I've got a router at another location of my company that been having some unexplained activity that I've been asked to investigate. The router in question is their border router to their ISP. Throughout the night, traffic is pretty much nil except for a period every single night from about 4am to 5am, when the inbound traffic suddenly goes to about 80% of their bandwidth. This is according to the ISP provided stats page which is run on the serial port on the ISP's side.
I don't really have many formal tools to handle situations like this. Usually, I use gathered statistics, ip accounting, and debugging when things like this occur in the middle of the day when I'm at my desk.
What can I use to find out what's going on?
Thanks!