{"id":11487,"date":"2019-03-14T08:56:37","date_gmt":"2019-03-14T08:56:37","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=11487"},"modified":"2019-03-14T08:56:37","modified_gmt":"2019-03-14T08:56:37","slug":"darkstat-a-web-based-linux-network-traffic-analyzer","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/03\/14\/darkstat-a-web-based-linux-network-traffic-analyzer\/","title":{"rendered":"Darkstat \u2013 A Web Based Linux Network Traffic Analyzer"},"content":{"rendered":"<p><strong>Darkstat<\/strong>\u00a0is a cross-platform, lightweight, simple, real-time network statistics tool that captures network traffic, computes statistics concerning usage, and serves the reports over HTTP.<\/p>\n<h4>Darkstat Features:<\/h4>\n<ul>\n<li>An integrated web-server with deflate compression functionality.<\/li>\n<li>Portable, single-threaded and efficient Web based network traffic analyzer.<\/li>\n<li>The Web interface shows traffic graphs, reports per host and ports for each host.<\/li>\n<li>Supports asynchronous reverse DNS resolution using a child process.<\/li>\n<li>Support for IPv6 protocol.<\/li>\n<\/ul>\n<h4>Requirements:<\/h4>\n<ul>\n<li><strong>libpcap<\/strong>\u00a0\u2013 a portable C\/C++ library for network traffic capture.<\/li>\n<\/ul>\n<p>Being small in size, it uses very low system memory resources and it is easy to install, configure and use in Linux as explained below.<\/p>\n<h3>How to Install Darkstat Network Traffic Analyzer in Linux<\/h3>\n<p><strong>1.<\/strong>\u00a0Luckily, darkstat is available in the software repositories of mainstream Linux distributions such as RHEL\/CentOS and Debian\/Ubuntu.<\/p>\n<pre>$ sudo apt-get install darkstat\t\t# Debian\/Ubuntu\r\n$ sudo yum install darkstat\t\t# RHEL\/CentOS\r\n$ sudo dnf install darkstat\t\t# Fedora 22+\r\n<\/pre>\n<p><strong>2.<\/strong>\u00a0After installing darkstat, you need to configure it in the main configuration file\u00a0<strong>\/etc\/darkstat\/init.cfg<\/strong>.<\/p>\n<pre>$ sudo vi \/etc\/darkstat\/init.cfg\r\n<\/pre>\n<p><center>Note that for the purpose of this tutorial, we will only explain mandatory as well as important configuration options for you to start using this tool.<\/center>Now change the value of\u00a0<strong>START_DARKSTAT<\/strong>\u00a0from\u00a0<code>no<\/code>\u00a0to\u00a0<code>yes<\/code>\u00a0and set the interface darkstat will listen on with the\u00a0<strong>INTERFACE<\/strong>\u00a0option.<\/p>\n<p>And also\u00a0<strong>uncoment<\/strong>\u00a0<strong>DIR=\u201d\/var\/lib\/darkstat\u201d<\/strong>\u00a0and\u00a0<strong>DAYLOG=\u201d\u2013daylog darkstat.log\u201d<\/strong>\u00a0options to specify its directory and log file respectively.<\/p>\n<pre>START_DARKSTAT=yes\r\nINTERFACE=\"-i ppp0\"\r\nDIR=\"\/var\/lib\/darkstat\"\r\n# File will be relative to $DIR:\r\nDAYLOG=\"--daylog darkstat.log\"\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a0Start the darkstat daemon for now and enable it to start at system boot as follows.<\/p>\n<pre><strong>------------ On SystemD ------------<\/strong> \r\n$ sudo systemctl start darkstat\r\n$ sudo \/lib\/systemd\/systemd-sysv-install enable darkstat\r\n$ sudo systemctl status darkstat\r\n\r\n<strong>------------ On SysV Init ------------<\/strong>\r\n$ sudo \/etc\/init.d\/darkstat start\r\n$ sudo chkconfig darkstat on\r\n$ sudo \/etc\/init.d\/darkstat status\r\n<\/pre>\n<p><strong>4.<\/strong>\u00a0By default, darkstat listens on port\u00a0<strong>667<\/strong>, so open the port on firewall to allow access.<\/p>\n<pre><strong>------------ On FirewallD ------------<\/strong>\r\n$ sudo firewall-cmd --zone=public --permanent --add-port=667\/tcp\r\n$ sudo firewall-cmd --reload\r\n\r\n<strong>------------ On IPtables ------------<\/strong>\r\n$ sudo iptables -A INPUT -p udp -m state --state NEW --dport 667 -j ACCEPT\r\n$ sudoiptables -A INPUT -p tcp -m state --state NEW --dport 667 -j ACCEPT\r\n$ sudo service iptables save\r\n\r\n<strong>------------ On UFW Firewall ------------<\/strong>\r\n$ sudo ufw allow 667\/tcp\r\n$ sudo ufw reload\r\n<\/pre>\n<p><strong>5.<\/strong>\u00a0Finally access the darkstat web interface by going to URL\u00a0<strong>http:\/\/Server-IP:667<\/strong>.<\/p>\n<div id=\"attachment_26393\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2017\/07\/Darkstat-Network-Traffic-Analyzer.