A graphical network monitor
EtherApe logo Hosted at Sourceforge
Screen Shots


Binary Packages
Source Code


Mailing Lists
Public Forums
Bug Reporting


Project Page
Bug Tracking
Mercurial repo
 Mini Screen Shot


EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown, and can read packets from a file as well as live from the network.
Node statistics can be exported.

Overview of changes in EtherApe 0.9.15 (Friday February 10, 2017):

Big thanks to Zev Weiss, who did almost all the work for this release (Release delays are entirely mine, however).

Central node ring setting now accepts multiple node specifiers (separated by any combination of spaces and/or commas), and also now understands glob syntax, so you can put for example, *.mydomain.tld, somehost.otherdomain.tld

and it will do what you'd expect.

There is now a compile-time configure option ('--with-c-ares', disabled by default) to enable DNS resolution via the c-ares library, supplanting EtherApe's built-in multithreaded gethostbyaddr(3)-based resolver. This is a fully non-blocking DNS library and thus has potential for better performance while using only a single background resolver thread, but also means that name-lookup is strictly DNS-based, and will thus not take /etc/hosts, NIS, or other name services into account.

There is a slightly backwards-incompatible change in the syntax of the node-position file used with the '-P' flag added in release 0.9.14. It now uses the same CIDR notation plus hostname-globbing syntax used by the central node ring setting (instead of POSIX regular expressions). This provides simpler and more consistent syntax with essentially the same real-world utility, but may require some small changes to existing node-position files.
Some examples:

old (regex)   new (CIDR+glob)
.*   *
fe80:.*   fe80::/16

Additionally, each line of the node-position file may now include multiple such node-matching patterns (separated by spaces and/or commas as with the central node ring setting), so a single line might look like:

*, 3

(to put all nodes matching the given domain or CIDR range into column 3).

As a security feature (privilege separation), packet-capture operations are now isolated in a separate background process. The new '-Z' flag can be used to specify a user to run the main (foreground) process as.

Changes summary:

  • New option to use c-ares for DNS resolution.
  • Multiple node/subnets and glob syntax now supported for central node ring.
  • Node-matching syntax for '-P' flag's file now uses CIDR notation and hostname-globbing instead of regexes.
  • Multiple patterns can now be given on a single line of the node-position ('-P') file.
  • The columnar-layout ('-P') code has been changed to re-adjust the spacing of nodes within a column when the number of nodes decreases.
  • The 10-column limit has also been removed.
  • The background-image feature introduced in 0.
  • 9.14 can now be turned off via a preference check-box.
  • The background of the protocol legend is now black so that lighter colors (e.
  • g. yellow) are more readable.
  • There is now an option to display packet-capture statistics from libpcap in the main window (hover the mouse over them for an explanation in the status bar).
  • The show/hide state of the toolbar, protocol legend, and status bar are now preserved along with other preferences in the user's config file.
  • New '-Z' flag (or '--relinquish-privileges') can be used to run most processing as an unprivileged user.

As usual, and thanks to OpenSuse Build Service, prebuilt rpms are available for:

  • Arch Linux
  • Mageia 5
  • CentOS 6 and 7
  • Fedora 21, 22, 23 and 24
  • ScientificLinux 6 and 7
  • OpenSUSE 13.2, Leap 42.1/42.2 and Tumbleweed/Factory. Experimental RPMS for ARM and PPC.


Welcome Zev Weiss as a new developer (Friday March 4, 2016)

Zev Weiss in the past months has contributed several quality patches.
It's a pleasure to announce he is now a full committer for EtherApe.


Overview of changes in EtherApe 0.9.14 (Saturday February 06, 2016):

EtherApe now users the system /etc/services file instead of its own.
While this change make some customizations a bit harder, it guarantees an up-to-date services file.
Note to packagers: /etc/etherape is not needed anymore.

Central node option now undestands CIDR notation, allowing for a central ring of nodes, thanks to Zev Weiss.

Static background image, courtesy of Glenn Feunteun.

Nodes can be optionally arranged as columns, thanks to David Goldfarb.

Changes summary:

  • autoconf updated to 2.69
  • fixed incorrect WLAN control frames decoding
  • fix UTF-8 encoding of several files, thanks to StrPt.
  • read system services file instead of EtherApe one, thanks to Zev Weiss.
  • fix race condition on exit, thanks to Zev Weiss
  • central ring option, thanks to Zev Weiss
  • tweaks to preference windows to better work with tiling managers, thanks to Zev Weiss.
  • static background image (Glenn Feunteun)
  • arrange nodes in 'columns' (David Goldfarb)

As usual, and thanks to OpenSuse Build Service, EtherApe rpms are available for:

  • Mageia 5
  • CentOS 5,6 and 7
  • Fedora 21,22 and 23
  • RHEL 5
  • ScientificLinux 6 and 7
  • OpenSUSE 13.2 and Tumbleweed/Factory
  • SLE 11


All the news...

Riccardo Ghetta, Juan Toledo