sudo iftop -i eth0 -n
sudo iftop -i eth1 -nHere are several methods to check which IP addresses are using the most bandwidth on your VyOS router:
Method 1: iftop (Real-time, Most Visual)
# Install iftop if not already installed
sudo apt update
sudo apt install iftop
# Monitor WAN interface (shows top connections)
sudo iftop -i eth2.201
# Show by source IP
sudo iftop -i eth2.201 -P
# Show LAN interface traffic
sudo iftop -i br0
# Useful iftop options while running:
# Press 'T' - toggle display mode (show totals)
# Press 'n' - don't resolve hostnames (faster)
# Press 's' - show source hosts
# Press 'd' - show destination hosts
# Press 't' - toggle between display modes
Method 2: vnStat (Historical Bandwidth Tracking)
# Install vnstat
sudo apt install vnstat
# Initialize monitoring for interfaces
sudo vnstat -u -i eth2.201
sudo vnstat -u -i br0
# View statistics
vnstat -i eth2.201
# Live monitoring
vnstat -l -i eth2.201
# View hourly stats
vnstat -h -i eth2.201
# View daily stats
vnstat -d -i eth2.201
Method 3: nload (Simple Real-time Bandwidth)
# Install nload
sudo apt install nload
# Monitor WAN interface
nload eth2.201
# Monitor multiple interfaces
nload eth2.201 br0 br1
Method 4: bmon (Bandwidth Monitor)
# Install bmon
sudo apt install bmon
# Run bandwidth monitor
bmon
# Specific interface
bmon -p eth2.201
Method 5: Using VyOS Flow Accounting (Built-in)
Configure flow accounting first:
configure
# Enable NetFlow/sFlow on WAN interface
set system flow-accounting interface eth2.201
set system flow-accounting interface br0
# Configure where to send flow data (optional - for external collector)
set system flow-accounting netflow server 192.168.51.1 port 2055
commit
save
Then view flows:
# Show active flows
show flow-accounting interface eth2.201
# Show top talkers
show flow-accounting interface eth2.201 | match <your-criteria>
Method 6: Simple Connection Tracking
# Show current connections with bandwidth usage
sudo conntrack -L -o extended | awk '{print $7}' | sort | uniq -c | sort -rn | head -20
# Show active connections from LAN
sudo conntrack -L | grep 192.168.51 | awk '{print $5}' | cut -d= -f2 | sort | uniq -c | sort -rn | head -20
Method 7: tcpdump with Analysis
# Capture traffic and analyze by IP
sudo tcpdump -i eth2.201 -nn -q -t | awk '{print $3}' | cut -d. -f1-4 | sort | uniq -c | sort -rn | head -20
# Monitor specific subnet (your LAN)
sudo tcpdump -i eth2.201 -nn src net 192.168.51.0/24 | awk '{print $3}' | cut -d. -f1-4 | sort | uniq -c | sort -rn
Method 8: IPtraf-ng (Comprehensive)
# Install iptraf-ng
sudo apt install iptraf-ng
# Run interactive monitor
sudo iptraf-ng
# Then select:
# - "IP traffic monitor" for detailed per-connection stats
# - "Statistical breakdowns" for per-protocol stats
# - Choose interface: eth2.201 or br0
Method 9: Create a Simple Monitoring Script
# Create a bandwidth monitoring script
sudo nano /config/scripts/bandwidth-monitor.sh
Add this content:
#!/bin/bash
echo "Top 10 Bandwidth Users (by connections):"
echo "=========================================="
# Count connections by source IP
conntrack -L 2>/dev/null | \
grep -oP 'src=\K[0-9.]+' | \
grep '^192.168.51\.' | \
sort | uniq -c | sort -rn | head -10 | \
awk '{printf "%-15s : %s connections\n", $2, $1}'
echo ""
echo "Active QoS Statistics:"
echo "======================"
tc -s class show dev eth2.201 | grep -E "class|Sent"
Make it executable:
sudo chmod +x /config/scripts/bandwidth-monitor.sh
# Run it
sudo /config/scripts/bandwidth-monitor.sh
Recommended Quick Method:
For immediate results, use iftop:
sudo apt install iftop -y
sudo iftop -i eth2.201 -P -n
This will show you:
- Real-time bandwidth usage
- Source and destination IPs
- Current, average, and cumulative bandwidth
- Easy to read interface
Best Long-term Solution:
Set up vnStat for historical tracking:
sudo apt install vnstat -y
sudo vnstat -u -i eth2.201
sudo vnstat -u -i br0
sudo systemctl enable vnstat
sudo systemctl start vnstat
# Check stats anytime
vnstat -i eth2.201 -t # Top 10
Which method would you like to implement first?