Change log for EtherApe
Overview of changes in EtherApe 0.9.15 (Friday February 10, 2017):
Big thanks to Zev Weiss, who did almost all the work for this release (Release delays are entirely mine, however).
Central node ring setting now accepts multiple node specifiers
(separated by any combination of spaces and/or commas), and also
now understands glob syntax, so you can put for example
10.0.0.0/24, *.mydomain.tld, somehost.otherdomain.tld
and it will do what you'd expect.
There is now a compile-time configure option ('--with-c-ares',
disabled by default) to enable DNS resolution via the c-ares
library, supplanting EtherApe's built-in multithreaded
gethostbyaddr(3)-based resolver. This is a fully non-blocking DNS
library and thus has potential for better performance while using
only a single background resolver thread, but also means that
name-lookup is strictly DNS-based, and will thus not take
/etc/hosts, NIS, or other name services into account.
There is a slightly backwards-incompatible change in the syntax of
the node-position file used with the '-P' flag added in release
0.9.14. It now uses the same CIDR notation plus hostname-globbing
syntax used by the central node ring setting (instead of POSIX
regular expressions). This provides simpler and more consistent
syntax with essentially the same real-world utility, but may
require some small changes to existing node-position files.
|old (regex) || ||new (CIDR+glob)|
|172.16.2.[0-9]* || ||172.16.2.0/24|
|.*.mydomain.com || ||*.mydomain.com|
|fe80:.* || ||fe80::/16|
Additionally, each line of the node-position file may now include
multiple such node-matching patterns (separated by spaces and/or
commas as with the central node ring setting), so a single line
might look like:
*.mydomain.com, 10.0.0.0/24 3
(to put all nodes matching the given domain or CIDR range into
As a security feature (privilege separation), packet-capture
operations are now isolated in a separate background process. The
new '-Z' flag can be used to specify a user to run the main
(foreground) process as.
- New option to use c-ares for DNS resolution.
- Multiple node/subnets and glob syntax now supported for central
- Node-matching syntax for '-P' flag's file now uses CIDR
notation and hostname-globbing instead of regexes.
- Multiple patterns can now be given on a single line of the
node-position ('-P') file.
- The columnar-layout ('-P') code has been changed to re-adjust
the spacing of nodes within a column when the number of nodes
decreases. The 10-column limit has also been removed.
- The background-image feature introduced in 0.9.14 can now be
turned off via a preference check-box.
- The background of the protocol legend is now black so that
lighter colors (e.g. yellow) are more readable.
- There is now an option to display packet-capture statistics
from libpcap in the main window (hover the mouse over them for
an explanation in the status bar).
- The show/hide state of the toolbar, protocol legend, and status
bar are now preserved along with other preferences in the
user's config file.
- New '-Z' flag (or '--relinquish-privileges') can be used to run
most processing as an unprivileged user.
As usual, and thanks to OpenSuse Build Service, prebuilt rpms are available
- Mageia 5
- CentOS 6 and 7
- Fedora 21, 22, 23 and 24
- ScientificLinux 6 and 7
- OpenSUSE Leap 42.1/42.2 and Tumbleweed/Factory. Experimental RPMS for ARM and PPC.
Overview of changes in EtherApe 0.9.14 (Saturday February 06, 2016):
EtherApe now users the system /etc/services file instead of its own.
While this change make some customizations a bit harder, it guarantees an
up-to-date services file.
Note to packagers: /etc/etherape is not needed anymore.
Central node option now undestands CIDR notation, allowing for a central
ring of nodes, thanks to Zev Weiss.
Static background image, courtesy of Glenn Feunteun.
Nodes can be optionally arranged as columns, thanks to David Goldfarb.
- autoconf updated to 2.69
- fixed incorrect WLAN control frames decoding
- fix UTF-8 encoding of several files, thanks to StrPt.
- read system services file instead of EtherApe one, thanks to Zev Weiss.
- fix race condition on exit, thanks to Zev Weiss
- central ring option, thanks to Zev Weiss
- tweaks to preference windows to better work with tiling managers,
thanks to Zev Weiss.
- static background image (Glenn Feunteun)
- arrange nodes in 'columns' (David Goldfarb)
As usual, and thanks to OpenSuse Build Service, EtherApe rpms are available
- Mageia 5
- CentOS 5,6 and 7
- Fedora 21,22 and 23
- RHEL 5
- ScientificLinux 6 and 7
- OpenSUSE 13.2 and Tumbleweed/Factory
- SLE 11
Overview of changes in EtherApe 0.9.13 (Sunday May 05, 2013):
Central node option, useful for displaying routers or proxies.
Translations and documentation updates, plus some fixes.
- Optional central node, based on work of Javier Fernandez-Sanguino
- re-enabled full-screen mode, thanks to nrvale0
- Updated spanish translation, thanks to Javier Fernandez-Sanguino
- Added German translation, and fixed typos, thanks to Chris Leick.
- Updated documentation.
Overview of changes in EtherApe 0.9.12 (Tuesday May 31, 2011):
This is a bugfix release.
Shortly after releasing 0.9.11, David Goldfarb discovered a critical bug in EtherApe,
triggered by RPC traffic.
This bug can be exploited to crash EtherApe by sending a suitable packet.
