CentOS - Jan 2009 - monitor invidiual client (PC) network traffic to server?

We have DELL servers with CENTOS 3 and 4 installed. Application is client/server
type.

Does there has way monitor invidual client (PC) network traffic to server?

Thanks.


     
______________________________________________________________________________________________________
?????????Yahoo!??????2.0????????????? http://tw.mg0.mail.yahoo.com/dc/landing

----- "mcclnx mcc" <mcclnx at yahoo.com.tw>
wrote:
> We have DELL servers with CENTOS 3 and 4 installed. Application is
> client/server type.
> 
> Does there has way monitor invidual client (PC) network traffic to
> server?
> 
> Thanks.
Have a look at bandwidthd. It will show your traffic by IP address in multiple
time increments. It is not present in the standard CentOS or rpmforge repos
IIRC. However, its trivial to setup.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

<sarcasm>
"Look Ma! I'm bottom posting so the self-named CentOS list police
don't come a-knockin' "
</sarcasm>

mcclnx mcc wrote:
> We have DELL servers with CENTOS 3 and 4 installed. Application is
client/server type.
>
> Does there has way monitor invidual client (PC) network traffic to server?
>   

nmon can do this, but its fairly involved to setup, and the collection
daemon can use quite a lot of CPU (to do this, you need to sniff all
traffic, categorize the packets by whatever criteria you're interested
in monitoring, and count them)

On Jan 6, 2009, at 6:31 AM, mcclnx mcc wrote:
> We have DELL servers with CENTOS 3 and 4 installed. Application is  
> client/server type.
>
> Does there has way monitor invidual client (PC) network traffic to  
> server?
I would suggest either

A) Run tcpdump from the server with a filter to only examine the  
packets from or to the client.  The server is already receiving these  
packets, so now its just logging them.  Take a bit of disk I/O, but  
usually not a big deal unless this is a database server or file server  
and it slows down file access.  Still usually moot unless DB or I/O  
intensive server.

B) Connect a laptop or workstation to a mirror port on your network  
switch, or whatever your vendor wants to call their 'bridged',  
'administrative' port that receives traffic for all ports.  If you  
have a hub ignore the port 'type' and just plugin.  Now run tcpdump  
again filtering everything but packets from that IP or MAC.

Afterwords you can take the file it creates and open it with wireshark  
to help you dig through it and figure out what was being sent back and  
forth.

Trevor Benson
A1 Networks