Here are several methods to check bandwidth usage for those specific IPs:
Method 1: iftop (Real-time, Best for Live Monitoring)
# Install if needed
sudo apt install iftop -y
# Monitor traffic for 192.168.100.10 (DMZ)
sudo iftop -i br1 -f "host 192.168.100.10"
# Monitor traffic for 192.168.51.203 (LAN)
sudo iftop -i br0 -f "host 192.168.51.203"
# Monitor both IPs at once on WAN interface
sudo iftop -i eth2.201 -f "host 192.168.100.10 or host 192.168.51.203"
# Show totals (press 'T' while iftop is running)
# Press 'n' to not resolve hostnames (faster)
Method 2: iftop with Better Filtering
# For DMZ host - show all traffic
sudo iftop -i eth2.201 -F 192.168.100.0/24 -f "host 192.168.100.10" -P -n
# For LAN host - show all traffic
sudo iftop -i eth2.201 -F 192.168.51.0/24 -f "host 192.168.51.203" -P -n
Method 3: Connection Tracking (Current Connections)
# Show active connections for 192.168.100.10
sudo conntrack -L | grep 192.168.100.10
# Show active connections for 192.168.51.203
sudo conntrack -L | grep 192.168.51.203
# Count connections per IP
echo "Connections for 192.168.100.10:"
sudo conntrack -L | grep -c 192.168.100.10
echo "Connections for 192.168.51.203:"
sudo conntrack -L | grep -c 192.168.51.203
Method 4: tcpdump with Byte Counting
# Monitor 192.168.100.10 for 60 seconds and count bytes
sudo timeout 60 tcpdump -i eth2.201 -nn host 192.168.100.10 -q 2>/dev/null | wc -l
# More detailed - capture and calculate bandwidth
sudo tcpdump -i eth2.201 host 192.168.100.10 -nn -tttt -q
# For 192.168.51.203
sudo tcpdump -i eth2.201 host 192.168.51.203 -nn -tttt -q
Method 5: Create a Monitoring Script
Create a script to monitor both IPs:
sudo nano /config/scripts/monitor-ips.sh
Add this content:
#!/bin/bash
IP1="192.168.100.10"
IP2="192.168.51.203"
echo "Bandwidth Monitor for Specific IPs"
echo "===================================="
echo "Monitoring: $IP1 and $IP2"
echo ""
# Check connection count
echo "Active Connections:"
echo "-------------------"
CONN1=$(conntrack -L 2>/dev/null | grep -c "$IP1")
CONN2=$(conntrack -L 2>/dev/null | grep -c "$IP2")
printf "%-20s : %d connections\n" "$IP1" "$CONN1"
printf "%-20s : %d connections\n" "$IP2" "$CONN2"
echo ""
echo "Recent Traffic (last 10 connections):"
echo "--------------------------------------"
echo "For $IP1:"
conntrack -L 2>/dev/null | grep "$IP1" | head -10
echo ""
echo "For $IP2:"
conntrack -L 2>/dev/null | grep "$IP2" | head -10
Make it executable and run:
sudo chmod +x /config/scripts/monitor-ips.sh
sudo /config/scripts/monitor-ips.sh
Method 6: IPtraf-ng (Interactive)
# Install
sudo apt install iptraf-ng -y
# Run and filter
sudo iptraf-ng
# Then:
# 1. Select "IP traffic monitor"
# 2. Choose interface: eth2.201
# 3. Press 'F' for filter
# 4. Add filter for your IPs
Method 7: nload with Multiple Views
# Install
sudo apt install nload -y
# Monitor the interface where traffic passes
nload eth2.201
# Note: nload shows total interface traffic, not per-IP
# Use iftop for per-IP monitoring
Method 8: bwm-ng (Bandwidth Monitor Next Generation)
# Install
sudo apt install bwm-ng -y
# Monitor interfaces
bwm-ng -I eth2.201,br0,br1
Method 9: Advanced – Setup Flow Accounting
configure
# Enable flow accounting
set system flow-accounting interface eth2.201
set system flow-accounting interface br0
set system flow-accounting interface br1
commit
save
exit
# Then query flows
show flow-accounting interface eth2.201 | grep 192.168.100.10
show flow-accounting interface eth2.201 | grep 192.168.51.203
Method 10: Real-Time Bandwidth Script
Create a real-time monitoring script:
sudo nano /config/scripts/realtime-bandwidth.sh
Add:
#!/bin/bash
IP1="192.168.100.10"
IP2="192.168.51.203"
echo "Real-time bandwidth monitor for $IP1 and $IP2"
echo "Press Ctrl+C to stop"
echo ""
while true; do
clear
echo "=== Bandwidth Usage Report ==="
echo "Time: $(date)"
echo ""
# Count current connections
CONN1=$(conntrack -L 2>/dev/null | grep -c "$IP1")
CONN2=$(conntrack -L 2>/dev/null | grep -c "$IP2")
echo "Active Connections:"
printf " %-20s : %d\n" "$IP1" "$CONN1"
printf " %-20s : %d\n" "$IP2" "$CONN2"
echo ""
# Show top destinations
echo "Top 5 Destinations for $IP1:"
conntrack -L 2>/dev/null | grep "src=$IP1 " | grep -oP 'dst=\K[0-9.]+' | sort | uniq -c | sort -rn | head -5
echo ""
echo "Top 5 Destinations for $IP2:"
conntrack -L 2>/dev/null | grep "src=$IP2 " | grep -oP 'dst=\K[0-9.]+' | sort | uniq -c | sort -rn | head -5
sleep 5
done
Make executable and run:
sudo chmod +x /config/scripts/realtime-bandwidth.sh
sudo /config/scripts/realtime-bandwidth.sh
Method 11: vnStat per-IP (Long-term Tracking)
vnStat doesn’t track per-IP by default, but you can use iptables rules to count traffic:
configure
# Create custom firewall rules to count traffic for specific IPs
set firewall ipv4 forward filter rule 5 action 'accept'
set firewall ipv4 forward filter rule 5 description 'Count traffic for 192.168.100.10'
set firewall ipv4 forward filter rule 5 source address '192.168.100.10'
set firewall ipv4 forward filter rule 5 log enable
set firewall ipv4 forward filter rule 4 action 'accept'
set firewall ipv4 forward filter rule 4 description 'Count traffic for 192.168.51.203'
set firewall ipv4 forward filter rule 4 source address '192.168.51.203'
set firewall ipv4 forward filter rule 4 log enable
commit
save
Then check counters:
sudo iptables -L -v -n | grep -A2 "192.168.100.10"
sudo iptables -L -v -n | grep -A2 "192.168.51.203"
Recommended Quick Solution:
For immediate, real-time monitoring of both IPs, use:
# Install iftop
sudo apt install iftop -y
# Monitor both IPs on WAN interface
sudo iftop -i eth2.201 -f "host 192.168.100.10 or host 192.168.51.203" -P -n -B
Press:
- T – Show totals (cumulative bandwidth)
- L – Display scale
- j/k – Scroll up/down
This will show you real-time bandwidth usage for both IPs with sent/received data rates.
For historical tracking, run the realtime-bandwidth.sh script I provided above – it updates every 5 seconds and shows connection counts and destinations.
Which method would you like to use?