EtherApe FAQ * Why I see only the traffic to/from the EtherApe machine ? Probably you have a switched network. Unless all traffic goes thru the etherape machine (or you have an hub), etherape sees local traffic. Etherape can "see" only the traffic physically passing on the netcard wire. Many small network use hubs to connect computers, so every packet is physically transmitted to every netcard. A larger network use combinations of switches and routers, sometimes even firewalls to connect nodes, so your network card receives only its own traffic or broadcast. To monitor an entire network you can enable analisys/roving mode on your switch (essentially copies all traffic to a single port). If you have multiple switches, or routers, or the total bandwith exceeds the port maximum, you still will see only part of the traffic. If you only want to monitor internet traffic, a better solution is to place etherape on the (internal) internet gateway. * How can I see the detail dialogs ? Double click on a node or link opens the corrisponding dialog. * Why is one computer constantly changing names? You are running in ethernet mode. Switch to IP mode. * Why can I only see computers on my own network? See question above * I can't see any text, just little squares. What gives? Go to preferences and change the text font. Make sure you save your changes * Is it possible to see just traffic within my network? Is it possible to see just traffic to/from the internet? You can indeed filter traffic. Have a look at the filter entry in preferences->capture->filter Suppose your network address starts with 213.227 If you only want to see traffic within your network, then the proper syntax is ip and src net 213.227 and dst net 213.227 Or if you want to see connections to/from outside your network then try something like ip and ((not src net 213.227) and dst net 213.227) or (src net 213.227 and (not dst net 213.227)) * What's the format for /etc/ethers? Just pairs of Ethernet addresses and names, like 00:40:33:35:80:5F LAZARO 00:40:33:35:80:6D NEBAJ 00:C0:26:A2:58:FE ARGOS * How do I find the ether address of an IP node? Here is an example: argos:~# ping lazaro PING lazaro.tattoine.es (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=1.8 ms round-trip min/avg/max = 1.6/1.7/1.8 ms argos:~# arp lazaro Address HWtype HWaddress Iface lazaro.tattoine.es ether 00:40:33:35:80:5F eth0 Of course, you can only do this for nodes in your network. * How do I find the IP corresponding to an ether address? You could, for instance, use argos:~# tcpdump -f "ether src 00:40:33:35:80:5F" -n tcpdump: listening on eth0 10:34:11.116930 192.168.1.1.7002 > 192.168.1.2.1031: P 76753564:76753576(12) There you have it, the IP src is 192.168.1.1 * Hosts keep moving because they come and go... What can I do? Set node timeout to 0. __________________________________________________________________ $Id$ [1]sourceforge References 1. http://sourceforge.net/