If you want to analyze top networking talkers via tcpdump on your server, this is explanation how to do that.

First capture traffic with "tcpdump" (this will capture 20K packets, so replace it with something else for example -c 5000 and replace "eth0" to suit your needs):


# tcpdump -tnn -c 20000 -i eth0 -w tcpdump.pcap

Sort nicely whole list:

# tcpdump -r tcpdump.pcap | awk -F "." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr >> top_talkers

Then you can calculate top 10 talkers:

cat top_talkers | awk {'print $4'} | sort | uniq -c | sort -nr | head -n 10