No packet data is used beyond the IP addresses, however, making further escalation unlikely.
This bug has been assigned CVE number CVE-2011-3369
- fixed bug 3309061, thanks to David Goldfarb.
Overview of changes in EtherApe 0.9.11 (Friday May 27, 2011):
Several users asked for a way to export traffic statistics.
EtherApe now can save a snapshot with all known nodes and relevant
informations to an XML file.
With option --final-export, a dump is
automatically generated when a capture file is fully replayed.
Additionally, option --signal-export enables SIGUSR1 handling, to
dump on signal.
EtherApe used to have two links for connection, one for each traffic
direction. With this release, only one link is needed, gaining more
complete statistics and better resource usage.
EtherApe config file is now ~/.config/etherape, instead of the older,
deprecated, ~/.gnome2/Etherape. Migration is automatic.
Filter expression is now saved.
Thanks to OpenSUSE Build Service and a new spec file, development rpms can
easily be built for OpenSUSE 11.x/Tumbleweed, SLE11, Centos5/RHEL5, Fedora and
The spec file is somewhat generic, lacking the nicer integrations of
official distribution packages, so you are advised to build with EtherApe
spec file only as a last resort.
OSX compatibility improved, thanks to Zack Perry.
The old, deprecated, direct resolver was removed. Name resolution is now
only done with the full fledged threaded resolver.
- XML export of node statistics
- added --final-export to export statistics at replay end
- added --signal-export to export statistics on SIGUSR1 (FR 3185920)
- improved link statistics
- added a toolbar button to open the nodes window
- a new button allows skipping lengthy pauses when replaying
- fixed a long-standing bug affecting expiry timeouts. EtherApe was
overestimating traffic averages
- used stock icons when possible to improve consistency with themes
- EtherApe now builds natively on CENTOS5/RHEL5
- rewrote spec file for use with OpenSUSE Build Service
- updated documentation
- removed several (harmless) compiler warnings to make packager's life
- imported debian-specific patches and a swedish translation by Daniel
- workaround for OSX troubles with gtk_input_add. Thanks to Zack Perry
persistence for helping diagnose and fix
- removed obsolete preference "cycle assigned colors"
- removed deprecated direct resolver
- config file now saved to ~/.config/etherape
- filter expression is now saved with the other preferences
- italian translation
- link and node sizes now computed with the same variable types
- new size variables: active packets, total packets, average packet size
EtherApe 0.9.10 RPM packages now available (Friday Feb 25, 2011):
Thanks to OpenSUSE Build Service, prebuilt RPM packages for major distributions are now ready for download.
On SourceForge download section you'll find i586 and x86_64 RPMs for:
- OpenSUSE 11.4 (suse1140)
- OpenSUSE 11.3 (suse1130)
- SUSE Enterprise 11 (sles11)
- SUSE Enterprise 11 sp1 (sles11sp1)
- Red Hat Enterprise 5 (rhel505)
- CENTOS 5 (centos505)
- Mandriva 2010.0 (mdv2010.0)
- Mandriva 2010.1 (mdv2010.1)
plus an RPM source package.
Those packages are somewhat generic, lacking the fancy touches of official distribution packages, like pam integration, automatic root password request, and so on.
Debian, OpenSUSE, Mandriva cooker and others have already official builds of EtherApe 0.9.10. If available, you should use your distribution package.
Overview of changes in EtherApe 0.9.10 (Sunday Feb 06, 2011):
The most notable change is IPV6 support, thanks to David Flamand.
EtherApe now computes average packet size, to better estimate network
The new option --min-delay allows slow-motion replay of a capture file.
In 0.9.9 relnotes I forgot to mention a fix from Sotiris Sotiropoulos.
Many apologies for the mistake.
Note: the old non-threaded name resolver is deprecated and will be
removed on the next release.
If you really need it, speak up *now*.
Works only with IPV4 addresses, anyway.
Important: CVS repository closed
Effective from today, EtherApe CVS is no longer accessible. Please refer
to the Mercurial repository.
- IPV6 support, thanks to David Flamand.
- new statistic: average packet size.
- added option --min-delay, to complement --max-delay when
replaying from file. With this option you can replay a capture
- tweaked default service file, adding some common ports.
- added check for invalid proto-color mappings (debian bug 566226).
- removed bogus double assignement. Thanks to "johndoe123321".
Overview of changes in EtherApe 0.9.9 (Monday Jan 04, 2010):
The most interesting change of this release is *basic* 802.11 WLAN support.
WLAN is one of the most complex protocols around ('crazy' sometimes seems a
better description) and there's no way to support it completely without a
dedicated display mode.
As an example, a single WLAN packet could contain up to four (4) addresses,
source and destination, plus AP interchange. Showing the exact packet route
could be interesting for someone trying to understand WLANs, but not very
useful to monitor application traffic.
So EtherApe tries to treat APs like routers, ignoring them if not directly
addressed. Thus a packet starting from node X and ending with node Y will be
shown as a straight link between the two nodes, even if the real path was
X-AP and AP-Y.
The other notable improvement is 802.1Q VLAN tagging support. VLAN tags are
decoded but ignored, showing all traffic as being in a normal LAN.
Filtering a single vlan could be accomplished with pcap expressions.
