There are a few reasons for packet storms.
One possibility is a Denial of Service attack launched from one of the machines. Easy to find, just look for the guy maxing out his connection, clip that port.
Another is faulty hardware or faulty firmware in the switch. This one can be quite annoying to track down. Its one of those, log everything, wait to see if it happens again.
Yet another possibility is a network that is designed 'flat'. While not the most efficient, it is the easiest to add machines to and easiest to move machines around when repairing/testing. Spanning trees can only handle so many mac adresses. As they get overused, the spanning tree throws out the old ones using an LRU (Least Recently Used) method. If you have >1024 mac addresses behind a spanning tree, and someone does a scan of your network hitting every machine and doing requests, the rebuild of the spanning tree could take the switch to 100%, at which point it would stop routing packets. Or everyone gets spidered by Google at roughly the same time or whois.sc, it could have the same effect as a network scan. Or a guy with a zombie on his home PC that decided it was time to scan that segment for vulnerabilities.
Not an easy thing to track down.
