the live traffic through your Linux router can be viewed with "iftop" command, and this is explained in my previous post here.
But often as a network administrator, you may want to find out who has a regular habbit of using bandwidth in your network. Since iftop gives the current traffic data, you cant simply guess the user/machine on the top uses the bandwidth always.
If you want to check historical traffic with bandwidth usage , there's the
netflow data your Linux router is collecting, which can be examined with
"nfdump" utility.
in order to know the top 10 talkers by source and
destination address in your network, for the entire historical data, you
might run:
nfdump -R /var/lib/netflow -n 10 -s record/bytes -A srcip4/32,dstip4/32 "net XX.XX.0.0/16"
If you find this tool helpful, or if you have any questions, please feel free to comment