Oct 152008

DarkStat is a simple Packet Sniffing Network Traffic/Bandwidth monitoring utility for Linux and UNIX. DarkStat relies on libpcap and presents simple webinterface with nice graphs and stats auto-refreshed.

Darkstat uses a very low footprint and the memory, CPU usage. DarkStat runs in the background of many Cable/DSL routers and are used in pfSense, redWall opensource firewalls.

Features include

Traffic graphs, reports per host, shows ports for each host
Embedded web-server with deflate compression
Asynchronous reverse DNS resolution using a child process
Small, Portable, Single-threaded, Efficient and Uncomplicated

Install DarkStat

DarkStat can be installed using one of the following 1-click installs based on your openSUSE version.

openSUSE 11.0
1-click install for openSUSE
openSUSE 10.3
1-click install for openSUSE

This should download the YaST MetaPackage file (YMP) and launch the YaST Package manager for installation. Click next on the window showing the selected repositories and next again on the package selection window and finally click Next on the installation proposal window. This should add the required repositories (click import when prompted to import the GPG Keys) and install DarkStat and required dependencies. Click Finish when the installation is completed succesfully.
Repository selection Package selection

Installation proposal Successful installation
Once installed, dartstat executable is loaded under at /usr/sbin/darkstat

opensuse11:~ # which darkstat

While you can run with a lot of customization like the protocols ports IP Addresses networks, a simple way to run would be to run with the interface to monitor traffic.

opensuse11:~ # /usr/sbin/darkstat -i wlan0

This starts and keeps sniffing in the background. By default, darkstat serves the graphs at http://localhost:667 or http://<IP address>:667.

To view the graphs, go to http://localhost:667 if browsing from the local pc or from (where the IP here is IP Address of my system where it runs)
Graphs Hosts
The graphs autorefresh every seconds however this can be modified and/or turned off.

For more options

opensuse11:~  # darkstat
darkstat 3.0.711 (built with libpcap 2.4)

usage: darkstat [ -i interface ]
[ -r file ]
[ –pppoe ]
[ –verbose ]
[ –no-daemon ]
[ –no-promisc ]
[ –no-dns ]
[ -p port ]
[ -b bindaddr ]
[ -f filter ]
[ -l network/netmask ]
[ –chroot dir ]
[ –user username ]
[ –daylog filename ]
[ –import filename ]
[ –export filename ]
[ –pidfile filename ]
[ –hosts-max count ]
[ –hosts-keep count ]
[ –ports-max count ]
[ –ports-keep count ]
[ –highest-port port ]

Please refer to the darkstat(1) manual page for further
documentation and usage examples.

Also, get more details from a wonderful man page

opensuse11:~ # man darkstat

Click here to visit the project homepage