EtherApe –Graphical Network Monitoring

Hello readers, we are back again with a new release, Matriux Krypton at nullcontritiya,Goa 2012. Thank you for your support throughout these years that we are able to bring in the bigger and better security solutions. This version includes some great features with 300 powerful penetration testing and forensic tools. The UI is made more elegant and faster. Based on Debian Squeeze with a custom compiled kernel 2.3.39-krypton Matriux is the fastest distribution of its kind and runs easily on a p-IV with as low as 256MB RAM and just 6GB HDD. Included new tools like reaver-wps, androguard, apkinspector, ssh server and many more. Installer (MID) is made more easy this time.


Doesn’t it look cool? Go, ahead give a try and let us know what you think of the new version.
Now coming to this months’ article on EtherApe, which is an open source graphical network monitor for Unix systems. It displays the network activity graphically with host and link sizes shrink and grow accordance with the traffic activity. Protocols are color coded. Some features of EtherApe include:-
  •  Network view can be modified by applying filters
  •  Can read traffic from file along with the network
  •  A variety of protocols, packet types and frames are supported.
  •  Clicking on any link or node will provide additional information regarding the protocols and traffic information
  • Handles traffic on Ethernet, WLAN, VLAN plus several other media and encapsulation types
  • Output can be exported into a XML file supported from version 0.9.11
EtherApe can be found in Matriux Arsenal under Arsenal --> Reconnaissance -->EtherApe (root)


Or simply fire up EtherApe by typing EtherApe in terminal.
Note: Remember that EtherApe requires root permission to run, else you will get an error “No suitable Device found”.
To start monitoring the network select the network interface from the Menu Capture --> Interfaces.

This will start reading the network data from the interface selected and displays the network in graphical representation.


When you start EtherApe, you may or may not see traffic depending on whether there is traffic actively passing through your network. (Here I pinged Google and opened Matriux Forums in a browser to generate some network activity).
Also the data regarding this network activity can be viewed from Menu -->View --> Nodes/Protocol.

Showing the activity at the nodes.
 Showing the activity with respect to protocols, this data is useful in many ways to trouble shoot network or check for unwanted traffic etc.
Also clicking on any link/node in the network map will display the activity at that node/link.


 You can also configure EtherApe from the preferences in the menu.
 

Conclusion
 
EtherApe can also read a tcpdump file that will allow us to capture network traffic to a file and analyze that traffic later or in offline mode. Reason being, using EtherApe as root is not recommended to remotely monitor the network as you run a risk of transmitting the root information over the network. EtherApe is a great tool that can monitor the network and can be used for monitoring the network activity and their protocols. Go ahead and run EtherApe to see the visual beauty of the network ;)
Happy Hacking :)