Keep in mind that we do ZERO streaming. No Netflix, no Amazon Prime. DirectTV is not connected to the Internet, so we only use our traffic for Internet. Absolutely insane.
Your Macs should have an app on them called Activity Monitor. With that you should be able to see how much data the Macs themselves are using. Also, make sure they are not connecting to the iCloud. Using the iCloud can chew through data very quickly.
You might want to also think about installing an ad blocker for your browsers. I don't know what browser(s) you use, but AdBlock Plus is the most popular. If you use it, make sure you have a filter enabled and that you have "Allow some non intrusive advertising" UNchecked.
The answer to what is using your data lays with getting a router that will allow you to track every byte of usage by every device including data being consumed by the router itself.
Frankly it is much more likely that something on your Network is using data than your ISP "stealing" data.
Knowledge is King. Lets look at the problem:
Lets take a closer look at a Router:
There are three potential areas of use:
#1: The Routers hardware, settings and "internal services".
Several well known brands of Routers have had vulnerabilities posted in the media recently. There would include Cisco, D-Link and Netgear.
Check your Router's manufactures web-site and do a manual check for firmware updates
Disable any auto-update functions as these have been known to get stuck in a update/fail/update loop using large amounts of data. Because this is happening at the router hardware level the user would most likely be unaware of this activity.
Other settings that should be carefully scrutinized are:
> Make sure that the Routers GUI access has had the default username and password changed <
> Disable all Guest Accounts <
> Disable WPS <
> Disable Remote Access <
> Disable all internal "sync" and "cloud" functions <
The above services can provide a "backdoor" to your internet connection
> Carefully scrutinize the settings and weigh the value of any "internal protective services <
Some of these can use large amounts of data again without your knowledge
All of the above will connect through the Routers WAN port and directly to Point B, the Modem. You won't see this activity but it will be charged against your monthly allowance.
#2: Wired connections
Anything and everything connected to any of the Routers wired LAN ports will have wide open access to your data allowance. Each computer will have 65,536 com ports that can connect. Some will be the result of PROGRAMS that you know are open and can see in operation. Many more will be in the form of PROCESSES, running unseen in the background unless they are being monitored by something similar to Glasswire.
Do not overlook massive usage by devices such as network printers both, wired and wireless, as driver updates among other activities can be very large and under the right circumstances the wireless aspects of a connected printer can allow itself to be used as a "wireless access point" potentially defeating the normal wireless security encryption.
Most Windows based computers can have Glasswire installed on each machine to check usage but other types of measurement may not reflect a true or complete story. Example: Win10's internal usage monitor doesn't consider Windows Update usage to be "usage".
#3: Wireless access.
This is the Big One! The most difficult area and the most likely to be the source of unidentified usage.
> First, is an effective level of wireless encryption enabled? <
If you run an "open wireless network" any and every device that comes within wireless range can and will connect to your network and use data. This would even include the cellphone or other wireless device in the pocket of a visitor.
Do not depend on the usual short range of wireless signals to protect you. Signal radiation patterns and signal strength and directionality can vary greatly due to physical environment and atmospherics.
Secure your wireless network with WPA-PSK at a minimum
With the advent of dual and tri-band routers insure that all wireless frequencies have been encrypted.
> Again be sure that all Guest Accounts have been disabled <
> Again be sure that WPS has been disabled <
> Be very careful of the settings and permissions afforded to wireless printers.<
The easiest solution is to obtain a router that allows you to track data by date, by device IP and also displays statistics of where those devices connected and when:
Your Router is at the heart of your Network. Every bit and byte of data (other than transmission failures) that is used will go through your Router as well as the Modem.
If you wish to have a counterpoint to your ISP's usage meter the best spot is your Router itself.
Check your Routers capabilities to see if it offers Traffic Monitoring in some manner.
If not, the most straight forward way to a concrete answer and the greatest control would be to upgrade your Router to one that offers that feature.
I have an Asus RT-AC3100. There are other Asus models that offer the Traffic Analyzer function but read carefully.
The Asus interface details usage by date range, device name and device IP:
It also provides statistical data per device:
If your present Router doesn't offer these features and you are unwilling to upgrade then the only other alternative is to change the wireless encryption passkey on all wireless frequencies so that absolutely no wireless activity can take place. In addition you will need to audit every setting outlined in all categories outlined above in #1 Hardware, #2 Wired and #3 wireless.
At that point generate a new wireless passkey and install it in only a single device ... just one, no more.
Monitor your usage over a period of time. Understand that, that type of activity is sporadic and may take quite some time to reoccur,
Add one device back in at a time, over time. Eventually that activity will reoccur. The more time and the more devices that are added the "fuzzier" the picture of the culprit will be.
Truly the answer lays in having a router that provides the tools you need to monitor and maintain your Network.
Hard data and controlled measurement will help a lot more than supposition.
We see where users frequently complain that their ISP is 'stealing' their data and this is based on ... nothing ... nothing more than pure supposition.
Many users that take this position absolutely refuse to gather data to support their point or educate themselves on what goes on in a networked connection and how to employ tools and procedures to measure and control their data use.
Data is consumed by installed programs and background processes. In some cases data can be 'consumed' by hardware in respect to auto firmware updates and perhaps compounded on occasion by update/fail/update loops. Hardware vulnerabilities can be exploited that can lead to unexplained usage ... WPS being an example.
Hardware settings can lead to unexplained usage. Many routers offer internal services and cloud based activities that can use considerable data if enabled.
Poor wireless security either through missing or weak encryption (think WEP here) or overlooked Guest Account access will lead to data leaks.
If users are going to complain of data loss then they should invest in a router that tracks all data that passes through the router. That will pinpoint the 'leaks'. Once a user knows where to look, the issue is well on the way to being solved.
I have a Asus RT-AC3100 that allows data tracking by date per device:
Displays statistics and overall hours that activity occurred:
Can zero in on the hours of activity and usage category of a single device:
Users that have ISP's with data caps need to understand the 'shape' of their Network and where key measurement points are located. Without that understanding, its just guesswork and supposition.