File: export-format.txt

package info (click to toggle)
darkstat 3.0.715-1
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 816 kB
  • sloc: ansic: 6,542; sh: 355; makefile: 172; php: 15
file content (53 lines) | stat: -rw-r--r-- 3,107 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
The darkstat export format was designed by Ben Stewart.
Note that all integers are stored in network order (big-endian).

FILE HEADER 0xDA314159                              darkstat export format
    SECTION HEADER 0xDA 'H' 'S' 0x01                hosts_db ver1
        HOST COUNT 0x00000001                       1 host follows
        For each host:
            HOST HEADER 'H' 'S' 'T' 0x03            host ver3
            ADDRESS FAMILY 0x04                     Either 4 or 6.
              IPv4 ADDR 0x0A010101                  IPv4 10.1.1.1
              or for 0x06:
              IPv6 ADDR 0x0000 0000 0000 0000 0000 0000 0000 0001
                                                    meaning IPv6 ::1
            MACADDR 0x001122334455                  00:11:22:33:44:55
            LASTSEEN 0x0000000048000123 (time_t)    2008-04-12 00:24:03 UTC
            HOSTNAME 0x09 "localhost"               9 is the string length
            IN 0x0000000000123456                   Bytes in: 1193046
            OUT 0x0000000000789ABC                  Bytes out: 7903932
            PROTOS DATA 'P'                         start ip proto data
                IP PROTO COUNT 0x03                 3 ip_proto entries
                IP PROTO 0x06                       tcp
                    IN 0x0000000000123456           Bytes in: 1193046
                    OUT 0x0000000000789ABC          Bytes out: 7903932
                IP PROTO 0x11                       udp
                    IN 0x0000000000000444           Bytes in: 1092
                    OUT 0x0000000000000555          Bytes out: 1365
                IP PROTO 0x01                       icmp
                    IN 0x0000000000000001           Bytes in: 1
                    OUT 0x0000000000000002          Bytes out: 2
            TCP DATA 'T'                            start tcp proto data
                TCP PROTO COUNT 0x0001              1 tcp_proto entry
                PORT 0x0050                         http (port 80)
                    SYN COUNT 0x0000000000000003    SYNs: 3
                    IN 0x0000000000000001           Bytes in: 1
                    OUT 0x0000000000000002          Bytes out: 2
            UDP DATA 'U'                            start udp proto data
                UDP PROTO COUNT 0x0001              1 udp_proto entry
                PORT 0x0045                         tftp (port 69)
                    IN 0x0000000000000001           Bytes in: 1
                    OUT 0x0000000000000002          Bytes out: 2
    SECTION HEADER 0xDA 'G' 'R' 0x01                graph_db ver1
        LAST_TIME (time_t as 64-bit uint)
        For each of 4 graphs: (60 seconds, 60 minutes, 24 hours, 31 days)
            8 bits - number of bars in this graph
            8 bits - index of last_time bar, in the range [0:n_bars)
            For each bar:
                64 bits - bytes in
                64 bits - bytes out

Host header version 1 is just version 2 without the lastseen time.

Host header version 2 is just version 3 without the address family
byte (or the possibility of an IPv6 address).