This article needs additional citations for verification. (October 2021)
|Developer(s)||Riccardo Ghetta, Juan Toledo|
|Initial release||February 17, 2000|
0.9.20 / May 16, 2021
|Operating system||Linux and Unix-like|
|License||GNU General Public License|
Network traffic is displayed using a graphical interface. Each node represents a specific host. Links represent connections to hosts. Nodes and links are color-coded to represent different protocols forming the various types of traffic on the network. Individual nodes and their connecting links grow and shrink in size with increases and decreases in network traffic.
Originally authored by Juan Toledo, the first version of EtherApe (version 0.0.1) was released on February 18, 2000. In a 2006 survey, Insecure.org named EtherApe number 43 on its list of the "Top 100 Network Security Tools".
Some of the features listed about EtherApe include (the following list refers to version 0.9.20 of EtherApe):
- graphical network traffic display
- color-coded node and links for most used protocols
- optional background image
- traffic may be viewed on one's own network, end to end (IP) or port to port (TCP)
- a variety of frame and packet types are supported
- data view can be manipulated using a network filter
- clicking a node or link provides additional information regarding including protocol and traffic information
- summary protocol and node table
- can read traffic from a file or an actual network
- handles traffic on Ethernet, WLAN, VLAN plus several other media and encapsulation types
- supports both IPv4 and IPv6
- XML export of node, link and traffic statistics
- "central node ring" mode.
- "column" mode.
- optional name resolving using c-ares library
- packet capture and display run on different processes
EtherApe requires root privileges to capture packets (but not to replay captured files). Starting with release 0.9.15 capturing is delegated to a separate process, while the main interface can run with lower privileges, significantly reducing the risk associated with capturing packets from untrusted sources (e.g. Internet).
- Comparison of packet analyzers
- tcpdump, a packet analyzer
- Ngrep, a tool that can match regular expressions within the network packet payloads
- netsniff-ng, a free Linux networking toolkit
- Wireshark, a GUI based alternative to tcpdump
- dsniff, a packet sniffer and set of traffic analysis tools