Sudden, random, extended spike in data usage

I am running a Multitech linux-based gateway in a remote area managing a LoRaWAN. The gateway has no ethernet connection and all network communication is, therefore, handled via a Hologram SIM. The number of end devices sending data to the gateway is constant as is the amount of data each device sends. So, the total amount of data being relayed/forwarded by the SIM is constant as well.

For some reason, every month or so, there is a sudden spike in cellular traffic of 5-6x normal/expected. This spike lasts for 2-3 days before data usage returns to normal. An evaluation of traffic using Wireshark indicates that the spike is due to a series (8-12) of successful pings from our device every minute to a Google address.

My coworker and I are the only two people that have access to the gateway and, therefore, the only ones capable of initiating the ping. So we know the pings are somehow being generated programatically by the gateway. Multitech is helping us but we have yet to figure out what is going on.

Does anyone have any ideas as to what might be going on and/or how to troubleshoot these sudden seemingly random spikes in our data usage? Also, does anyone have any idea as to how to locate the source of a ping on a device? Any feedback/guidance would be greatly appreciated.

I use ufw to block traffic to domains/ips that I don’t need them to communicate with. I know this doesn’t help pin point what is causing that traffic, but it should solve your problem ( and any similar ones in the future). Ufw is super easy to use.

Thanks for that, @penguinrunner. I’ll check ufw out. I don’t really want to block these addresses (or not just yet anyway) as they might be used in other as yet unkown (to me) ways.