Top 5 Reasons For Sudden Traffic Peaks Shown By Bandwidth Monitoring

Published by Dirk Paessler
Last updated on March 03, 2022 • 5 minute read

Sometimes users of our network monitoring software PRTG Traffic Grapher contact our support team and report peaks in their bandwidth monitoring graphs. Most of these peaks only look like unusual high traffic, but some users have even seen spikes like 10 GBit/s for a sensor that actually monitors a 2 MBit/s connection....
top 5 reasons for sudden traffic peaks shown by bandwidth monitoring
Well, a gigabit peak for a data line with megabit rating clearly has to be regarded as a technical problem. But in most other cases our support team together with the customer have found out - after some investigation - that the reported peaks were correct. There were caused by a number of different reaons and here is our Top 5 list of these resons:

Top 5 Reasons for Sudden Traffic Peaks

  • #1: Scheduled backups inside the LAN: Many backup-to-disk products can be scheduled to run at a specified time and they may even fully use a 100 MBit connection.
  • #2: Remote backup tools: Products like "IronMountain Connected Backup" or "NovaStor Web" are used to back up files from a PC onto a server somewhere on the web. During the backup they can easily satisfy your outgoing data line.
  • #3: Virus scanner updates that are distributed inside the LAN
  • #4: Mail server problems: We have seen situations where a remote mailserver tried to deliver a 15 megabyte mail to a company's mailserver every 5 minutes: again and again. Even though the target mailserver denied acceptance and discarded the mail. The two SMTP implementations were just a little bit incompatible and - to solve the problem - the target mailserver had to be set to deny access from the remote server's IP.
  • #5: Malware outbreaks and Hacking attempts
Note: This list excludes situations like large downloads by users on the LAN or the usage of file sharing and torrent-like products.

Steps You Can Take To Find Out What's Going On

If you experience peaks in your bandwidth usage here are some things you can do:
  • Try and find a pattern in the spikes. For example, do they appear roughly at the same intervals or at the same time of each day? Do they show up during business hours (more likely that a user is causing the peak) or later (more likely a scheduled issue)?
  • When you find a pattern, try finding other monitoring points on the monitored system that match these patterns. Compare the pattern with processes on your network. E.g. a CPU load peak of one of your servers may be in-sync with the bandwidth load.
  • Try to analyze the traffic with PRTG's packet sniffer. For modern switched networks this may not be so easy, but it is the best way to find out which computer system is causing the trouble

If All This Does Not Help: Maybe It Is A Counter Roll-Over?

There still is a chance that the peaks are not real. Maybe they are caused by a buggy device or software... The most common problems are "counter-overflows" (or "counter-rollovers"). This is most common for SNMP based monitoring. Most SNMP devices use 32-bit counters to count the number of bytes transferred via a data line. Depending on the bandwidth usage the values at some point in time will reach the 32-bit barrier. Read more about this issue and what you can do about it in our knowledgebase: Why do I see Huge Peaks or Spikes in Graphs for SNMP Sensors?