Top 5 Causes of Sudden Spikes in Traffic That Show Up on Bandwidth Monitoring Solutions

Top 5 Causes of Sudden Spikes in Network Traffic

-- 1) Scheduled backups inside the LAN: Many backup-to-disk products can be scheduled to run at a specified time, and they may even fully use a 100 MBit connection.

-- 2) Remote backup tools: Products like “IronMountain Connected Backup” or “NovaStor Web” are used to back-up files from a PC onto a server somewhere on the Web. During the backup, they can easily satisfy your outgoing data line.

-- 3) Virus scanner updates that are distributed inside the LAN.

-- 4) Mail server problems: We have seen situations where a remote mail server tried to deliver a 15 megabyte mail to a company’s mail server every five minutes -- again and again -- even though the target mail server denied acceptance and discarded the mail. The two SMTP implementations were just a bit incompatible and -- to solve the problem -- the target mail server had to be set to deny access from the remote server’s IP.

-- 5) Malware outbreaks and hacking attempts.

-- Note: This list excludes situations like large downloads by users on the LAN or the usage of file sharing and torrent-like products.

IT teams can use the list above as a guide or point of reference when their bandwidth monitoring solution indicates a peak in traffic. Yet, Paessler said, the best and essentially only way for IT teams to know exactly what’s causing traffic spikes is to dedicate some staff time to good-old-fashioned network troubleshooting:

Steps You Can Take to Find Out What’s Causing the Spikes

-- 1) Try to find a pattern in the spikes. For example, do they appear roughly at the same intervals or at the same time of each day? Do they show up during business hours (more likely that a user is causing the peak) or later (more likely a scheduled issue)?

-- 2) When you find a pattern, try finding other monitoring points on the monitored system that match these patterns. Compare the pattern with processes on your network (e.g., a CPU load peak of one of your servers may be in-sync with the bandwidth load).

-- 3) Try to analyze the traffic with a proprietary packet sniffer. For modern switched networks, this may not be so easy, but it is the best way to find out which computer system is causing the trouble.

Still, in the end, there is always a chance that the peaks displayed by a bandwidth monitor simply aren’t real, Paessler said. They may be caused by a bug-riddled device or software. Often times, for SNMP-based monitoring, a false spike stems from “counter-overflows” or “counter-rollovers.” In other words, most SNMP devices use 32-bit counters to count the number of bytes transferred via a data line. Depending on the bandwidth usage, the values at some point in time will reach the 32-bit barrier.

About Paessler’s PRTG Traffic Grapher

PRTG Traffic Grapher is an easy to use Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long-term usage trends for their network devices. The most common usage is bandwidth usage monitoring, but you can also monitor many other aspects of your network like memory and CPU utilizations.