Darkstat -- a Web Based Linux Network Traffic Analyzer

Hi Fremmed,

A quick post on how to sniff network traffic from your Linux systems, gathering networking statistics and serve them over HTTP.

darkstat is a network statistics gatherer. It sniffs packets on a specified interface, accumulates statistics, and serves them up over HTTP. You can find more information’s here:
https://unix4lyfe.org/darkstat/
https://github.com/emikulic/darkstat

Once you started darkstat, I.E: sudo darkstat -i eth0, you’ll get all your local host network traffic and with which remote hosts communications took place over time. As an example:

Image alt

These were the changes I’ve made/edited on my system to have this persistently ON:

$ cat /etc/conf.d/darkstat.conf
DARKSTAT_IFACE="eth0"
DARKSTAT_ARGS="--daylog darkstat.log"

$ cat /usr/lib/systemd/system/darkstat.service
[Unit]
Description=Network statistics gatherer (packet sniffer)
After=network.target

[Service]
Type=simple
EnvironmentFile=/etc/conf.d/darkstat.conf
PIDFile=/run/darkstat.pid
ExecStart=/usr/sbin/darkstat --user "darkstat" --chroot "/var/darkstat" \
          --import "darkstat.dat" --export "darkstat.dat" \
          --pidfile /run/darkstat.pid \
          -b 127.0.0.1 \
          -i "$DARKSTAT_IFACE" $DARKSTAT_ARGS
ExecStopPost=/bin/rm -f /run/darkstat.pid

[Install]
WantedBy=multi-user.target

$ sudo systemctl daemon-reload
$ sudo systemctl enable darkstat.service
$ sudo systemctl start darkstat.service

In my point of view, a very handy tool to spot anything out of the ordinary rather quickly.

Thank you for all the good times,
Obuno

Darkstat – a Web Based Linux Network Traffic Analyzer