How to install and use Darkstat in Linux to analyze network traffic on Ubuntu.
What is Darkstat?
Darkstat is a free code tool thanks to which we can capture network traffic in real time, generate reports from servers over HTTP or calculate the use of the statistics-based network.
- Generates network traffic graphs per team deploying each used port.
- Supports IPv6 addressing.
- It is light and portable.
- It can be embedded within the web server.
- Support asynchronous DNS resolutions.
- It has a web interface for its use.
Step 1: Install Darkstat
To start the Darkstat installation process we will execute one of the following commands:
sudo apt-get install darkstat (Debian & Ubuntu) sudo yum install darkstat (RedHat or CentOS) sudo dnf install darkstat Fedora or Debian)
Step 2: Configure Darkstat
Once installed we proceed to the configuration of the Darkstat file which is found in the following path /etc/darkstat/init.cfg and for this, we can use the desired editor:
sudo nano /etc/darkstat/init.cfg
In the displayed file it will be necessary to take into account modify the following:
- On the line START_DARKSTAT change the value from no to yes
- Assign the correct network interface in the INTERFACE field
- Uncomment the DIR, PORT, BINDIP and LOCAL lines
We can assign the desired listening port in the PORT field and define the private IP addresses in the BINDIP field if necessary.
We save the changes using the key combination Ctrl + O, and we left the editor using Ctrl + X.
Step 3: Start Darkstat Services
Once the file is configured, we proceed to start the service and check the status of it, for this we will execute the following commands.
In distros based on SystemD
sudo systemctl start darkstat sudo /lib/systemd/systemd-sysv-install enable darkstat sudo systemctl status darkstat
On distros based on SysV Init
sudo /etc/init.d/darkstat start sudo chkconfig darkstat on sudo /etc/init.d/darkstat status
Step 4: Enable Listening Port in the Firewall
The next step is to enable port 666, by default, in the firewall so that its communication is active, for this we can use any of the following commands based on the type of firewall used:
sudo firewall-cmd --zone=public --permanent --add-port=666/tcp sudo firewall-cmd –reload
sudo iptables -A INPUT -p udp -m state -- NEW --dport 666 -j ACCEPT sudoiptables -A INPUT -p tcp -m state --state NEW --dport 666 -j ACCEPT sudo service iptables sabe
sudo ufw allow 666/tcp sudo ufw reload
Step 5: Run Darkstat
Once these permissions have been authorized from a browser, we will enter the following syntax.
Upon accessing this will be the environment of Darkstat. There we will be able to see the network traffic in different periods of time. In the same way we can see the status of traffic by teams using the Hosts option.
Manage Darkstat from Console
If we want to work Darkstat from the Ubuntu console, these are the options to use:
Analyze the traffic of an interface:
darkstat -i (interface)
Analyze an interface with a particular port:
darkstat -i (interface) -p 8080
Finish the Darkstat process
To do this, first, execute the pidof darkstat line to obtain the PID of the application and then run the lines to finishing.
kill - SIGTERM 4790 or sudo kill - 15 4790
With Darkstat we can know the network traffic in real time being valuable for all the management tasks required.