When you manage your own server there is this problem of finding a simple tool which would help you figure out where your network bandwidth is going. Especially if you are a developer or you have no training in server administration, once you enter this uncharted territory, this task which looks naive often turns out to be a tedious and very time consuming job. That’s where darkstat comes into rescue. It is simple tool with web UI which upon installing would give you some (useful) graphs about the current traffic situation of your server, or particular network interface in cases when you have to find out what/who is eating your bandwidth. But it’s real power comes from it’s hosts section (second picture).
Darkstat graphs view
The ‘hosts’ section of the interface is especially useful. It gives you a list of (by bandwidth usage) sorted IP addresses. Each of those can be further opened to see the host name for that particular IP address, the ports which were opened on the server while communicating with it, and the in/out/total amount of bandwidth transferred while communicating with that host.
Darkstat hosts view
Of course this by it self won’t give you all the answers you are looking for when your server is under a big load, but it will help you narrow down the possible causes.
Installation procedure (tested on CentOS 6.8)
Let’s get to work. First thing we need to do is install some prerequisites for darkstat, namely the libcap and libcap-devel libraries. Since these packages are part of the standard repository, all you have to do is run the following command as root:
yum install libcap libcap-devel
After this procedure is finished we can continue with the darkstat installation. Change to your home directory (preferably /root/) and then download the latest darkstat package from the following link: darkstat home by using wget:
wget https://unix4lyfe.org/darkstat/darkstat-3.0.719.tar.bz2
Unpack the package with the following command:
tar zxvj ./darkstat-3.0.719.tar.bz2 && cd darkstat-3.0.719
Enter the folder where you unpacked the archive and install the software:
./configure && make && make install
This will complete your installation.
Using darkstat
While the previous versions took over your terminal and you had to run them with the –detach option if you wanted darkstat to start as a daemon, this behavior is removed since v3. Once you start the application (it’s home should be in the /usr/local/sbin/ directory) darkstat will run in background and do it’s magic.
There are also several options which you can use when starting the program. Let’s look at some of them.
-i — add the interface which needs to be monitored, ex:
darkstat -i eth0
-p — add the port where the results would be published to, ex:
darkstat -p 666
-b — bind the port to a specific interface, ex:
darkstat -b 127.0.0.1
-n — turn off persistent DNS resolution if your server is somehow with limited speed/bandwidth or you just need to see IP addresses, ex:
darkstat -n
-e — packet filter exceptions, ex:
darkstat -e "port not 21" (to exclude standard FTP port)
Too see all other available options & program version number:
darkstat -h
Checking out the statistics
All you need to do to access the statistics page is navigate the browser to your server’s IP address and use the port you’ve used in your settings when starting darkstat:
http://ip_address:666
(Hmm… the guy who created this application apparently had some affinities for the dark side, mind the app name and the port number)
Starting darkstat at boot time
As root user navigate to the /etc/rc.d directory. Execute the following command. It will add the command as the last line in the rc.local file and will allow darkstat to run at boot time. Mind the interface name and port number.
echo "/usr/local/sbin/darkstat -i eth0 -p 666" >> rc.local
Do you know any other simple application which would help in this kind of scenario? Please write in the comments bellow, I would love to read about it.
1 Comment
NMDK · 01.09.2017 at 12:59
great blog, helped me to install the darkstat. Thanks.