| |
|
darkstat for OS X you got stats! |
| Q: What is darkstat? A: darkstat is the excellent open-source network traffic analyzer by Emil Mikulic. It sniffs all the data passing through the machine's network interfaces and presents the results graphically in your web browser. Check out the screenshot. Q: Why is this page here? A: So that I can spread the word about how good darkstat is. It really is very good. Trouble was, in the bad old days of Mac OS X, darkstat wouldn't compile without some fussing about, so I put together a package for Puma & Jaguar users, a standard Mac installer with a few extra bits and bobs thrown in (thrown with loving care and attention, I might add - screenshots at the foot of this page), the sort of things we mac users expect. At the time of writing we brushed-alluminium types are up to Panther; a matured and slick OS with most all the nobs on, and screwed in too. Developers, source-builders and the like have never had it so good, darkstat also compiles with no fuss whatsoever. I maintain this package because in reality, only a minority of Mac users have the developers tools installed, but that shouldn't, and doesn't stop folks using this superb network monitoring tool for their homes, networks and servers. In short, this is a place where you can get an up-to-date point-and-click Mac OS X version, and a lot more besides; without all that "messing about in the terminal" stuff. Q: Okay, where can I get this package? A: Right here.. 
If you have any problems with this installer package, please do not bug Emil about it, bug me! Q:What else do I get? A: Aside from the binary itself and its accompanying man page, the installer will install a StartupItem (so you always, got stats), some neat control scripts, and an uninstaller too, things that you can click! Scroll down for pics. Please do check out the darkstat website. There are even a couple of links on there back to here, if you're feeling a bit loopy.. ;o) cor |
|
this screenshot is from
another machine on my LAN. (a peecee) You can monitor your mac's network activity even before aqua loads.. if you have darkstat installed, clicking on this graph will take you to your own stats! |
|
|
 |
 |
||
|
| random word from corzblog: progress |
speedy gonzales timer say this page generated in 0.013 seconds | ssergorp :golbzroc morf drow modnar |
I've got this running on BSD, how can I get blue colors like this one has?
heh, good timing! I only put out the links this morning!
I've updated this page now, with information about this, even a link to the source file.
You are not the first to ask!
;o)
(or
okay, the c source file is there now. oops!
note: I uploaded darkstat 2.6 again today, the uninstaller, while uninstalling fine, didn't remove the package.pkg from the receipts folder (all because of a Capital "D"!) so if you installed twice, the second install would think it was an "upgrade".
Mind you, once you install darkstat, you never want to uninstall it!
;o)
(or
hi! thanks for the nice port!
I'm just wondering why i see nothing logged under the "ports" subpage?
ahh, it was fun.
erm, which "ports" subpage is that? emil's darkstat page links here, as do VersionTracker and MacUpdate. if you think there's another place that should be linking to me, let me know, better still, let them know! heh.
HAHAHHA!
oh THAT ports page! is it totally blank? weird.
maybe something in the darkstat log.
Can Darkstat tell me the in/out of all the ip addresses attached to my local network? Or what is a good program for sniffing out problem machines on a network (i.e., the machine that is slowing down everyone else).
Thanks
My "PORTS" page is blank too. Too bad I cant't get it to monitor en1 ( airport), maybe there is a trick ;)
Nothing ovious in my log...
Tue Jun 1 08:26:40 CDT 2004 : starting service..
darkstat v2.6 using libpcap v2.4 (powerpc-apple-darwin7.2.0)
Firing up threads...
Sniffing on device en0, local IP is 192.168.0.100
DNS: Thread is awake.
WWW: Thread is awake and awaiting connections.
WWW: Compiled without NLS
DOH! it helps to RTFM ;)
sudo /usr/local/bin/sniff -i en1
Glad you got it worked out davehoo, that man page really is excellent, isn't it!
it might be an idea, if you're using another network interface, to edit that into the sniff command itself. You could do a similar thing with the startup item.
Also, if /usr/local/bin is in your PATH (likely), you can just type "sniff", by itself, in a terminal.
anonymous, darkstat can only gather statistics on the machine on which it runs; to get this sort of data you need to run a sniffer with "root" access. If you ran darkstat on them all for a time (if they are *nix machines) you could collate that data perhaps, though even the data from a different machine could provide clues. For instance, you may be receiving a barrage of traffic on port 139, and that might lead you to investigate the possibility of some sort of Samba local master battle, or whatever.
