I'm looking for a simple tool to report server bandwidth usage based on IP/Process.
The reason for that is one of our servers is "bleeding" bandwidth and there is a need to find out where it's going.
I'm currently using vnstat, but it only reports usage as far as I know.
We've used "IPAudit" (http://ipaudit.sourceforge.net/) for monitoring/reporting bandwidth usage by host (incoming and outgoing). It gives you pretty granular info about outgoing/incoming ports/protocol and bandwidth - with also granular reporting by traffic type and time (as configured). It's fairly simple to use and easy to setup. Other comparable solutions to this are ntop and Cacti.
Here are some screenshots:
If you already know WHICH server is "bleeding" bandwidth you might just want to try something as simple as installing your IPTraf package.
Personally, I'd just do a tcpdump to identify the "missing" traffic, then match that to the local port with netstat. If it only happens periodically when you're not around, a background tcpdump with netstats every couple of seconds, so you can match it all up afterwards and get to the source of the problem.
I use collectd (http://collectd.org/) to monitor bandwidth usage on an interface+direction basis amongst other things and it has a module that can report in a more fine grained manner based on iptables rules (http://collectd.org/wiki/index.php/Plugin:IPTables), so that might be a solution for you.
Setup rules that match what you wish to monitor (i.e. a given IP address destination/source and/or a particular port) that do nothing but match and ask collectd to monitor the packet and byte counts for those new rules. If you already have rules for each interface and/or port (because your firewall rejects by default and only allws specific matches through) just make sure these rules have identifiable comments instead of creating new ones.
Once collectd is monitoring things and populating the rrd files you can use and rrdtool or any wrapper for it to visualise the data. I currently use a slightly modified version of http://haroon.sis.utoronto.ca/rrd/scripts/ though there are many other options out there.
I ended up using http://bandwidthd.sourceforge.net/, very easy setup and shows the info I need, thanks for your suggestions.
From: