Traffic Spikes That Show Up on Bandwidth Monitoring Solutions

Something happens after IT teams implement a bandwidth monitoring solution: They get inquisitive.

Most bandwidth monitoring solutions make it easy for IT teams to identify alarming or sudden peaks in their network traffic by communicating the data through graphical interfaces, said Dirk Paessler, president of Paessler AG, a network monitoring company. The challenge, however, for many IT teams is quickly solving the mystery of what’s causing the peak in traffic.

"It’s the solution’s job to basically tell the IT team, ‘It looks like you have a major problem on your network, and you should look into it,’" Paessler said. “But getting inside your network’s head, if you will, just isn’t that easy sometimes."

Paessler added that while every network is different, he and his staff have been working with customers to identify bandwidth spikes for years and have identified the top five most common causes of spikes in traffic, according to Paessler customer feedback:

Top 5 Causes of Sudden Spikes in Network Traffic

  1. Scheduled backups inside the LAN: Many backup-to-disk products can be scheduled to run at a specified time, and they may even fully use a 100 MBit connection.
  2. Remote backup tools: Many networks use cloud based solutions for their backups. Uploading huge backups can cause serious load and massively slow down the internet connection.
  3. Virus scanner updates that are distributed inside the LAN.
  4. Mail server problems: We have seen situations where a remote mail server tried to deliver a 15 megabyte mail to a company’s mail server every five minutes - again and again - even though the target mail server denied acceptance and discarded the mail. The two SMTP implementations were just a bit incompatible and - to solve the problem - the target mail server had to be set to deny access from the remote server’s IP.
  5. Malware outbreaks and hacking attempts can cause spikes in network traffic. This can help to identify and take action against them.

This list shows some of the most serious situations. There are many other causes for traffic spikes like large downloads by users, video conferencing or hardware failures. It is important to identify the origin of a peak. IT teams can use the list above as a first guide or point of reference when their bandwidth monitoring solution indicates a peak in traffic. Yet, Paessler said, the best and essentially only way for IT teams to know exactly what’s causing traffic spikes is to dedicate some staff time to good-old-fashioned network troubleshooting:

Steps You Can Take to Find Out What’s Causing the Spikes

  1. Try to find a pattern in the spikes. For example, do they appear roughly at the same intervals or at the same time of each day? Do they show up during business hours (more likely that a user is causing the peak) or later (more likely a scheduled issue)?
  2. When you find a pattern, try finding other monitoring points on the monitored system that match these patterns. Compare the pattern with processes on your network (e.g., a CPU load peak of one of your servers may be in-sync with the bandwidth load).
  3. Try to analyze the traffic with a proprietary packet sniffer or a flow monitoring tool. For modern switched networks, this may not be so easy, but it is the best way to find out which computer system is causing the trouble.

Still, in the end, there is always a chance that the peaks displayed by a bandwidth monitor simply aren’t real, Paessler said. They may be caused by a bug-riddled device or software. Often times, for SNMP-based monitoring, a false spike stems from "counter-overflows" or "counter-rollovers." In other words, most SNMP devices use 32-bit counters to count the number of bytes transferred via a data line. Depending on the bandwidth usage, the values at some point in time will reach the 32-bit barrier.

About Paessler’s PRTG Network Monitor

PRTG Network Monitor is an easy to use Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long-term usage trends for their network devices based on SNMP, packet sniffing or NetFow, IPFIX, sFlow and jFlow. As a unified monitoring solution it also offers features for monitoring and analyzing virtual environments, applications, hardware, storage systems, databases, etc. - almost every aspect of modern IT infrastructure affecting the administrators daily work.

Press Contact

Paessler is working together with several PR agencies around the world. Please send your press inquiries to:

 

Paessler AG
[email protected]
T: +49 911 93775-0

US: LEWIS
[email protected]
T: +1 781 761 4500

AU/NZ: Lewis PR
[email protected]
T: +61 2 8599 1000

GB: Four Communications
[email protected]
T: +44 20 3697 4200

DE/AT/CH: Sprengel & Partner
[email protected]
T: +49 2661 91260-0

NL: MZ Communicatie: Marlies Zegelaar
[email protected]
T: +31 6 26736712

BR: Vianews
[email protected]
T: +55 11 3865 9990

MX: Vianews
[email protected]
+52 (+1) 55 4090 9300

FR: Text100
[email protected]
T: +33 1841 68086



Feedback / Questions
Copyright © 1998 - 2017 Paessler AG