You'll probably want to get closer to the packets, though, using something that allows you to view the actual packet data. check the manpage for tcpdump, there are quite a few mac packet sniffers around that will do the same (many are just front-ends for tcpdump)
Get yourself a copy of nmap see.. http://www.macos.utah.edu/Documentation/maco sx/security/nmap.html NmapFE is a rather good front-end. Point it at a suspect machine and receive much data.
If you have a intel box lying around, a copy of Knoppix STD.. http://www.knoppix-std.org/ would provide all the tools you need, and more.
;o)
(or
With OS X 10.3.4 (panther) I get massive DNS PTR lookups for random ip's (creates about 14'000) pakets in 10 Minutes). I searched for a while and figured after removing /Library/StartUp/Darkstat this behaviosr stoped.
Does anyone now about that?
I'm not up to 10.3.4 yet, but that's some pretty unusual sh*t. I'd be keen to see any log output you have. Maybe apple needs to know something.
Is it darkstat doing the lookups?? that would be weird.
feed info to my usual email address; I'll look into it; or dump small stuff here, maybe someone else knows something.
;o)
(or
I left you an email yesterday with a tcpdump file containing some of theses lookups. I cant say that your code is causing that, but it desapeared after I removed darkstat form StartupItems...
I don't know any tool who can tell me what process is doing dns lookups, at least LittleSnitch can't.
Cheers and enyoj your weekend, netwho
hope y'all enjoyed yer weekend as much as I did! back to work now..
I got the dump, thanks (tcpdump? damn! I gotta read that manpage one day) still trying to decipher that. does tcpdump do human-readable output? /me scatches head. there's an -r option, right? maybe I could pipe that... (still recovering from the weekend here *ahem*)
While I'm certain it's not my code causing the problems (I wrote the installer and mac gui bits only for this port, and the blueness, of course), I'm fairly certain it's not Emil's code, either. More than likely the latest Apple update has nudged pthreads (which are notoriously shakey). Or something along those lines, anyway.
I've just blown my 256MB ram chip on me mac (I work this old iMac too hard, BOOM! so I'm running panther on 96MB just now - no fun! like getting the replacement on the warranty will be! *sigh*) so an OS upgrade isn't on the cards for me just now, to check this out more.
Darkstat 3 is all-new underneath, and doesn't use pthreads at all, emil's working hard on that right now, the link to his site is above. If you have the dev tools installed, try compiling from source (included in the distro), I'd be curious to see if that binary exhibited the same behaviour. We could put it up here, if not.
keep me posted!
;o)
(or
well - i was looking for a traffic monitoring utility and darkstat seems to do the job. is there anyway to reset the sum and zero the traffic data. thanks in advance!
if you remove the darkstat.daylog and darkstat.db files, that should put everything back to zero. turn off darkstat while you do this, of course.
look inside /Library/darkstat/
;o)
(or
ps.. seems like years since I was last here, something feels unfinished, heh. feel free to drop in again if need be, sometimes I need a prod.
Hi cor,
this is so very cool, thank you!
A
for OS X
is sexy
Thanks again,
Tom
a command line 1D10T in Germany
satisfactory
Hello,
Thanks for providing DarkStat. It works great on my PowerMac G5 1.8 GHz DP, but no dice on my PowerBook G4 1.5 GHz. This is odd, because they are basically copies of one another and the Mac OS 10.3 5 data is synchronized daily. When I attempt to open DarkStat via the two browser addresses or by clicking on the link on the web site, I get the dreaded “server cannot be found” error. Anyone have a clue what is happening here?
“Technological change is like an axe in the hands of a pathological criminal.” (Albert Einstein, 1941),
Dr. Z.
yo!
No plans for darkstat3 for OS X yet. coding time is zero just now, but hopefully sometime in the near future. I haven't spoken to Emil for a while, but I'll get the source soon and see how it's looking on OS X.
Dr, sounds weird. Maybe a firewall? Does this happen on a local browser (same machine) ? Is darkstat actually running? Feel free to mail me more data which I will probably deal with in the near future.
;o)
(or
Getting this error when installing darkstat via fink 0.22.2 (distribution 0.7.1):
Filehandle STDIN reopened as STDOUT only for output at /sw/lib/perl5/Debconf/FrontEnd/Dialog.pm line 139.
This is after replying NO to whether I want darkstat to startup automatically at boot.