Top 5 Causes of Sudden Spikes in Traffic

Top 5 Causes of Sudden Spikes in Traffic That Show Up on Bandwidth Monitoring Solutions

FOR IMMEDIATE RELEASE: 06.11.2006

PORTLAND, Ore. and FUERTH, Germany, Nov. 6, 2006 – Something happens after IT teams implement a bandwidth monitoring solution: They get inquisitive.

Most bandwidth monitoring solutions make it easy for IT teams to identify alarming or sudden peaks in their network traffic by communicating the data through graphical interfaces, said Dirk Paessler, president of Paessler AG, a network monitoring company. The challenge, however, for many IT teams is quickly solving the mystery of what’s causing the peak in traffic.

“It’s the solution’s job to basically tell the IT team, ‘It looks like you have a major problem on your network, and you should look into it,’” Paessler said. “But getting inside your network’s head, if you will, just isn’t that easy sometimes.”

Paessler added that while every network is different, he and his staff have been working with customers to identify bandwidth spikes for years and have identified the top five most common causes of spikes in traffic, according to Paessler customer feedback:

Top 5 Causes of Sudden Spikes in Network Traffic

-- 1) Scheduled backups inside the LAN: Many backup-to-disk products can be scheduled to run at a specified time, and they may even fully use a 100 MBit connection.

-- 2) Remote backup tools: Products like “IronMountain Connected Backup” or “NovaStor Web” are used to back-up files from a PC onto a server somewhere on the Web. During the backup, they can easily satisfy your outgoing data line.

 -- 3) Virus scanner updates that are distributed inside the LAN.

 -- 4) Mail server problems: We have seen situations where a remote mail server tried to deliver a 15 megabyte mail to a company’s mail server every five minutes -- again and again -- even though the target mail server denied acceptance and discarded the mail. The two SMTP implementations were just a bit incompatible and -- to solve the problem -- the target mail server had to be set to deny access from the remote server’s IP.

 -- 5) Malware outbreaks and hacking attempts.

-- Note: This list excludes situations like large downloads by users on the LAN or the usage of file sharing and torrent-like products.

IT teams can use the list above as a guide or point of reference when their bandwidth monitoring solution indicates a peak in traffic. Yet, Paessler said, the best and essentially only way for IT teams to know exactly what’s causing traffic spikes is to dedicate some staff time to good-old-fashioned network troubleshooting:

Steps You Can Take to Find Out What’s Causing the Spikes

-- 1) Try to find a pattern in the spikes. For example, do they appear roughly at the same intervals or at the same time of each day? Do they show up during business hours (more likely that a user is causing the peak) or later (more likely a scheduled issue)?

 -- 2) When you find a pattern, try finding other monitoring points on the monitored system that match these patterns. Compare the pattern with processes on your network (e.g., a CPU load peak of one of your servers may be in-sync with the bandwidth load).

-- 3) Try to analyze the traffic with a proprietary packet sniffer. For modern switched networks, this may not be so easy, but it is the best way to find out which computer system is causing the trouble.

Still, in the end, there is always a chance that the peaks displayed by a bandwidth monitor simply aren’t real, Paessler said. They may be caused by a bug-riddled device or software. Often times, for SNMP-based monitoring, a false spike stems from “counter-overflows” or “counter-rollovers.” In other words, most SNMP devices use 32-bit counters to count the number of bytes transferred via a data line. Depending on the bandwidth usage, the values at some point in time will reach the 32-bit barrier.

About Paessler’s PRTG Traffic Grapher

PRTG Traffic Grapher is an easy to use Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long-term usage trends for their network devices. The most common usage is bandwidth usage monitoring, but you can also monitor many other aspects of your network like memory and CPU utilizations.

Über Paessler AG

Die 1997 gegründete Paessler AG mit Sitz in Nürnberg hat sich auf die Entwicklung leistungsfähiger und benutzerfreundlicher Netzwerk-Software in den Bereichen Netzwerk-Überwachung, -Lasttest und –Analyse spezialisiert. PRTG Traffic Grapher ist als Cisco-kompatible Lösung zur Analyse von Netflow-Daten zertifiziert. Außerdem ist Paesslers IPCheck Server Monitor "IBM Server Proven"- und "Total Storage Proven"-zertifiziert. Das Unternehmen hat Kunden aus allen Branchen. Dazu zählen unterschiedlichste Organisationsformen jeglicher Größenordnung von SOHOs über KMUs bis hin zu global tätigen Konzernen. Produkte von Paessler werden weltweit von Systemadministratoren, Website-Betreibern, Internet Service Providern und anderen IT-Spezialisten eingesetzt. Täglich sind über 150.000 Installationen des Lösungsanbieters in aller Welt im Einsatz. Kostenlose Testversionen und weitere Informationen stehen auf der Homepage www.de.paessler.com zur Verfügung.

Weitere Informationen

Paessler AG
Burgschmietstr. 10
D-90419 Nürnberg

Ansprechpartner

Christian Twardawa
Tel.: +49 (911) 7 39 90 30
Fax: +49 (911) 7 39 90 31
E-Mail: press@paessler.com
www.de.paessler.com

PR-Agentur

Sprengel & Partner GmbH
Nisterstraße 3
D-56472 Nisterau

Ansprechpartner

Olaf Heckmann
Tel.: +49 (26 61) 91 26 0- 0
Fax: +49 (26 61) 91 26 029
E-Mail: olaf.heckmann@sup-pr.de