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-26393\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2017\/07\/Darkstat-Network-Traffic-Analyzer.png\" alt=\"Darkstat Network Traffic Analyzer\" width=\"695\" height=\"783\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p class=\"wp-caption-text\">Darkstat Network Traffic Analyzer<\/p>\n<\/div>\n<p>You can reload graphs automatically by clicking\u00a0<code>on<\/code>\u00a0and\u00a0<code>off<\/code>\u00a0buttons.<\/p>\n<h3>Manage Darkstat From Command Line in Linux<\/h3>\n<p>Here, we will explain a few important examples of how you can operate darkstat from the command line.<\/p>\n<p><strong>6.<\/strong>\u00a0To collect network statistics on the\u00a0<strong>eth0<\/strong>\u00a0interface, you can use the\u00a0<code>-i<\/code>\u00a0flag as below.<\/p>\n<pre>$ darkstat -i eth0\r\n<\/pre>\n<p><strong>7.<\/strong>\u00a0To serve web pages on a specific port, include the\u00a0<code>-p<\/code>\u00a0flag like this.<\/p>\n<pre>$ darkstat -i eth0 -p 8080\r\n<\/pre>\n<p><strong>8.<\/strong>\u00a0To keep an eye on network statistics for a given service, use the\u00a0<code>-f<\/code>\u00a0or filter flag. The specified filter expression in the example below will capture traffic concerned with SSH service.<\/p>\n<pre>$ darkstat -i eth0 -f \"port 22\"\r\n<\/pre>\n<p>Last but not least, if you want to shut darkstat down in a clean way; it is recommended to send SIGTERM or SIGINT signal to the darkstat parent process.<\/p>\n<p>First get the darkstat parent process\u00a0<strong>ID<\/strong>\u00a0(<strong>PPID<\/strong>) using the\u00a0<a href=\"https:\/\/www.tecmint.com\/how-to-kill-a-process-in-linux\/\" target=\"_blank\" rel=\"noopener\">pidof command<\/a>:<\/p>\n<pre>$ pidof darkstat\r\n<\/pre>\n<p>Then kill the process like so:<\/p>\n<pre>$ sudo kill -SIGTERM 4790\r\nOR\r\n$ sudo kill -15 4790\r\n<\/pre>\n<p>For additional usage options, read through the darkstat manpage:<\/p>\n<pre>$ man darkstat\r\n<\/pre>\n<p>Reference Link:\u00a0<a href=\"https:\/\/unix4lyfe.org\/darkstat\/\" target=\"_blank\" rel=\"nofollow noopener\">Darkstat Homepage<\/a><\/p>\n<p>You may also like to read following related articles on Linux network monitoring.<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/command-line-tools-to-monitor-linux-performance\/\" target=\"_blank\" rel=\"noopener\">20 Command Line Tools to Monitor Linux Performance<\/a><\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/linux-performance-monitoring-tools\/\" target=\"_blank\" rel=\"noopener\">13 Linux Performance Monitoring Tools<\/a><\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/netdata-real-time-linux-performance-network-monitoring-tool\/\" target=\"_blank\" rel=\"noopener\">Netdata \u2013 A Real-Time Linux Performance Monitoring Tools<\/a><\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/bcc-best-linux-performance-monitoring-tools\/\" target=\"_blank\" rel=\"noopener\">BCC \u2013 Dynamic Tools for Linux Performance and Network Monitoring<\/a><\/li>\n<\/ol>\n<p>That\u2019s It! In this article, we have explained how to install and use darkstat in Linux to capture network traffic, calculates usage, and analyze reports over HTTP.<\/p>\n<p>Do you have any questions to ask or thoughts to share, use the comment form below.<\/p>\n<p><a href=\"https:\/\/www.tecmint.com\/darkstat-web-based-linux-network-traffic-analyzer\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Darkstat\u00a0is a cross-platform, lightweight, simple, real-time network statistics tool that captures network traffic, computes statistics concerning usage, and serves the reports over HTTP. Darkstat Features: An integrated web-server with deflate compression functionality. Portable, single-threaded and efficient Web based network traffic analyzer. The Web interface shows traffic graphs, reports per host and ports for each host. &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/03\/14\/darkstat-a-web-based-linux-network-traffic-analyzer\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Darkstat \u2013 A Web Based Linux Network Traffic Analyzer&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11487","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/11487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=11487"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/11487\/revisions"}],"predecessor-version":[{"id":11488,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/11487\/revisions\/11488"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=11487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=11487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=11487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}