I can suggest you tools for monitoring network traffic. iftop is a great tool for real time network traffic monitoring in terminal (you constantly get info who are top downloaders on monitored network
). But if you need a bit more than iftop, then try ntop. Complete network monitoring tool.
Concerning sorting network traffic, where >> sort by IP based on squid and how much >> ntop info. ntop is saving results in database so that wouldn't be a problem. The only problem is that you've got to have it constantly running on one of your linux workstations (but I think it works on other OSs too). For me that's no problem, but many company's have only Win workstations.
Running ntop on server would slow down servers performance, so this option is probably out of question.
Has anybody some other suggestion, because I'm looking for some additional ways to monitor network in real time mostly to track spyware and viruses more efficiently?