Darkstat - Nework Traffic Analyzer or Network Monitor
What is Darkstat ?
darkstat is a network statistics gatherer.
Effectively, it's a packet sniffer which runs as a background process on a
cable/DSL router, gathers all sorts of useless but interesting statistics,
and serves them over HTTP.
Tracks traffic per host.
Tracks traffic per TCP and UDP port for each host.
Embedded web-server with deflate compression.
Asynchronous reverse DNS resolution using a child process.
Small. Portable. Single-threaded. Efficient.
Installing Darkstat in Debian
#apt-get install darkstat
Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 59.7kB of archives.
After unpacking 426kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]? y
Get: 1 http://mirror.ox.ac.uk stable/main darkstat 2.6-7 [59.7kB]
Fetched 59.7kB in 0s (264kB/s)
Preconfiguring packages ...
Selecting previously deselected package darkstat.
(Reading database ... 41155 files and directories currently installed.)
Unpacking darkstat (from .../darkstat_2.6-7_i386.deb) ...
Setting up darkstat (2.6-7) ...
This will finish the installation.Once you finish the installation you need to edit the the file located at /etc/darkstat/init.cfg
# Turn this to yes when you have configured the options below.
Now you need to start the darkstat using the following command
This will start the darkstat process
If you want to run darkstat from command line
darkstat v2.6 using libpcap v2.4 (i386-pc-linux-gnu)
Firing up threads...
Sniffing on device eth0, local IP is 18.104.22.168
DNS: Thread is awake.
GRAPH: Starting at 38 secs, 42 mins, 8 hrs, 30 days.
Can't load db from darkstat.db, starting from scratch.
ACCT: Capturing traffic...
Point your browser at http://localhost:666/ to see the stats.
Now you can access your network monitor using the http://youripaddress:666
If you want more options and How to use darkstat check darkstat man page
Here is the some of the screenshots for darkstat v2.6
Hosts screen you can see all the machines which take part in the communication. These can be arranged by the caused traffic or their particular IP address.
Ports Screen you can see the port numbers which are used by server and client applications. You can immediately recognize the port numbers which are used by the following daemons: 666 (darkstat), 80 (http)
Protocols Screen protocols ICMP,TCP,IGP and UDP for the file transmission, which were involved in the communication event.
Graphs Screen screen shot shows a summary of the collected time periods as graphs