Typically using router level metering is your best bet practically for narrowing down on what is causing the most traffic. Something like a pi-hole setup for your DNS on the router level to apply to all devices can help to see which machines are doing the most DNS requests and therefore creating the most traffic most likely but is just looking at DNS itself there not all traffic/bandwidth.

To observe/monitor all the packets you can use something like wireshark, it is a bit complicated to use since you do need to understand some networking terminology to properly filter the packets/traffic to see what you're looking for and isn't meant as a metrics tool really more-so packet level inspection.

EtherApe is a nice little GUI for visualizing overall traffic on a given network interface but would require you to basically use a machine as the router/man-in-the-middle so all the traffic can be monitored from one interface for this to be really useful for broader diagnostics. It is open source so you could take a look at the source code https://etherape.sourceforge.io/

About writing your own networking software, as much as I'm not a big fan of Python it does make working with sockets pretty straight-forward at least for simple cases but would broadly be looking for "proxy" projects written in languages you are familiar with for examples of real world code or look up tutorials on how to build a web server in X or how to build simple chat system with X language and can usually learn how to setup/teardown socket connections and pipe data across the wire.

Also there is this n-top system for network metrics gathering but is not trivial to setup either but they do have a "community edition" with source code available apparently so maybe worth looking at https://www.ntop.org/