So you might check if you have Wi-Fi calling on an iPhone turned on combined with on the MBP. I had a huge (on the order of over 1TB of traffic in 24 hours) that I finally narrowed down to T-Mobile and those settings. It was being misidentified as ExpressVPN traffic, or they’re using ExpressVPN or something similar to route that traffic which is certainly possible.
Could be anything. When I had a USG Pro 4 it misdetected a ton of our traffic. Never could trust what it reported. Maybe UBNT has it working better now but a few years back the inspection feature was worthless in my experience.
This thing is wrong all the time….I wouldn’t worry about it
Is that at home or in the office? If its at home, and you aren’t using it, just block it and see what happens.
Kinda smells like data exfiltration. Even if it’s misidentifying it, that’s a lot of upload data. Their monitoring is also trash though it could just be wrong. Something like Suricata or Snort or some other IDS would be better
Did you ever figure this out? I am experiencing the exact same thing on 3 Apple devices. I seem to have narrowed it down to WiFi calling being turned on but don’t know why that would use so much upload bandwidth.
Good thought but I checked and it’s not enabled on this laptop. Thanks, though!
Why would Apple Private Relay use 1 point 42 damn gigabytes?
Would the brand of VPN even show up on there? I didn’t think it did. I use a few VPNs with heavy traffic and I think it just says tls or something like that
Yeah has to be a glitch. Supposedly this all happened in the span of 4 hours and my 24hr activity is only 94GB.
The modern internet is served largely from CDN at the edge. Without being able to peer into the TLS it’s hard to figure out what’s what.
This has been a nightmare for some of us. I work on consumer electronics and ever since the pandemic we get angry calls ALL THE TIME from customers who just bought Ubiquiti stuff and wonder why our device is using 1TB of traffic a day. We are like duuuude, it’s an 802.11b device powered by a AAA battery. It cannot possibly transmit or receive 1TB a day or I would be winning a Nobel Peace Prize right now for energy breakthrough.
It’s borderline harmful to have something look so pretty but be totally wrong. People really do look at this stuff and think it’s as polished as a Meraki or FortiAnalyzer producing this kind of data.
These metrics are just a gimmick without any actual value. The UDM does not offer deep package inspection which would be required to get detailed reports. Instead it just compares IP/domain and port combinations to a fixed list of services. So if you set up your SSH at port 80, the UDM would classify it as HTTP traffic for example.
Vpn usually has torrent traffic iin it, and torrent seeding can totally mean a ton of upload.
For me its actually really accurate
If that were the case, the traffic would be incoming. In the OP’s screenshot all of the ExpressVPN traffic was outgoing.
That aren’t upload speeds. That are total traffic stats.
So this is my laptop & and I know for sure I don’t use ExpressVPN. I also don’t pirate content so not sure how I supposedly uploaded 1.6TB of data. I don’t do anything at all to warrant that.
Unfortunately not. I don’t think is was anything actually. I don’t use my laptop enough to have downloaded over a tb of anything.
What about on any iOS devices used on the network?
Edit: ignore me; thought it was network not device.