Pktstat: Open-source ethernet interface traffic monitor
Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET
, while on other platforms, it employs generic PCAP live wire capture.
Pktstat is a versatile tool that doesn’t rely on advanced or recent Linux kernel features. It’s designed to be cross-compatible with various Unix platforms, including Darwin, by defaulting to generic PCAP for non-Linux systems.
Upon execution, Pktstat provides comprehensive per-IP and per-protocol (IPv4, IPv6, TCP, UDP, ICMPv4 and ICMPv6) statistics. These are sorted by per-connection bps, packets, and (source-IP:port, destination-IP:port) tuples, offering a detailed view of network traffic.
“While I’ve initially written a Gopacket based tool for maximum compatibility even with older systems with non-current Linux kernels, I’ve eventually couldn’t resist, and I’ve rewritten the first version to a pure Golang with Linux eBPF module for maximum performance without the loss of information that commonly happens on high-traffic generic packet capture,” Dinko Korunic, the creator of the tool, told Help Net Security.
“The first version initially used only TC (Traffic Control) hooks, but I later added XDP (eXpress Data Path) hooks, too, so that maximum performance (on-NIC offloaded wire-speed analysis) is possible,” Korunic concluded.
Future plans and download
Pktstat is pretty much as small and as performant as it needs to be—but as always, the community comes first, and if there are any requests, I’ll be happy to implement them,” Korunic concluded.
Pktstat is available for free on GitHub.
Must read:
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time