How to debug (identify source/dest, etc...) traffic spikes shown on the performance graph?

How to debug (identify source/dest, etc...) traffic spikes shown on the performance graph?

How to debug (identify source/dest, etc...) traffic spikes shown on the performance graph?
How to debug (identify source/dest, etc...) traffic spikes shown on the performance graph?
2024-09-18 19:13:50
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.2 Build 20240324 Rel.42799

The performance charts, especially for router WAN uplink(s) are great for identifying high-level events - but I'm getting stuck "drilling down" into useful/actionable details...

...e.g. I see a large spike of downloaded data (>2Gigs) between 3:25am and 3:50am, which is rather unexpected. How can I find out what client(s) contributed to the spike? No other datapoints seem to be time-based to correlate... and going into Users under Application analytics and sorting by Upload for the day doesn't show anything close to this spike (most displays seem to be day-based time window rather than hour or minute as well):

 

Traffic spike, but from what

 

I can look at the other router ports, find which one had a matching traffic pattern (assuming it was visible/single-source), and then trace down to that device... but it feels like this should be easier to correlate among devices... In this case, I can see it is coming from the port going to one switch... so I then swap over to that switch, and I can see it is going to one EAP:

tracing down to the EAP

 

On that EAP I can see the spike as well, but where do I go from there, it gets me no closer to client (which clients were associtated to that AP at that time, what was the various client traffic rates at that time, etc...):

EAP traffic, what next

  0      
  0      
#1
Options
1 Reply
Re:How to debug (identify source/dest, etc...) traffic spikes shown on the performance graph?
2024-09-19 01:48:39

Hi @daubstep 

Thanks for posting in our business forum.

As you have isolated it to a single AP and time frame, you should go to the insight and check the known clients or past connections.

On that day, what device exceeded that amount of data? What device is not powered on at night? Step-by-step to filter that, that should be possible to identify which one has caused the spike.

 

We are not able to locate the specific time as it requires much more resources on the Controller to request the timestamp and usage. Even if it is not in a real-time manner, it still requires much more resources of the device. It does not look possible to implement this yet. FYI.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options