Ethereal-users: Re: [Ethereal-users] Top 10 users and other Sniffer reports from Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Baribault, Gary" <gary@xxxxxxxxxxxxx>
Date: Wed, 03 Apr 2002 21:44:47 -0500
Great!!!! Thanks a bunch, OpenSource wins again, there's 9K I can put into Linux training rather than giving it to NAI! 

Gary Baribault


At 06:26 PM 4/3/2002 -0800, you wrote:

On Wed, Apr 03, 2002 at 09:14:02PM -0500, Gary Baribault wrote:
> I was wondering if there is a package available that would produce > Sniffer like reports from Ethereal Capture files. For those of you that are 
> familiar with Sniffer you will recognize what I'm looking for, for the
> others of you, I'm looking for a report/Graph that would identify the top
> protocols, talkers or users on a link. Ideally this would produce HTML/JPG
> pages of this information.

Ethereal capture files are the same as tcpdump capture files, so
anything that can read tcpdump capture files should do.

One possibility is EtherApe:

        http://etherape.sourceforge.net/

The introduction at

        http://etherape.sourceforge.net/introduction.html

says:

        At the present time, EtherApe has enough functionality to be
        useful, but it's far from complete.  It's still beta software,
        and new features and bug fixes are being added all the time.
        Here is the list of features, current as of version 0.4.3, in no
        particular order:

           o Network trafic is displayed graphically.  The more "talkative"
             a node is, the bigger its representation.
           o Node and link color shows the most used protocol.
           o User may select what level of the protocol stack to
             concentrate on.
           o You may either look at traffic within your network, end to end
              IP, or even port to port TCP.
           o Data can be captured "off the wire" from a live network
             connection, or read from a tcpdump capture file.
           o Live data can be read from ethernet, FDDI, PPP and SLIP
             interfaces.
           o The following frame and packet types are currently supported:
             ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK, AARP,
             IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP,
             PUP, UDP, IDP, TP, IPV6, ROUTING, RSVP, GRE, ESP, AH, ICMPV6,
             EON, VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP
             and UDP services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS,
             IRC, DOMAIN, SNMP, etc.
           o Data display can be refined using a network filter.

so it might do.

Binary packages are available for Debian and Red Hat; it will probably
compile on at least some other flavors of UNIX, if you have GTK+ and
GNOME.  It probably won't work on Windows....

It might also be possible to get ntop to do the job:

        http://www.ntop.org/ntop.html

and it does work on Windows.