Due to pcap limitations, to correctly filter VLAN traffic the pcap filter
must start with the keyword "vlan" (e.g. vlan and ip) and *all* traffic must
All data-link level modes (Ethernet, FDDI, etc) are now unified in a single
Link Layer mode, with automated detection (thanks to libpcap).
Note to packagers: EtherApe now uses gnome-doc-utils. Manual should
appear in yelp under 'Internet'.
Important: this release will be the last mirrored on the CVS repository, wich
will be shut down as of march 2010.
- wlan and wlan/radiotap protocol decoding.
- wlan QOS support.
- PPI (Per Packet Incapsulation) decoding.
- basic 802.1Q VLAN support (FRQ: 1561647).
- LLC-SNAP support.
- unified link level modes.
- several performance enhancements.
- refactored and streamlined node id definition.
- improved l3 packet deconding, now fully dynamic.
- improved documentation, now using gnome-doc-utils.
- borrowed some info from Mandriva .desktop file.
- Mandriva now compiles with -Werror=format-security and EtherApe was
failing to compile. Thanks to Jerome Brenier for the fix.
Overview of changes in EtherApe 0.9.8 (Sunday Sep 27 2009):
Apart for the usual bug fixes, this release see a the switch to glade-3, the
overdue removal of bonobo dock and several other deprecated widgets.
Most of the ui now uses directly Gtk+ instead of Gnome. At this time
there isn't a real alternative to GnomeCanvas, so quite a bit of Gnome
To make partially up for the long delay, there are some new functionality as
well: a node listing window, substantial performance enhancements, and some
improvements here and there. See the details below.
Note the new timing defaults: out of the box, Etherape will react faster to
traffic changes and give a better "feel" of current the network state.
The faster expiration will also help to reduce memory and cpu requirements.
On the other hand, "forgetting" inactive nodes faster makes Etherape less
suited for mid-term monitoring; the new values will be too small.
I believe this change will be useful to most people, though, and especially
suited to newcomers, who often have difficulties understanding the different
timing types. Experienced users can still easily adapt Etherape to their
I have already mentioned the switch to mercurial. A couple months from now
the CVS repository will be shut down.
- Fixed bug 1713590, bad replaying of out-of-order packets (Bug report
- Fixed bug 1435271, about box doesn't report version (Bug report
by Cullen Newsom, who had to wait more than three years for this
- Fixed bug 2839050, a massive memory leak reported by "psistormyamato".
- Fixed a bug causing no-data tcp packets to have incorrect port.
- Improved performance in several key areas.
- Upgraded to glade-3, removed deprecated widgets and functions, tweaked
the looks a bit.
- Added --glade-file option to load a different glade file.
- Renamed --infile to --replay-file to be more consistent with the
- Option --zero-delay (-z) is now replaced by --max-delay, receiving a
maximum delay in ms between packet when replaying from file.
- Revised preferences dialog. Timeouts now expressed in seconds.
- Added preference for diagram text color.
- Added port column to protocol infos (Feature request 2818525).
- Made node name and ip selectable in node/link info (FR 2818525 again).
- Preferences dialog now accepts multiple protocols for a color.
- Added a node window, showing a table with all non-expired nodes (i.e.
both those visible on diagram and the inactive, hidden, but not removed
- Removed several outdated preferences: diagram is always anti-aliased,
links always fade on timeout and info windows show protocol data.
- Revised default timings, now geared toward instant monitoring.
Previous values where more suited for mid-term analisys.
Since sub-second timeouts aren't very useful, and reading milliseconds
less than ideal, all expire periods now are entered in seconds.
- Etherape had always the ability to map multiple protocols to a single
color, but you had to create multiple rows, manually matching the RGB
code. Now the preferences dialog accepts protocols separated by ',' for
the same row and also compacts automatically previously distinct rows.
You can also change the row color.
- The link width slider now controls the link width/node radius ratio, so
changing both node and link size will be easier, while retaining the
ability to have a links smaller or greater than nodes.
- Expanded internal consistency checks.
- Info and debug levels are now enabled by defining the environment
variable APE_DEBUG with values respectively info or debug (case
Development repository switched to Mercurial (Tuesday Sep 08 2009):
Now that SourceForge officially supports Mercurial, there's no reason to still use CVS.
DVCs are faster, have much more features and imho much better suited to open source work.
Using hg should also lower the barrier for anyone wishing to hack on Etherape.
The old CVS repo will be occasionally (e.g. on releases) synchronized for a while to make life
easier for packagers. Full history will be available only on hg, however.
The new mercurial repo contains almost all the past project history, but since it's a conversion between two
very different systems (for example, CVS doesn't have changesets, so the converter must infer them from timestamps
and commit messages), there are some differences.
So, if you really want to know how the project evolved before release 0.9.7, please consult the CVS repo.
Overview of changes in EtherApe 0.9.7 (Saturday Sep 30 2006):
Bugfix release. Special thanks to Pav Lucistnik for providing patches and bug reports.
- Fixed bug 1496607, thread termination failure (Bug report by Pav Lucistnik).
- Fixed bug 1496621, crash after pausing (Fix by Pav Lucistnik).
- Fixed bug 1496614, crash in initialize_ethers() (Fix by Pav Lucistnik).
Overview of changes in EtherApe 0.9.6 (Tuesday May 16 2006):
Some distributions had trouble linking correctly EtherApe. This release should fix that.
