[CentOS] monitor invidiual client (PC) network traffic to server?

Tue Jan 6 16:56:04 UTC 2009
Trevor Benson <tbenson at a-1networks.com>

On Jan 6, 2009, at 6:31 AM, mcclnx mcc wrote:

> We have DELL servers with CENTOS 3 and 4 installed. Application is  
> client/server type.
> Does there has way monitor invidual client (PC) network traffic to  
> server?

I would suggest either

A) Run tcpdump from the server with a filter to only examine the  
packets from or to the client.  The server is already receiving these  
packets, so now its just logging them.  Take a bit of disk I/O, but  
usually not a big deal unless this is a database server or file server  
and it slows down file access.  Still usually moot unless DB or I/O  
intensive server.

B) Connect a laptop or workstation to a mirror port on your network  
switch, or whatever your vendor wants to call their 'bridged',  
'administrative' port that receives traffic for all ports.  If you  
have a hub ignore the port 'type' and just plugin.  Now run tcpdump  
again filtering everything but packets from that IP or MAC.

Afterwords you can take the file it creates and open it with wireshark  
to help you dig through it and figure out what was being sent back and  

Trevor Benson
A1 Networks