1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
.TH etherape 1 "EtherApe Manual Page" ""
.SH NAME
etherape \- graphical network traffic browser
.SH SYNOPSIS
.B etherape
[
.B -d
] [
.B -f
filter ] [
.B --final-export
outfile ] [
.B --glade-file
interfacefile ] [
.B -i
interface ] [
.B -l
maxnodes ] [
.B -m
operating mode ] [
.B --max-delay
delay ] [
.B --min-delay
delay ] [
.B -n
] [
.B -P
column file
] [
.B -q
] [
.B -r
inputfile ] [
.B -s
] [
.B --signal-export
outfile ] [
.B -Z
user ]
.SH DESCRIPTION
.PP
.B EtherApe
is a network traffic browser. It displays network activity
graphically. It uses GNOME libraries as its user interface, and
libpcap, a packet capture and filtering library.
.SH OPTIONS
.PP
These options can be supplied to the command:
.TP
.BR "-d, --diagram-only"
don't display any node text identification
.TP
.BR "-f, --filter " "<capture filter>"
set capture filter
.TP
.BR "--final-export " "<export file name>"
when replaying, export to named file at end of replay
.TP
.BR "--glade-file " "<filename>"
loads interface definitions from the specified GtkBuilder file instead of the default one.
.TP
.BR "-i, --interface " "<interface name>"
set interface to listen to
.TP
.BR "-l, --node-limit " "<number>"
sets the maximum number of node visible
.TP
.BR "-m, --mode " "<link|ip|tcp>"
set mode of operation (default is ip)
.TP
.BR "--max-delay " "<delay in ms>"
caps timestamps to the provided delay when replaying a capture file.
.TP
.BR "--min-delay " "<delay in ms>"
provides a minimum to inter-packet delay when replaying a capture
file.
.TP
.BR "-n, --numeric"
don't convert addresses to names, disables name resolution.
.TP
.BR "-P, --position" "file with list of nodes and columns"
Activate column positioning with the named file.
Manually position nodes in virtual columns using the named file content.
See
.B Column Positioning.
.TP
.BR "-q"
disables informational messages.
.TP
.BR "-r, --replay-file " "<file name>"
sets input file to replay
.TP
.BR "-s"
Place nodes using an alternate algorithm.
.B
Deprecated.
.TP
.BR "--signal-export " "<export file name>"
if specified, enables signal USR1 handling. On receiving USR1, EtherApe will
dump its state to the named XML file.
Beware! the file will be overwritten without asking!
.TP
.BR "-Z, --relinquish-privileges <user>"
run everything but privileged packet-capture operations under the user
ID and group ID of the given user.
.TP
.BR "-?, --help"
show a brief help message
.SH COLUMN POSITIONING
.PP
With option
.B -P|--position
EtherApe reads a file specifying positions of some nodes. The input file takes the format of:
node.mydomain.com 1
router1.mydomain.com 2
router2.mydomain.com 2
172.16.2.[0-9]* 1
.*.mydomain.com 1
ff02:.* 2
fe80:.* 1
.PP
The first column is a regex of either the FQDN or the IP address.
.PP
The second column is a number indicating the "column" that the node will be
positioned in the display with column 1 being on the far left. Up to 1000
columns are permitted.
.PP
Instead of being arranged in a circle the nodes are displayed in columns.
This is quite useful for arranging nodes so that you can see nodes on the
"inside" of your network on the left and the public internet nodes (anything
not specified in the config file) on the right.
.PP
The input file above will cause 3 columns to display.
Nodes with FQDN containing mydomain.com, those in the 172.16.2.0/24 subnet,
and link local IPv6 addresses will be in the left column.
2 "routers", and IPv6 multicast will be in the center column and everything
else will be in the right column.
.PP
Column locations are determined by the first match while searching from the
top of the input.
Overlapping regex's can be used with the understanding that the first match
will determine the location.
The broadest regex's should be near the bottom of the position specification.
.SH SIGNALS
.TP
.BR "USR1"
on receipt of signal USR1, and if enabled with --signal-export, EtherApe will
dump its state to the chosen xml file.
Beware! the file will be overwritten without asking!
.SH ENVIRONMENT VARIABLES
.TP
.BR "APE_DEBUG=" "normal|info|debug"
controls debug output verbosity. Debug information are printed on
standard output.
.SH FILES
Etherape will use
.I /etc/ethers
if there is one to convert MAC addresses to names and
.I /etc/services
to associate TCP/UDP port numbers to protocol names.
.SH SEE ALSO
.PP
The EtherApe webpage at
.UR
http://etherape.sourceforge.io/
.SH AUTHORS
Juan Toledo <toledo@users.sourceforge.net>
.PP
Riccardo Ghetta <bchiara@users.sourceforge.net>
|
