I am hosting a website and I found that the traffic on my server is quite high.
My Linux server is behind a router in a DMZ. I would like to see the traffic made on my Linux box on the eth0 interface, based on the public IP address of the client.
I would then like to see which client is stealing my bandwidth.
Or is it better if I do it from my router with DD-WRT?
Thanks!
If you just need a simple curses-based interface, iptraf might be what you need. It shows you what connections are currently going on.
(source: seul.org)
However, if you need something more sophisticated, you could use the ipt_netflow Netfilter-target, which will send all the accounting-data to a Netflow-target.
P.S.: The OpenWRT website gives more pointers about bandwidth-monitoring.
Most DDWRT builds come with an application called RFlow. This application logs the traffic inbound and/or outbound in the router itself, together with the IPAddress, Port and the number of octets.
The data is collected in a database in the network (preferably internal). You could filter out the relevant data from this DB and analyze it.
I think RFlow is a port of the Cisco NetFlow protocol. So there should be a plethora of application floating around, which will help you analyze the data.
