Darkstat - Nework Traffic Analyzer or Network Monitor



What is Darkstat ?



darkstat is a network statistics gatherer.



Effectively, it's a packet sniffer which runs as a background process on a

cable/DSL router, gathers all sorts of useless but interesting statistics,

and serves them over HTTP.



Darkstat Features



Traffic graphs.



Tracks traffic per host.



Tracks traffic per TCP and UDP port for each host.



Embedded web-server with deflate compression.



Asynchronous reverse DNS resolution using a child process.



Small. Portable. Single-threaded. Efficient.

Download Darkstat



http://dmr.ath.cx/net/darkstat/

Installing Darkstat in Debian



#apt-get install darkstat



Reading package lists... Done

Building dependency tree... Done

The following NEW packages will be installed

darkstat

0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.

Need to get 59.7kB of archives.

After unpacking 426kB of additional disk space will be used.

WARNING: The following packages cannot be authenticated!

darkstat

Install these packages without verification [y/N]? y

Get: 1 http://mirror.ox.ac.uk stable/main darkstat 2.6-7 [59.7kB]

Fetched 59.7kB in 0s (264kB/s)

Preconfiguring packages ...

Selecting previously deselected package darkstat.

(Reading database ... 41155 files and directories currently installed.)

Unpacking darkstat (from .../darkstat_2.6-7_i386.deb) ...

Setting up darkstat (2.6-7) ...



This will finish the installation.Once you finish the installation you need to edit the the file located at /etc/darkstat/init.cfg



# Turn this to yes when you have configured the options below.

START_DARKSTAT=no



to



START_DARKSTAT=yes



Now you need to start the darkstat using the following command



#/etc/init.d/darkstat start



This will start the darkstat process



If you want to run darkstat from command line



#darkstat



darkstat v2.6 using libpcap v2.4 (i386-pc-linux-gnu)

Firing up threads...

Sniffing on device eth0, local IP is 172.2.15.10

DNS: Thread is awake.

GRAPH: Starting at 38 secs, 42 mins, 8 hrs, 30 days.

Can't load db from darkstat.db, starting from scratch.

ACCT: Capturing traffic...

Point your browser at http://localhost:666/ to see the stats.



Now you can access your network monitor using the http://youripaddress:666



If you want more options and How to use darkstat check darkstat man page



Darkstat Screenshots

Here is the some of the screenshots for darkstat v2.6

Main Screen



Hosts Screen

Hosts screen you can see all the machines which take part in the communication. These can be arranged by the caused traffic or their particular IP address.



Ports Screen

Ports Screen you can see the port numbers which are used by server and client applications. You can immediately recognize the port numbers which are used by the following daemons: 666 (darkstat), 80 (http)



Protocols Screen

Protocols Screen protocols ICMP,TCP,IGP and UDP for the file transmission, which were involved in the communication event.



Graphs Screen