Darkstat – A Web Based Linux Network Traffic Analyzer

Darkstat is a cross-platform, lightweight, simple, real-time network statistics tool that captures network traffic, computes statistics concerning usage, and serves the reports over HTTP.

Darkstat Features:

  • An integrated web-server with deflate compression functionality.
  • Portable, single-threaded and efficient Web based network traffic analyzer.
  • The Web interface shows traffic graphs, reports per host and ports for each host.
  • Supports asynchronous reverse DNS resolution using a child process.
  • Support for IPv6 protocol.


  • libpcap – a portable C/C++ library for network traffic capture.

Being small in size, it uses very low system memory resources and it is easy to install, configure and use in Linux as explained below.

How to Install Darkstat Network Traffic Analyzer in Linux

1. Luckily, darkstat is available in the software repositories of mainstream Linux distributions such as RHEL/CentOS and Debian/Ubuntu.

$ sudo apt-get install darkstat		# Debian/Ubuntu
$ sudo yum install darkstat		# RHEL/CentOS
$ sudo dnf install darkstat		# Fedora 22+

2. After installing darkstat, you need to configure it in the main configuration file /etc/darkstat/init.cfg.

$ sudo vi /etc/darkstat/init.cfg

Note that for the purpose of this tutorial, we will only explain mandatory as well as important configuration options for you to start using this tool.

Now change the value of START_DARKSTAT from no to yes and set the interface darkstat will listen on with the INTERFACE option.

And also uncoment DIR=”/var/lib/darkstat” and DAYLOG=”–daylog darkstat.log” options to specify its directory and log file respectively.

INTERFACE="-i ppp0"
# File will be relative to $DIR:
DAYLOG="--daylog darkstat.log"

3. Start the darkstat daemon for now and enable it to start at system boot as follows.

------------ On SystemD ------------ 
$ sudo systemctl start darkstat
$ sudo /lib/systemd/systemd-sysv-install enable darkstat
$ sudo systemctl status darkstat

------------ On SysV Init ------------
$ sudo /etc/init.d/darkstat start
$ sudo chkconfig darkstat on
$ sudo /etc/init.d/darkstat status

4. By default, darkstat listens on port 667, so open the port on firewall to allow access.

------------ On FirewallD ------------
$ sudo firewall-cmd --zone=public --permanent --add-port=667/tcp
$ sudo firewall-cmd --reload

------------ On IPtables ------------
$ sudo iptables -A INPUT -p udp -m state --state NEW --dport 667 -j ACCEPT
$ sudoiptables -A INPUT -p tcp -m state --state NEW --dport 667 -j ACCEPT
$ sudo service iptables save

------------ On UFW Firewall ------------
$ sudo ufw allow 667/tcp
$ sudo ufw reload

5. Finally access the darkstat web interface by going to URL http://Server-IP:667.

Darkstat Network Traffic Analyzer

Darkstat Network Traffic Analyzer

You can reload graphs automatically by clicking on and off buttons.

Manage Darkstat From Command Line in Linux

Here, we will explain a few important examples of how you can operate darkstat from the command line.

6. To collect network statistics on the eth0 interface, you can use the -i flag as below.

$ darkstat -i eth0

7. To serve web pages on a specific port, include the -p flag like this.

$ darkstat -i eth0 -p 8080

8. To keep an eye on network statistics for a given service, use the -f or filter flag. The specified filter expression in the example below will capture traffic concerned with SSH service.

$ darkstat -i eth0 -f "port 22"

Last but not least, if you want to shut darkstat down in a clean way; it is recommended to send SIGTERM or SIGINT signal to the darkstat parent process.

First get the darkstat parent process ID (PPID) using the pidof command:

$ pidof darkstat

Then kill the process like so:

$ sudo kill -SIGTERM 4790
$ sudo kill -15 4790

For additional usage options, read through the darkstat manpage:

$ man darkstat

Reference Link: Darkstat Homepage

You may also like to read following related articles on Linux network monitoring.

  1. 20 Command Line Tools to Monitor Linux Performance
  2. 13 Linux Performance Monitoring Tools
  3. Netdata – A Real-Time Linux Performance Monitoring Tools
  4. BCC – Dynamic Tools for Linux Performance and Network Monitoring

That’s It! In this article, we have explained how to install and use darkstat in Linux to capture network traffic, calculates usage, and analyze reports over HTTP.

Do you have any questions to ask or thoughts to share, use the comment form below.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.