Saturday, 1 August 2009

EtherApe - Network Analysis Tool

EtherApe is a helpful graphical real-time network connectivity monitoring tool that allows one to quickly see the open connections on the local network.

It supports a variety of devices, covering Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP. Hosts and links between hosts change in size with traffic, and protocols are coloured according to the type of protocol.

To install on an Ubuntu system use:

apt-get install etherape

And run it as a root user using Applications->Internet->EtherApe (as root)

To capture Wifi network activity, select Capture->Interfaces->wlan0

Below is an example of EtherApe running on my laptop:

There is a per-protocol network summary viewable from View->Protocols (tick to enable) or by clicking on the "Prot." button - it produces output as follows:

There a quite a few tweakables, e.g. changing colours, selecting in/out bound traffic and timing and scaling of nodes and links. Also there are some hot keys controls such as pressing Alt-I to view just IP traffic and Alt-T to view just TCP traffic.

One can double-click on a node on the graph and EtherApe will drill down and display a per-node network activity summary, for example:

All-in-all EtherApe is useful little tool that can help one to check quickly on what kind of traffic is on one's network and to see where all the packets are going. Not bad at all!

No comments:

Post a Comment