where the packets are coming from/to? Like a built in packet capture?
If there's not, how do I go about finding where this traffic's coming from?
Get SSH access into the IPCop box and run iftop. This should give you a real time view of what's happening.
Moving forward I would recommend you looking into a piece of software called Argus. It generates flow data, similar to (net|j)flows, by watching either pcap files or a promiscuous network interface.
Run tcpdump on your ipcop and you will see where the traffic is coming from and going to, IP addresses and ports.