- On newer distros (like FC5) the linker was called without --export-dynamic, making EtherApe unusable.
- Fixed bug 1488215, "cancel" button on preferences dialog doesn't work.
- Updated .desktop and .spec files
- Updated debian files. Thanks to F.Peters (debian maintainer).
Overview of changes in EtherApe 0.9.5 (Saturday May 06 2006):
After the recent changes the manual was really obsolete.
release features a completely rewritten one, properly integrated with
the Gnome help browser. You'll find EtherApe under Applications -
- Manual completely rewritten with docbook-XML. Now registers
- Thanks to Jeffrey G. Gomberg, who had the patience to test and
identify problems, this release features improved OSX support.
- Thanks to Ben Allen, added a new opzion, 'zero-delay' (-z) to
play captured files without accounting for timestamp. Usually
EtherApe uses the timestamp to playback packets as they came in when
recording. This option essentially disables this, making as if all
packets came in at once.
As Ben said 'It provides a QUICK way to generate a graph of all of the
conversations in a capture file, without having to wait the length of
the capture. This is helpful for visualizing data from long (hours to
- Fixed a bug preventing conversations to expire properly.
Overview of changes in EtherApe 0.9.4 (Saturday Jan 14 2006):
This release comes after a first round of extensive
refactoring, needed to clean up some of the cruft accumulated during
the years and make further developments easier. While still a work in
progress, memory control is tighter and protocol dissectors more
EtherApe calculates an extensive set of traffic statistics,
even if only a small part is always visible on the diagram.
For example, every node and link maintains complete data for
every protocol seen, but only the most active one is displayed.
Thus, the detail dialogs now show also traffic breakdown by
- New feature: link info dialog. Double-clicking on a link
shows traffic and protocol
- New feature: improved node info dialog now displays both
traffic and protocol statistics.
- New feature: protocol aging. Now protocols, like nodes and
links, can expire and be purged automatically.
- Heavy refactoring to make sources easier to understand and
- Small performance enhancements due to refactoring.
- Better memory handling due to refactoring.
- Unified handling of traffic statistics.
- Rewritten interface listing. Now uses directly
pcap_findalldevs to list interfaces available for capturing. The
interface submenu now list also the "any" device, if present. The older
method is deprecated (at the moment it can be enabled with a #define)
and will be removed in a future release. If someone needs it, please
file a feature request.
- Tidied up preferences dialog, removing unneeded entries.
- Rewritten and improved node/link timeout handling.
- Fixes bug 1362426 (i8n issues). Thanks to Daniel Nylander
for hunting down that and providing a detailed example.
- Fixes bug 1385105 (crash with double free). Thanks to
goga_russian for the segnalation.
- Fixes bug 1372245 (crashes when node goes too big). Thanks
to goga_russing for the segnalation.
- Fixes bug 1396236 ("force numeric" and "dns resolution"
checkboxes not working).
- Fixes bug 1268291 (OSX net/if.h). Thanks to Eric Stewart
for the patch.
- Legend labels now align to left.
- Fixed a bug when closing the preferences dialog.
Overview of changes in EtherApe 0.9.3 (Thursday 8-18-2005):
- Fixes bug 1083524 (deletion of all user colors)
- Fixes bug 1024944 (compilation on OSX). Thanks to
Lars Eggert for the patch.
- Fixes a bug with the legend handling (beware: on later
gnomes the legend could behave strangely if you use a binary package
built for an older gnome release)
Overview of changes in EtherApe 0.9.2 (Saturday 8-13-2005):
Overview of changes in EtherApe 0.9.1 (Wednesday 8-11-2004):
- Color-coded protocol dialog
- Some tweaks to compile with newer distros
Overview of changes in EtherApe 0.9.0(Saturday 01-03-2003):
- Gnome 2 preliminary support, including a new option for an
- Gcc 3.2 compile support
- Some bug and potential bug fixes
- New Turkish translation, by Gôrkem Cetin
- Several fixes to assure proper compilation with newer
- Resolved memory bug by limiting resolved names to 1024
entries and arranging them in a simple LRU cache
Overview of changes in EtherApe 0.8.2 (Sunday 08-12-2001):
- Fix from Dave Yearke to bring back compilability to systems
not defining DLT_LINUX_SLL
- Should fix node globbing on screen under heavy loads
- Added dialogs for name selection. The code behind the
dialogs is not there yet, so don't expect it to work
Overview of changes in EtherApe 0.8.1 (Monday 08-06-2001):
- Added support for ISDN on Linux (added support for linux
cooked sockets in general). Thanks to Ole Andreas Weel for providing
the capture file.
