How to install and use Darkstat web based Linux Network Traffic Analyzer

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


If you are a system administrator managing a Linux server, you want a simple tool that helps to monitor your server.

Darkstat is a cross-platform, lightweight, simple, real-time network statistics tool that captures network traffic, computes statistics concerning usage, and serves the reports over HTTP.

Install Darkstat

  • For Ubuntu and Debian operating systems, run:
sudo apt-get install darkstat -y
  • For CentOS and RHEL operating systems, run:
dnf install darkstat -y

Configure Darkstat

  • Edit the Darkstat main configuration file and define your network interface, port, and listening IP address
vim /etc/darkstat/init.cfg
  • Then modify on this value as follow
INTERFACE="-i ens33"
PORT="-p 667"
DAYLOG="--daylog darkstat.log"

Note: you can know the name of your interface with running the command below

nmcli c s 
  • Restart the Darkstat service
systemctl restart darkstat

Check the status of Darkstat

systemctl status darkstat

Access Darkstat via Web UI

  • Darkstat is running and listening on port 667. You can check it with the following command:
ss -antpl | grep 667
  • Open your web browser and access the Darkstat web interface using the URL http://Server_ip:667 as shown below
  • You can reload graphs automatically by clicking on and off buttons.
  • You’ll get a list of all hosts on the network that have attempted to reach the server by clicking on the hosts section

Manage Darkstat From CLI

  • To collect network statistics on the ens33 interface, you can use the -i flag as below.
darkstat -i ens33
  • Also to serve web pages on a specific port, include the -p flag like this.
darkstat -i ens33 -p 80
  • To keep an eye on network statistics for a given service, use the -f or filter flag. The filter will capture traffic concerned with SSH service.
darkstat -i ens33 -f "port 22"
  • To shutdown Darkstat, Send SIGTERM or SIGINT signal to the darkstat parent process.

1- Get the darkstat parent process ID (PPID) using the pidof command:

pidof darkstat

2- Then kill the process.

sudo kill -15 6352
sudo kill -SIGTERM 6352


In this guide, we showed you how to install and use Darkstat in Linux to capture network traffic over the HTTP.

Thank you.

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"
unixcop Admin


Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook