Darkstat - Nework Traffic Analyzer or Network Monitor
What is Darkstat ?
darkstat is a network statistics gatherer.
Effectively, it's a packet sniffer which runs as a background process on a
cable/DSL router, gathers all sorts of useless but interesting statistics,
and serves them over HTTP.
Darkstat Features
Traffic graphs.
Tracks traffic per host.
Tracks traffic per TCP and UDP port for each host.
Embedded web-server with deflate compression.
Asynchronous reverse DNS resolution using a child process.
Small. Portable. Single-threaded. Efficient.
Download Darkstat
http://dmr.ath.cx/net/darkstat/
Installing Darkstat in Debian
#apt-get install darkstat
Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed
darkstat
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 59.7kB of archives.
After unpacking 426kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
darkstat
Install these packages without verification [y/N]? y
Get: 1 http://mirror.ox.ac.uk stable/main darkstat 2.6-7 [59.7kB]
Fetched 59.7kB in 0s (264kB/s)
Preconfiguring packages ...
Selecting previously deselected package darkstat.
(Reading database ... 41155 files and directories currently installed.)
Unpacking darkstat (from .../darkstat_2.6-7_i386.deb) ...
Setting up darkstat (2.6-7) ...
This will finish the installation.Once you finish the installation you need to edit the the file located at /etc/darkstat/init.cfg
# Turn this to yes when you have configured the options below.
START_DARKSTAT=no
to
START_DARKSTAT=yes
Now you need to start the darkstat using the following command
#/etc/init.d/darkstat start
This will start the darkstat process
If you want to run darkstat from command line
#darkstat
darkstat v2.6 using libpcap v2.4 (i386-pc-linux-gnu)
Firing up threads...
Sniffing on device eth0, local IP is 172.2.15.10
DNS: Thread is awake.
GRAPH: Starting at 38 secs, 42 mins, 8 hrs, 30 days.
Can't load db from darkstat.db, starting from scratch.
ACCT: Capturing traffic...
Point your browser at http://localhost:666/ to see the stats.
Now you can access your network monitor using the http://youripaddress:666
If you want more options and How to use darkstat check darkstat man page
Darkstat Screenshots
Here is the some of the screenshots for darkstat v2.6
Main Screen
Hosts Screen
Hosts screen you can see all the machines which take part in the communication. These can be arranged by the caused traffic or their particular IP address.
Ports Screen
Ports Screen you can see the port numbers which are used by server and client applications. You can immediately recognize the port numbers which are used by the following daemons: 666 (darkstat), 80 (http)
Protocols Screen
Protocols Screen protocols ICMP,TCP,IGP and UDP for the file transmission, which were involved in the communication event.
Graphs Screen
Graphs Screen screen shot shows a summary of the collected time periods as graphs