I have a couple of Balena devices running on the other side of the country and are connected to the internet via a 3G dongle that creates a wifi hotspot.
Over the last couple of months, this dongle has been using around 5x the expected amount of data. My initial feeling is that someone has gained access to the network. So far the dongle has used a total of 3GB this month - normal usage is around 600MB per month.
We have no access to the dongle itself to make any changes, so are trying to use the balena device to scan the network for unauthorised devices.
I read online about using nmap to check connected devices, but as these are remote, and I am not the most confident with command line operations, I thought it would be best to post here for some guidance.
What are the recommended steps for debugging high network usage?
We have no direct access to the dongle(router), but the device does have access to it. The port forwarding method you suggested sounds like it could be a viable solution.
I personally use nmap when I am working with non-balena devices. You could push a container that has the right network access (perhaps network_mode: host will be required. Read more about it here) that runs something like nmap -sP 192.168.2.1/24 assuming that’s the subnet for your access point. This command will scan for all the available devices connected to your ap and give you an idea about what devices are connected to it.
I’d recommend that you try this locally on a development device, before pushing it over 3G to your devices in the field. That way you’d be able to test it without using additional data
