1 The darkstat export format was designed by Ben Stewart.
2 Note that all integers are stored in network order (big-endian).
4 FILE HEADER 0xDA314159 darkstat export format
5 SECTION HEADER 0xDA 'H' 'S' 0x01 hosts_db ver1
6 HOST COUNT 0x00000001 1 host follows
8 HOST HEADER 'H' 'S' 'T' 0x04 host ver4
9 ADDRESS FAMILY 0x04 Either 4 or 6.
10 IPv4 ADDR 0x0A010101 IPv4 10.1.1.1
12 IPv6 ADDR 0x0000 0000 0000 0000 0000 0000 0000 0001
14 LASTSEEN 0x0000 0000 4800 0123 64-bit time_t meaning:
15 2008-04-12 00:24:03 UTC
16 MACADDR 0x001122334455 00:11:22:33:44:55
17 HOSTNAME 0x09 "localhost" 9 is the string length
18 IN 0x0000000000123456 Bytes in: 1193046
19 OUT 0x0000000000789ABC Bytes out: 7903932
20 PROTOS DATA 'P' start ip proto data
21 IP PROTO COUNT 0x03 3 ip_proto entries
23 IN 0x0000000000123456 Bytes in: 1193046
24 OUT 0x0000000000789ABC Bytes out: 7903932
26 IN 0x0000000000000444 Bytes in: 1092
27 OUT 0x0000000000000555 Bytes out: 1365
29 IN 0x0000000000000001 Bytes in: 1
30 OUT 0x0000000000000002 Bytes out: 2
31 TCP DATA 'T' start tcp proto data
32 TCP PROTO COUNT 0x0001 1 tcp_proto entry
33 PORT 0x0050 http (port 80)
34 SYN COUNT 0x0000000000000003 SYNs: 3
35 IN 0x0000000000000001 Bytes in: 1
36 OUT 0x0000000000000002 Bytes out: 2
37 UDP DATA 'U' start udp proto data
38 UDP PROTO COUNT 0x0001 1 udp_proto entry
39 PORT 0x0045 tftp (port 69)
40 IN 0x0000000000000001 Bytes in: 1
41 OUT 0x0000000000000002 Bytes out: 2
42 REMOTE TCP DATA 't' (as above)
43 REMOTE UDP DATA 'u' (as above)
44 SECTION HEADER 0xDA 'G' 'R' 0x01 graph_db ver1
45 LAST_TIME (time_t as 64-bit uint)
46 For each of 4 graphs: (60 seconds, 60 minutes, 24 hours, 31 days)
47 8 bits - number of bars in this graph
48 8 bits - index of last_time bar, in the range [0:n_bars)
53 Host header version 1 is just version 2 without the lastseen time.
55 Host header version 2 is just version 3 without the address family
56 byte (or the possibility of an IPv6 address).
58 Host header version 3 is just version 4 without the remote TCP and UDP ports.