The Top 5 Causes of Sudden Network Spikes

 Originally published on January 15, 2018 by Beat Köck
Last updated on March 03, 2022 • 6 minute read

Something happens after IT teams implement a bandwidth monitoring solution: They get inquisitive. Most bandwidth monitoring solutions make it easy for IT teams to identify alarming or sudden peaks in their network traffic by communicating the data through graphical interfaces. There are many different causes of sudden network spikes, and as a good sysadmin you should find the root cause of any unusual bandwidth usage.We have been working with customers to identify bandwidth spikes for 20 years. According to our customer feedback, we have identified the top five most common causes of spikes in traffic.

Scheduled Backups Inside The LAN

The importance of regular backups cannot be overemphasized. Most companies have their backups scheduled to run at certain time intervals, or at certain times of the day. Since backups usually contain large amounts of data, they consume a large amount of the bandwidth in order to be quickly completed. They may even fully use a 1 GBit connection and thus cause a huge spike in your bandwidth traffic.
It’s a good idea to schedule your backups during non-business hours, especially if they contain large amounts of data and are planned daily (which is absolutely recommended!). If your company spreads across several time zones, choose a time window which affects your business the least.


Remote Backup Tools

What applies to backups inside the LAN especially does for remote ones. Many networks use cloud-based solutions for safeguarding their data – in most cases complementary to local backups. Uploading huge amounts of data stresses the bandwidth. Other web applications then may run at a snail’s pace or stop working at all. The same advice as mentioned before: Schedule your remote backups during non-business hours if possible.

Other Software Updates

An up-to-date virus protection is crucial for the integrity of your data and privacy protection. Most solutions update several times a day to guarantee protection against new security holes and other threats. Other software products like Microsoft Office, the Adobe Suite or the operating system roll out regular updates as well.
Most virus scanner updates are distributed via LAN to all network computers which reduces the bandwidth consumption of your internet. Depending on the size of the update, there might be a traffic spike on your LAN bandwidth monitor. If each of your network’s computers download software updates by themselves, it can lead to congestion of your internet connection.
If possible, try to distribute all your software and operating system updates via LAN. Otherwise huge updates, like the newest windows version, might affect your internet speed and hamper daily tasks.

Mail Server Problems

Delivering and receiving mails is one of the most frequent tasks your network has to handle. Simple text-only emails or messages with small attachments usually don’t stress the network much, even in large numbers. But if anything goes wrong with the mail delivery, many mail servers are very persistent in trying to send out the messages over and over again. A typical case is an e-mail with an attached file, for example, a 10 Mbyte JPEG or a short video clip, that is sent to a distribution list with 100 or more recipients (think of the new guy bringing cake on his first day of his new job and sending an e-mail to the whole team; this is just a random example and could never ever, cough, happen at Paessler). The two SMTP implementations were just a bit incompatible and - to solve the problem - the target mail server had to be set to deny access from the remote server’s IP.


Malware Outbreaks And Hacking Attempts

If your traffic rises for no apparent reason, it might be a hacking attempt. Heavy cases like DDoS attacks are usually detected very quickly due to their strong and immediate impact. More subtle attacks are a bit more difficult to reveal. By observing your bandwidth monitor, you can spot potential malware outbreaks or hacking attempts.


Further Steps To Find Out What’s Causing The Spikes

If you can exclude these five most common causes for traffic spikes, three simple steps can help you identify the root cause of your unusual bandwidth usage. Firstly, you should try to find a pattern in the spikes. Do they always appear at the same time intervals or at the same time of each day? Do they occur during business hours (probably a user is causing the peak) or not (more likely a scheduling issue)? Next, when you find a pattern, try finding other monitoring points on the monitored system that match these patterns. Maybe a CPU load peak of one of your servers is in-sync with the bandwidth load. Thirdly, try to analyze the traffic with a packet sniffer or a flow monitoring tool. This gives insight into the data which might have caused the network spike. Paessler PRTG monitoring software includes packet sniffing as well as flow monitoring to analyze your network data.

What are your most common causes of network spikes? And how do you notice them? Kindly leave us a comment.