- Removes some testing info that was showing up when adding a
new color to the color-protocols table
Overview of changes in EtherApe 0.8.0 (Friday 08-03-2001):
- Added much requested color selection dialog, to set and
save your preferences for protocol coloring
- Fixes program not behaving when using pause in live capture
- Fixes a potential crash when deleting the font selection
window using the window manager
Juan Toledo got his engineering degree
Overview of changes in EtherApe 0.7.8 (Friday 07-06-2001):
- Fixes device being left in promiscuous mode at exit
Overview of changes in EtherApe 0.7.7 (Friday 06-22-2001):
- Per mode name selection code was not working. For instance,
/etc/ethers was not being used in ethernet mode. Fixed
- Fixes a crash triggered at times when changing modes or
restarting a capture
- Should fix a cluttering of the display under heavy loads
- Removes a compilation warning about floor not being
Overview of changes in EtherApe 0.7.6 (Sunday 05-13-2001):
- Now you can decide if you want to group unknown TCP and udp
ports or not
- Can show IPX SAP resource names in ethernet mode
- Added a good deal of new protocols: ICQ, napster, DEC, LAT,
IPX and many, many more. Remember that you must set Ethernet mode in
order to see non IP protocols
- You can select the columns to display in the protocols
- Pausing a live capture doesn't drop packets (statistics
will still be valid)
- Fixes mode setting from the command line
Overview of changes in EtherApe 0.7.5 (Friday 05-10-2001):
- Added more information to the protocols window:
instantenous traffic, last heard and number of packets
- Greatly improves CPU usage, should drop less packets in
heavy loaded networks (increase refresh period if you are more
interested in truthful statistics)
- Double click a protocol in the protocols window to get an
individual window for that protocol (yet to be filled with more data)
- Fixes a segfault introduced in 0.7.4 triggered under heavy
Overview of changes in EtherApe 0.7.4 (Wednesday 05-09-2001):
- Added support for RPC_REPLYs and passive FTP. That's
because EtherApe now understands the notion of conversations
- Application is more responsive now under heavy loads
- Fixed the CPU problem and part of the leak that was
introduced in 0.7.1
- Fixed CPU hogging when in pause
- Fixed a segfault triggered when a capture file was given
first in the command line and later through the GUI
Overview of changes in EtherApe 0.7.3 (Tuesday 05-08-2001):
- Added ability to resize columns and sort rows in the
protocols window table
- Added a toolbar button and a menu entry to call the
- Unregistered TCP and udp ports now show as an unique
protocol, instead of being summed up in TCP_UNKNOWN and UDP_UNKNOWN
Overview of changes in EtherApe 0.7.2 (Monday 05-07-2001):
- Displays a protocol statistics window when you double click
the protocols legend
- Fixes the problem with links not disappearing when stopping
Overview of changes in EtherApe 0.7.1 (Sunday 05-06-2001):
- The protocol table is emptied after stopping a capture, and
now only shows the relevant protocols when changing the stack level
- Better color behavior: removed repeated colors, and cycles
color usage for further protocols
- Fixes token ring mode in token ring networks (IP mode was
- Fixes a problem that showed up after a second offline
capture in a row
Overview of changes in EtherApe 0.7.0 (Saturday 05-05-2001):
- New node cache timeout adjustment to avoid building on
- Some improvements to reduce CPU usage as time passes by
- Updated Dutch and Spanish translations
Overview of changes in EtherApe 0.6.9 (Thursday 04-26-2001):
- Added new node info window that pops up when a node is
double clicked and is updated in real time. Since we have a proper
window now, we can remove the hideous node pop up window
- Fixes nodes reappearing in the diagram after a while and
never being timed out again
- Fixes the "** WARNING **: could not find signal handler"
bug for architectures that were not automatically exporting symbols by
adding libtool support
Overview of changes in EtherApe 0.6.8 (Wednesday 04-25-2001):
- Added support for Token Ring (Thanks to Robert Frank for
the capture file)
- Squashed yet another memory leak. (I won't say it's the
last, lest Jim Howards proves me wrong again :-) )
- Fixed more problems with names in FDDI mode
Overview of changes in EtherApe 0.6.7 (Monday 04-23-2001):
- RPM package finally works for RedHat users
- Choose node size from among (total|inbound|outbound)
instantenous or accumulated traffic
- Tooltips show correct accumulated traffic value
- Node names are not forgotten when they timeout
- Removed interape binary and moved etherape to bin from sbin
Overview of changes in EtherApe 0.6.6 (Saturday 04-21-2001):
- Fixes a serious leak introduced in 0.6.1
Overview of changes in EtherApe 0.6.5 (Saturday 04-21-2001):
- Reports less false positive by giving priority to
registered port numbers (below 1024) and fixing a bug that was causing
etherape to only acknowledge RCP_REPLY messages
- Get extensive node info in console by double clicking it
(use export DEBUG=INFO)
Overview of changes in EtherApe 0.6.4 (Friday 04-20-2001):
- Better support for NetBIOS over IP name recognition
(captures names from host announcements messages, besides the already
- Fixes the "Illegal" node name bug
- Compile fixes for platforms breaking at the libpcap check
Overview of changes in EtherApe 0.6.3 (Thursday 04-19-2001):
- Can find windows names in netbios over TCP session packets
- Fixed a couple of cases in which ethernet addresses were
displayed instead of IP addresses
- Should report less false positive protocol identifications
Overview of changes in EtherApe 0.6.2 (Wednesday 04-18-2001):
- New interface setting menu: now you can set the device to
capture from at run time
- Added support for RPC protocols. That means that NFS shows
as such most of the time at last
- Fixed a bug introduced in 0.6.0 that froze EtherApe
- Fixed a couple of references to null pointers which I
believe where the cause of most crashes
Overview of changes in EtherApe 0.6.1 (Tuesday 04-17-2001):
- New mode setting menu: now you can choose among link layer,
IP or TCP modes on the fly from whitin the GUI
- The status bar now shows an actually informative message
Overview of changes in EtherApe 0.6.0 (Saturday 04-15-2001):
- Play, pause and stop buttons now work as expected
- New open capture file menu item
- Fixed filter history
- Fixed ip addresses not showing in FDDI
Overview of changes in EtherApe 0.5.9 (Thursday 04-12-2001):
- Does not leak anymore. Formally tested! :-)
- Online documentation. At least you get the menu entries. I
still need to finish writing the docs :-)
- Default operation mode is now IP. If you want to go back to
ethernet mode, use -m ethernet at the command
- Loopback device now supported (was needed to test
Overview of changes in EtherApe 0.5.8 (Thursday 04-05-2001):
- Fixed non-displaying text on diagram. If you still see
squares instead of text, go to preferences and choose a new font. Save
- Application icon now shows on the window manager and the
- Rpm package does not require alsa anymore
Overview of changes in EtherApe 0.5.7 (Tuesday 04-03-2001):
- Dutch translation. (Thanks, Vincent)
- Fixed compilation problem with resolver library and newer
- Menu entries for Gnome and Debian systems
- Included application icon. I can't track who sent me the
couple of icons I have. If anybody knows who the author is, please tell
me so that I can properly credit him
- New version after eleven months! Development is retaken!
