Pktstat: Open-source ethernet interface traffic monitor

Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture.

pktstat

Pktstat is a versatile tool that doesn’t rely on advanced or recent Linux kernel features. It’s designed to be cross-compatible with various Unix platforms, including Darwin, by defaulting to generic PCAP for non-Linux systems.

Upon execution, Pktstat provides comprehensive per-IP and per-protocol (IPv4, IPv6, TCP, UDP, ICMPv4 and ICMPv6) statistics. These are sorted by per-connection bps, packets, and (source-IP:port, destination-IP:port) tuples, offering a detailed view of network traffic.

“While I’ve initially written a Gopacket based tool for maximum compatibility even with older systems with non-current Linux kernels, I’ve eventually couldn’t resist, and I’ve rewritten the first version to a pure Golang with Linux eBPF module for maximum performance without the loss of information that commonly happens on high-traffic generic packet capture,” Dinko Korunic, the creator of the tool, told Help Net Security.

“The first version initially used only TC (Traffic Control) hooks, but I later added XDP (eXpress Data Path) hooks, too, so that maximum performance (on-NIC offloaded wire-speed analysis) is possible,” Korunic concluded.

Future plans and download

Pktstat is pretty much as small and as performant as it needs to be—but as always, the community comes first, and if there are any requests, I’ll be happy to implement them,” Korunic concluded.

Pktstat is available for free on GitHub.

Must read:

Don't miss