One of the most exciting ways that as administrators or users of a system we have is to be able to graphically see what happens with our system in any aspect (memory, disks, space, network, etc.) and to help us with that task we have EtherApe.
EtherApe is an interface that allows us to monitor the state of our network graphically and lets us see the status of IP and TCP protocols in real time.
EtherApe has a range of colors to represent the various protocols and is also compatible with Ethernet, WLAN devices, ISDN and different packet encapsulation formats.
- The network traffic is displayed graphically.
- We can see network traffic both internally and externally or between TCP ports.
- The colors represent the most used protocols at the moment.
- We can select which protocols to visualize.
- The data to be represented can be captured directly or using a tcpdump file.
- It supports various types of packages such as VLAN, IP, IPv6, UDP, TCP, NetBIOS, DOMAIN, FTP, HTTP, SNMP, TELNET, among others.
- Etherape has the dialog summary option which shows us the global traffic statistics of a protocol.
- The results can be exported to XML files.
- We can organize the nodes in columns, among other characteristics.
How to install EtherApe on Ubuntu 16.04
To install EtherApe on our computer, we must execute the following commands:
sudo apt-get update sudo apt-get install etherape
How to use etherape in Ubuntu 16.04
Once all the packages have been downloaded and installed, we will proceed with the EtherApe startup using the following command:
We can see the EtherApe environment in action:
As we can notice each protocol has its respective color so that we can identify them in the EtherApe tool.
If we display the menu see and choose Protocols we can notice each protocol with its respective color.
If we open the Capture menu and choose the option that we want to visualize, we can select the IP protocol or the TCP and in the same way select the desired interface (eth, any, etc.).
At the top we can select the icon:
To be able to visualize the addresses to which we have connected.
How to Read tcpdump files in etherape
As mentioned earlier, EtherApe can read tcpdump files, for this, we can execute the following command in the Ubuntu terminal:
sudo tcpdump -n -w dump_file
We can see that it starts the file creation process taking the parameters of the computer network.
If we wish we can stop the creation process by combining the keys: Ctrl + C
Once the file is created, we can open it and see the packages in real time during the tcpdump process.
If for some reason we want to manage a remote server we can use the following command, remember that we must have root privileges in the nonsense:
ssh remote server_ip -l root /usr/sbin/tcpdump -n -w | /usr/sbin/etherape -m ip -r
There the System will request the root password, and once it is correctly entered, we can start the process with EtherApe.
As we have seen EtherApe is simple to use and allows us to validate in real time all the protocols that we are using in the network, both outgoing and incoming, and from there to be able to execute a detailed analysis of the behavior of the same and to keep an optimal functioning of she.