DarkStat

Description

darkstat  is a packet sniffer that runs as a background process, gathers all sorts of statistics about network usage, and serves them over HTTP.

Darkstat is a simple, web based network traffic analyzer application. It keeps running in the background as a daemon and continues collecting  and sniffing network data and presents it in easily understandable format within its web interface. It can generate traffic reports for hosts, identify which ports are open on some particular host and is IPV 6 complaint application.

Effectively, it’s a packet sniffer which runs as a background process on a
cable/DSL router, gathers all sorts of useless but interesting statistics,
and serves them over HTTP.

It is an ntop-workalike network statistics gatherer. It runs as a background process on a cable or DSL router, uses libpcap to capture network traffic, and has a Web interface that serves up reports of statistics such as data transferred by host, port, and protocol.

 DarkStat Features

Traffic graphs.

Tracks traffic per host.

Tracks traffic per TCP and UDP port for each host.

Embedded web-server with deflate compression.

Asynchronous reverse DNS resolution using a child process.

Small. Portable. Single-threaded. Efficient.

Usage

Syntax

  darkstat [ -i interface ] [ -r file ] [ --snaplen bytes ] [ --pppoe ] [
       --syslog ] [ --verbose ] [ --no-daemon ] [ --no-promisc ] [ --no-dns  ]
       [ --no-macs ] [ --no-lastseen ] [ -p port ] [ -b bindaddr ] [ -f filter
       ] [ -l network/netmask ] [  --chroot  dir  ]  [  --user  username  ]  [
       --daylog  filename  ]  [  --import  filename  ] [ --export filename ] [
       --pidfile filename ] [ --hosts-max count ] [  --hosts-keep  count  ]  [
       --ports-max  count  ]  [ --ports-keep count ] [ --highest-port port ] [
       --wait secs ] [ --hexdump ]

Example

cyborg@cyborg:~$ sudo darkstat -i eth0 --verbose -p 80
dark stat (06483): max 1000 hosts, cutting down to 500 when exceeded
dark stat (06483): max 200 ports per host, cutting down to 30 when exceeded
dark stat (06483): starting up
dark stat (06483): daemonizing to run in the background!
dark stat (06483): parent waiting
dark stat (06484): I am the main process
dark stat (06484): DNS child has PID 6485
dark stat (06485): set uid/gid to 65534/65534
dark stat (06484): linktype is 1
dark stat (06484): calculated snaplen minimum 74
dark stat (06484): using snaplen 96
dark stat (06484): capturing in promiscuous mode
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?