Overview of changes in EtherApe 0.5.6 (Thursday 05-4-2000):
- Fixed a stupid but serious bug introduced in 0.5.3 which
caused the capture to stop for no good reason. This happened because I
was away from home and I was developing using only capture files with
no access to any live network. I'm sorry it took me this long to solve
the problem... :-(
Overview of changes in EtherApe 0.5.5 (Saturday 04-22-2000):
- New Stack Level setting: "Topmost Recognized Protocol".
This is probably what you want to have as default. If you have used any
previous version of EtherApe and have saved your settings, you will
probably want to change it.
Overview of changes in EtherApe 0.5.4 (Saturday 04-22-2000):
- TCP and UDP protocols are read from a configuration file:
services. I could use some help in trying to determine what's missing
and what should not be in in the deafault services file. Unified diffs
Overview of changes in EtherApe 0.5.3 (Friday 04-21-2000):
- Added start and stop buttons. The toolbar is back, since it
is now useful. :-)
- General menu cleanup
Overview of changes in EtherApe 0.5.2 (Thursday 04-20-2000):
- Added new -l option. You can use it to limit the nodes
displayed only to the N most active. GUI configuration and more the
ability to use more criteria will come next
Overview of changes in EtherApe 0.5.1 (Wednesday 04-19-2000):
- Fixed lots of memory leaks thanks to Owen Taylor and his
- Should not hog the CPU in offline mode anymore
- Node size is zero again when the average traffic is zero
- Got rid of the toolbar by default
Overview of changes in EtherApe 0.5.0 (Saturday 04-15-2000):
- Fixed PPP and SLIP modes not showing any protocols nor
- Moved code to libglade. This means:
- You will need libglade to compile and run EtherApe
- No more GTK warnings
- The view menu is fixed. Check buttons work as expected
- You can change the interface by editing EtherApe.glade
with glade without having to recompile
- All kinds of benefits for the developer. Now I can go
back at dealing with the GUI
- These are major changes. Please report any problems (see
Overview of changes in EtherApe 0.4.7 (Friday 04-14-2000):
- Fixed segfault when applying preferences changes and a
filter had been set up in the command line
- (Bill Barth) New, improved static mode
- Debug messages depend on the DEBUG environment variable.
You can set it to DEBUG or INFO if you want to see them again. Added -q
option too, to get rid of WARNINGS as well
- Refresh period is finally working the intended way (I
hope). Should free up CPU in many cases
Overview of changes in EtherApe 0.4.6 (Monday 04-10-2000):
- Ports were not appearing in TCP mode
- Accumulated per name traffic was not properly updated
Overview of changes in EtherApe 0.4.5 (Sunday 04-09-2000):
- /etc/ethers is used again in Ethernet mode
- FQDN is again only used in IP or TCP mode
- Added new --stationary option, so that people getting sick
of following nodes around can have a rest. :-)
Overview of changes in EtherApe 0.4.4 (Sunday 04-09-2000):
- Nodes keep track of all names by which they are referenced.
Right now only the most used one is displayed
- This breaks /etc/ethers usage for IP nodes. You'll see your
router change names a lot in ethernet mode. :-) I'll try to solve this
- I changed quite a lot of things. Please test it and tell me
any problems you find so that I can fix them
Overview of changes in EtherApe 0.4.3 (Tuesday 04-04-2000):
- Recognizes IP fragmentation. Should make up for unexpected
protocols in your network
- Node colors are those of its most common protocol. This is
a bonus on my way of handling several names per node.
- Fixed a bug by which actually the least
common protocol had its color shown. Come on, guys... How come nobody
reported this one? :-)
Overview of changes in EtherApe 0.4.2 (Tuesday 04-04-2000):
- Initial FDDI support.
- Uploaded working RPM (for version 0.4.1).
Overview of changes in EtherApe 0.4.1 (Monday 04-03-2000):
- Hiding legend works again (for me, at least).
