Hi,
In my home I have several web servers which I use for gaming and etc. I need a way to count the network traffic. Unfortunately some of the servers are not mine so I don't have a permission to install software. Is there an efficient way to count the network traffic per IP address. I can use HUB or mirror a switch port and mirror the traffic to my pc and use a software to sniff the traffic and count it per IP address. Do you know is there such a script for that purposes for linux?

regards

You should take a look at Wireshark. I don't know whether you can access it with a script, or can even run it on Linux, but it's a very powerful network sniffing tool.

I need only to count the traffic using sniffing not to sniff and analyse the traffic.

If you can get Wireshark to sniff it automatically, you can probably also get the count out of all the stats. You can configure WireShark to only analyse a little bit of the traffic. After all, counting is also analysing traffic, it's just not much analysis

netstat -n | grep "^tcp" | awk '{ print $5 }' | awk -F: ' { print $1 }' | sort | uniq -c | sort -nr

netstat -n
Shows numerical addresses of connections

grep "^tcp"
Filter "Active Internet connections" (otherwise, you'll get a lot of UNIX domain sockets)

awk '{ print $5 }'
Shows just the REMOTE_ADDR:REMOTE_PORT portion of output

awk -F: '{ print $1 }'
Shows just the REMOTE_ADDR portion of output

sort
Sorts output by IP

uniq -c
Removes duplicates and prepends output with occurrence count

sort -nr
Reverse numeric sort puts highest occurrence IPs at the top of the list

ipaudit will listen to your network connection and at intervals give you a summary of every connection pair and how much data was transfered between them. You have available all of the filtering rules that exist in tcpdump so there are lots of options available.

You can even dump the data as a sql statement for easy insertion to a database.

I use it to monitor my kids bandwidth usage and, if necessary, run throttling software to prevent them from using all my available transfer quota.

you can do real-time traffic counting per ip using e.g. iptraf on the server itself. If you want to track the traffic on server to which you dont have access to run any software, then traffic for this server can be seen on router level.

if you dont have access at router level, if these servers are switched on the same location as you are, you can try some sniffing with wireshark as mentioned to get the traffic and then count what you want.