Top 5 Reasons for Sudden Traffic Peaks
- #1: Scheduled backups inside the LAN: Many backup-to-disk products can be scheduled to run at a specified time and they may even fully use a 100 MBit connection.
- #2: Remote backup tools: Products like "IronMountain Connected Backup" or "NovaStor Web" are used to back up files from a PC onto a server somewhere on the web. During the backup they can easily satisfy your outgoing data line.
- #3: Virus scanner updates that are distributed inside the LAN
- #4: Mail server problems: We have seen situations where a remote mailserver tried to deliver a 15 megabyte mail to a company's mailserver every 5 minutes: again and again. Even though the target mailserver denied acceptance and discarded the mail. The two SMTP implementations were just a little bit incompatible and - to solve the problem - the target mailserver had to be set to deny access from the remote server's IP.
- #5: Malware outbreaks and Hacking attempts
Steps You Can Take To Find Out What's Going On
If you experience peaks in your bandwidth usage here are some things you can do:- Try and find a pattern in the spikes. For example, do they appear roughly at the same intervals or at the same time of each day? Do they show up during business hours (more likely that a user is causing the peak) or later (more likely a scheduled issue)?
- When you find a pattern, try finding other monitoring points on the monitored system that match these patterns. Compare the pattern with processes on your network. E.g. a CPU load peak of one of your servers may be in-sync with the bandwidth load.
- Try to analyze the traffic with PRTG's packet sniffer. For modern switched networks this may not be so easy, but it is the best way to find out which computer system is causing the trouble