- Link directions were reversed in ethernet mode.
- New webpage (mostly copied from ethereal's :-) )
- First try at RPM distribution. Please report whether it
Overview of changes in EtherApe 0.4.0 (Wednesday 03-29-2000):
- Node size is dependent on outbound traffic
- You can distinguish both directions of a link.
Overview of changes in EtherApe 0.3.9 (Wednesday 03-29-2000):
- You may safely turn down refresh period to minimum. If CPU
can't handle it, it will just do a best effort.
- Patch from Fabrice Bellet. Should fix more RedHat problems.
Please report if it solves yours.
- Some more segfault fixing.
Overview of changes in EtherApe 0.3.8 (Wednesday 03-29-2000):
- Filter entry has history.
- Prefs window is raised when called.
- I think I fixed almost all memory leaks.
- Some more segfaults fixed.
Overview of changes in EtherApe 0.3.7 (Friday 03-24-2000):
- You can now "playback" tcpdump output files.
- The legend now has a scrollbar if there are more protocols
than it can hold.
Overview of changes in EtherApe 0.3.6 (Friday 03-24-2000):
- Recognizes level 5 UDP protocols.
- Default stack level is now 5
- Can anybody please send me the most complete /etc/services
in Earth? Mine in debian is quite complete, but it's missing things
Overview of changes in EtherApe 0.3.5 (Thursday 03-23-2000):
- Sorry. I forgot to include the new files in the
Overview of changes in EtherApe 0.3.4 (Thursday 03-23-2000):
- Recognizes level 5 TCP protocols (Set stack level to 5) UDP
protocols should be done tomorrow morning. (Can somebody explain me why
6000 is not a recognized protocol in standard /etc/services?)
- Fixed a compilation problem for people with libbind.a
Overview of changes in EtherApe 0.3.3 (Thursday 03-23-2000):
- Fixes a serious and stupid segfault.
- Recognizes level 4 IP protocols (set stack level to 4)
Overview of changes in EtherApe 0.3.2 (Wednesday 03-22-2000):
- You may choose what level of the protocol stack to look at.
Now I should be able to add more protocol decoding easyly.
- I think I have squashed the growing legend bug. Please
- Diagram tries to use most of the window.
- Got away with some other memory leaks, though I probably
just introduced some others.
Overview of changes in EtherApe 0.3.1 (Monday 03-20-2000):
- Capture filter may be set in the preferences dialog in
- Warning! The above is just candy to have you all test some
major code restructuring. Please report any problems.
Overview of changes in EtherApe 0.3.0 (Saturday 03-18-2000):
- Preferences can be saved
- The status bar shows the main protocol when over a link,
and the node name when over a node.
- EtherApe turns 1 month old! Thanks everybody for using this
Overview of changes in EtherApe 0.2.11 (Friday 03-17-2000):
- Fixed a segfault in linuxppc
- Fixed a minor bug in the protocols legend
- Translations to French and Spanish
Overview of changes in EtherApe 0.2.10 (Thursday 03-16-2000):
- Fixed several memory leaks (it's still leaking, though :-(
- Added font picker to the diagram settings
- Size mode menu is now working.
- Should compile again in Solaris
Overview of changes in EtherApe 0.2.9 (Thursday 03-16-2000):
- Fix for bug introduced in 0.2.8. Resetting the refresh rate
eventually broght a SIGSEGV.
Overview of changes in EtherApe 0.2.8 (Wednesday 03-15-2000):
- GUI enhancements suggested by mdf to save screen real
- Diagram settings is a dialog under the preferences menu
- Legend becomes a dockable item
- Toolbar, legend and appbar may be hidden using the view
- GUI for two more sizing algorithms: log and sqrt. I'm
afraid I still don't know how to get the menu item from an option_menu,
though. Patch, anyone? :-)
Overview of changes in EtherApe 0.2.7 (Monday 03-13-2000):
- Node info is now a popup.
- Popup window shows Name, IP address and MAC address again.
- Name is only FQDN in ip and tcp modes (more readable)
- Now links age the moment they are not used.
- Added 802.2 and 802.3 to ethernet protocols.
- Fix for sigsegv when small link timeouts.
Overview of changes in EtherApe 0.2.6 (Saturday 03-11-2000):
- Ethernet protocols are recognized and presented in
- Links not in use are slowly faded out (patch by Ted
Wright). Use --no-fade to avoid it.
- Finally found a way to set the diagram background to black.
Overview of changes in EtherApe 0.2.5 (Friday 03-10-2000):
- Initial support for color coded protocols display
- Click on a link and a get a debug message with the most
common ethernet protocol
- Released to test for bugs some major changes in the code.
Go for 0.2.4 if you want some guarantee of a more stable version.
Overview of changes in EtherApe 0.2.4 (Thursday 03-09-2000):
- Major bug fix.
- Added README.bugs with procedures for bug reporting.
Overview of changes in EtherApe 0.2.3 (Wednesday 03-08-2000):
- Non blocking reverse lookups. I brought dns.c in from mtr
to provide this functionality. This code is from Simon Kirby.
- Removed now unnecessary -r option.
Overview of changes in EtherApe 0.2.2 (Tuesday 03-07-2000):
- Added ppp and slip devices support.
