linux

How to calculate the IP on which the traffic goes?

Hello . Need advice on how to deal with this situation.
There is a Centos server. One Internet channel is used by one interface, but there are 2 types of requests, the country's internal network (Tas-ix) and external, these are those that are not included in the country's network, that is, users living outside Uzbekistan.

The problem is that this very external traffic is limited and there is not much of it. EXTERNAL IS CLOSED but not completely, that is, it gave access only to Yandex and Google subnets of search bots. Forbidden on each site access to images in general to all images through robots.txt . 2 sites have different content on one 2-3k pages on the other 500 pages approximately in the Google and Yandex index. But there is another site that has almost 20k pages in Google and Yandex.

And the problem is that recently the consumption has been very strong, namely external traffic per day, almost 1GB of traffic leaves before it took an average of 100-200 MB. Pages on that was not much less than about 1000 pages less. There was a need to calculate exactly where the traffic runs away. And I installed the iptraf program to identify the most expensive IP addresses by traffic, but there is logging as I understand each packet in general, and I would just like to find out how much traffic went to each IP.

Is there a way to find out? Does it support Iptraf or do you need something else. And how to implement it? Thank you all in advance for your help.