Challenging but interesting task.
I have a Switch, with 5 Servers Connected to it. One of the Switch port(uplink) is connected to the Gateway Router. I have enabled port mirroring for the Uplink port.
I have connected a Linux Server to the Mirrored Port. Now all the packets that are transferred between my 5 Servers and Router will hit my Linux Server.
The requirement is, I have generate a traffic report as following,
Source MAC (Server 1) to Dest MAC (Router) - 10 MB in 2 Hours
Source MAC (Router) to Dest MAC (Server1) - 100 MB in 2 Hours
.... likewise for all servers.
I need to Monitor traffic based on the Mac Address. Is there a tool in linux which can do this.
I have tried iptables, which can give the bytes transferred based on a rule. But iptable rules can be written only for Source Mac Address not for Destination Mac.
Anybody has got some clues .. please help out !