- Brought back IP address display in ethernet mode when no
/etc/ethers is available
- Fixed another bug with RedHat 6.1. (I really have to find
time to talk to this guy)
Overview of changes in EtherApe 0.2.1 (Monday 03-06-2000):
- Added tcp mode. Run with etherape -m tcp
- Added fix from Ted Wright to provide a more readable
display in crowded diagrams. Run with -o. Very useful for tcp.
- Cleaned up sources so that adding other modes should be
trivial. Please have a look at the source.
Overview of changes in EtherApe 0.2.0 (Friday 03-03-2000):
- RedHat 6.1 fix. Works around "featureful" redhat 6.1
- Fixed node-in-the-center bug.
- Timeout=0 means never timeout.
Overview of changes in EtherApe 0.1.9 (Thursday 03-02-2000):
- Finally I'm properly calculating average traffic. (yeah,
- Node and link timeout work as expected as well.
- Should now compile cleanly in Solaris.
- Interape is a hardlinked to etherape. Runs as interape when
called with that name.
- Minor changes to the naming algorithm.
Overview of changes in EtherApe 0.1.8 (Wednesday 03-01-2000):
- First version of interape. Run as EtherApe -I. I guess I'll
have to change the name to netape now. :-)
- Added node and link timeouts controls.
Overview of changes in EtherApe 0.1.7 (Tuesday 02-29-2000):
- Pcap filtering added. Now you can use tcpdump style
filtering (enclosed in quotes) with the -f option.
- Added libm to autoconf.in for systems with a separate math
- First try at Debian packaging.
Overview of changes in EtherApe 0.1.6 (Monday 02-28-2000):
- Refresh period spin, averaging time spin, and link width
sliders now work. Time to get better than Quake frame rates! :-)
- Node, link and text colours can be set from the command
- The rest of the GUI is active, so that it can answer itself
people's favourite question. :-) (Well, Control-Q does actually work!)
- Automated release process so that I can keep bombarding you
Overview of changes in EtherApe 0.1.5 (Sunday 02-27-2000):
- More for readability: Click on a node and a pop-up window
appears with all node data.
- You can change the network interface to listen to in the
- Fixed a bug in the dotted quad ip number display
- Compiles without warnings
- Updated README
Overview of changes in EtherApe 0.1.4 (Sunday 02-27-2000):
- Now parses command line arguments:
-n, --numeric don't convert addresses to names
-r, --with-dns-resolving use IP name resolving. Caution! Long timeouts!
-d, --diagram-only don't display any node text identification
- The resolver is turned off by default since it can
potentially freeze your display for too long
- digram-only makes for a clearer display. It's intended to
be practical whenever I have per-node pop-up windows ready.
Overview of changes in EtherApe 0.1.3 (Saturday 02-26-2000):
- Links with no traffic disappear with time. Makes diagram
- IP host name displayed if no ether name available
- Oops! Was confusing ether dst and src addresses. Solved.
- Web page now has a much more interesting screenshot thanks
to Nico Lumma
- Buttons are in English now.
- (This file I had to get out from download because it had
the dangerous DNS behaviour by default. You see? That's what happens
when you are rushed by deadlines! :-) )
Overview of changes in EtherApe 0.1.2 (Saturday 02-26-2000):
- James Wallace provided code to automatically detect proper
network interface. It now compiles in NetBSD.
- IP number displayed if no /etc/ethers is available. IP host
name will be there in the Saturday Night edition. :-)
Overview of changes in EtherApe 0.1.1 (Friday 02-25-2000):
- First look at GUI side of things
- Now you can dynamically reset the node radius using a
- First users reports! Thanks R., Don!
- First improvements due to user feedback:
- Solved configuration problem for some people
- Improved web page and README: reference to /etc/ethers
Overview of changes in EtherApe 0.1.0 (Friday 02-25-2000):
- Diagram resizes with window
- Basic functionality is all there now, and calls for a minor
version upgrade. :-)
Overview of changes in EtherApe 0.0.8 (Thursday 02-24-2000):
- Correctly (I hope) calculates average traffic intensity for
nodes and links. The proper constant multiplier should be user defined.
Overview of changes in EtherApe 0.0.7 (Thursday 02-24-2000):
- First version showing links among nodes
- Aborts gracefully if run by non-root.
- http://etherape.sourceforge.net has a screenshot.
- Expect proper node size and link width calculation in 0.0.8
Overview of changes in EtherApe 0.0.6 (Wednesday 02-23-2000):
- Copied proper libpcap autoconfigure detection function from
- Added Ethernet address resolution functions from ethereal
Overview of changes in EtherApe 0.0.5 (Wednesday 02-23-2000):
- Now uses gnome_canvas to display the diagram
Overview of changes in EtherApe 0.0.4 (Monday 02-21-2000):
- Node size is now an average of the last ten seconds
- Proper distribution file.
Overview of changes in EtherApe 0.0.3 (Sunday 02-20-2000):
- Added gnome support.
- Substituted hash table for binary tree to store nodes
- Correctly display hardware addresses.
Overview of changes in EtherApe 0.0.2 (Saturday 02-19-2000):
- Displays circles representing nodes and text which will
identify it eventually.
Overview of EtherApe 0.0.1 (Friday 02-18-2000):
- Initial version. Don't even expect it to run.