Saturday, September 15, 2007

EtherApe - graphical network activity monitoring tool

There are times we need to monitor and analyze ongoing network traffic that passes from our current network and display it graphically in real-time mode from our GNOME desktop.

Here's another network activity monitoring tool available from Linux that can display current network connectivity links, traffic broadcast and network activities displayed in graphical mode using varying feature of colors, circle shapes, graphical link width and sizes from source to target traffic hosts.

Etherape is GNOME bases network monitong linux application that uses colors, link sizes and width on displaying network activity from source host to target host within a network. Etherape was created and modeled after etherman, another network monitoring linux tool.

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

At the present time, EtherApe has enough functionality to be useful, but it's far from complete. It's still beta software, and new features and bug fixes are being added all the time. Here is the list of features, current as of version 0.9.5, in no particular order:

* Network traffic is displayed graphically. The more "talkative" a node is, the bigger its representation.
* Node and link color shows the most used protocol.
* User may select what level of the protocol stack to concentrate on.
* You may either look at traffic within your network, end to end IP, or even port to port TCP.
* Data can be captured "off the wire" from a live network connection, or read from a tcpdump capture file.
* Live data can be read from ethernet, FDDI, PPP and SLIP interfaces.
* The following frame and packet types are currently supported: ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK, AARP, IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP, PUP, UDP, IDP, TP, IPV6, ROUTING, RSVP, GRE, ESP, AH, ICMPV6, EON, VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP and UDP services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS, IRC, DOMAIN, SNMP, etc.
* Data display can be refined using a network filter.
* Display averaging and node persistence times are fully configurable.
* Name resolution is done using standard libc functions, thus supporting DNS, hosts file, etc.
* Clicking on a node/link opens a detail dialog showing protocol breakdown and other traffic statistics.
* Protocol summary dialog shows global traffic statistics by protocol.
* Scrollkeeper-compatible manual.


Etherape is available from Fedora 7 yum repos. Etherape network activity monitoring tool can be installed using yum as follows

# yum -y install etherape


Ctrl+F2, etherape



Monitoring network traffic and hosts gives us better opportunity to further study and analyze several network issues, that maybe unknown to us, such as most broadcasting host, most busiest network host, source and target hosts of current network congestion, network activities of current time of the day and more. These network usage data gathering can lead us to further isolation of solving network congestion and latency issues. Furthermore, keeping records of these network statistics leads us to a deeper strategical network capacity planning, faster host traffic source and target isolation that probably cause network congestion and internal latency issues. Better to have these network activity monitoring tool that can be handy when needed.


Sign up for PayPal and start accepting credit card payments instantly.
ILoveTux - howtos and news | About | Contact | TOS | Policy