Darkstat - 輕量級的流量記錄軟體
Published by knick,
此軟體可以只監聽特定來源與特定port的流量
darkstat –i eth0 –l 192.168.0.0/255.255.255.0 –f "port 22"
这个协议。其过滤器语法基于tcpdump
-l开关用“网络/掩码”的语法形式定义了一个本地网络,这个网络的所有通信(进入的或离开的)都以图形化的形式显示。-f选项允许用户过滤数据包:
如果啟動出現錯誤
error: getaddrinfo(NULL,667) failed: Name or service not known: Device or resource busy
可使用下面指令啟動
./darkstat -b 0.0.0.0 -i eth0
常用參數說明:
-b:指定嵌入的網頁伺服器IP。(預設0.0.0.0,例:192.168.99.1)
-p:指定嵌入的網頁伺服器port。(預設667,例:-p 8080)
-f:過濾(參考tcpdump)。
-i:網路卡介面。(例:eth0、eth1...等)
-l:定義網段。(例:192.168.99.0/255.255.255.0)
#/usr/sbin/darkstat -p 5566 -i eth1 –f "port 22"
eth1的port:22做流量統計(可在主機的port:5566看結果)
darkstat is an ntop-workalike network statistics gatherer. It runs as a background process on a cable or DSL router, uses libpcap to capture network traffic, and has a Web interface that serves up reports of statistics such as data transferred by host, port, and protocol. It also has a neat bandwidth usage graph.
Author of the program, Emil Mikulic, had "ntop" in use for a long time. But he was disaffected of its stability issues and its bad memory behavior. For this reason he developed "darkstat".
Installation:
OpenSuSe user can use "1-click" installer to install darkstat - here
Ubuntu / debian: $ sudo apt-get install darkstat
To start DarkStat
# darkstat -i eth0where “eth0″ is the interface that you monitor traffic coming in and going out. Change it as in your system.
Now, darkstat starts and sniffs in the background and loads a simple web interface at http://localhost:667 or if you are browsing from a different machine then http://:667 (example: http://192.168.1.1:667)
參考網址
http://www.hackingportal.net/using-sniffer-tool-darkstat/
[Darkstat幫你快速分析網絡通信(組圖)_網絡技巧_網絡_IT專家網]
輕量級的流量記錄軟體(Darkstat for Like-UNIX)