Ethereal-users: Re: [Ethereal-users] Top 10 users and other Sniffer reports from Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 3 Apr 2002 18:26:01 -0800
On Wed, Apr 03, 2002 at 09:14:02PM -0500, Gary Baribault wrote:
>          I was wondering if there is a package available that would produce 
> Sniffer like reports from Ethereal Capture files. For those of you that are 
> familiar with Sniffer you will recognize what I'm looking for, for the 
> others of you, I'm looking for a report/Graph that would identify the top 
> protocols, talkers or users on a link. Ideally this would produce HTML/JPG 
> pages of this information.

Ethereal capture files are the same as tcpdump capture files, so
anything that can read tcpdump capture files should do.

One possibility is EtherApe:

	http://etherape.sourceforge.net/

The introduction at

	http://etherape.sourceforge.net/introduction.html

says:

	At the present time, EtherApe has enough functionality to be
	useful, but it's far from complete.  It's still beta software,
	and new features and bug fixes are being added all the time. 
	Here is the list of features, current as of version 0.4.3, in no
	particular order:

	   o Network trafic is displayed graphically.  The more "talkative"
	     a node is, the bigger its representation. 
	   o Node and link color shows the most used protocol. 
	   o User may select what level of the protocol stack to
	     concentrate on. 
	   o You may either look at traffic within your network, end to end
	      IP, or even port to port TCP. 
	   o Data can be captured "off the wire" from a live network
	     connection, or read from a tcpdump capture file. 
	   o Live data can be read from ethernet, FDDI, PPP and SLIP
	     interfaces. 
	   o The following frame and packet types are currently supported:
	     ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK, AARP,
	     IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP,
	     PUP, UDP, IDP, TP, IPV6, ROUTING, RSVP, GRE, ESP, AH, ICMPV6,
	     EON, VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP
	     and UDP services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS,
	     IRC, DOMAIN, SNMP, etc.
	   o Data display can be refined using a network filter.

so it might do.

Binary packages are available for Debian and Red Hat; it will probably
compile on at least some other flavors of UNIX, if you have GTK+ and
GNOME.  It probably won't work on Windows....

It might also be possible to get ntop to do the job:

	http://www.ntop.org/ntop.html

and it does work on Windows.