Download EtherApe 0.9.10

EtherApe is able to capture, parse, analyze and graphically display the results of network traffic. In addition, it can handle stored network traffic in pcap files. For more information, please refer to this page. The developers released version 0.9.10 a few days ago and provided the following announcements since the previous entry in our Meuktracker:

Overview of changes in EtherApe 0.9.10:

The most notable change is IPV6 support, thanks to David Flamand.

EtherApe now computes average packet size, to better estimate network usage. The new option –min-delay allows slow-motion replay of a capture file.

In 0.9.9 relnotes I forgot to mention a fix from Sotiris Sotiropoulos. Many apologies for the mistake.

Note: the old non-threaded name resolver is deprecated and will be removed on the next release. If you really need it, speak up *now*. Works only with IPV4 addresses, anyway.

Important: CVS repository closed. Effective from today, EtherApe CVS is no longer accessible. Please refer to the Mercurial repository.

Change summary:

• IPV6 support, thanks to David Flamand.
• new statistics: average packet size.
• added option –min-delay, to complement –max-delay when replaying from file. With this option you can replay a capture in slow motion.
• tweaked default service file, adding some common ports.
• added check for invalid proto-color mappings (debian bug 566226).
• removed bogus double assignment. Thanks to “johndoe123321”.

Overview of changes in EtherApe 0.9.9:

The most interesting change of this release is *basic* 802.11 WLAN support. WLAN is one of the most complex protocols around (‘crazy’ sometimes seems a better description) and there’s no way to support it completely without a dedicated display mode.

As an example, a single WLAN packet could contain up to four (4) addresses, source and destination, plus AP interchange. Showing the exact packet route could be interesting for someone trying to understand WLANs, but not very useful to monitor application traffic. So EtherApe tries to treat APs like routers, ignoring them if not directly addressed. Thus a packet starting from node X and ending with node Y will be shown as a straight link between the two nodes, even if the real path was X-AP and AP-Y.

The other notable improvement is 802.1Q VLAN tagging support. VLAN tags are decoded but ignored, showing all traffic as being in a normal LAN. Filtering a single vlan could be accomplished with pcap expressions. Note: Due to pcap limitations, to correctly filter VLAN traffic the pcap filter must start with the keyword “vlan” (eg vlan and ip) and *all* traffic must be VLAN-tagged.

All data-link level modes (Ethernet, FDDI, etc) are now unified in a single Link Layer mode, with automated detection (thanks to libpcap).

Note to packagers: EtherApe now uses gnome-doc-utils. Manual should appear in yelp under ‘Internet’.

Important: this release will be the last mirrored on the CVS repository, which will be shut down as of march 2010.

Change summary:

• wlan and wlan/radiotap protocol decoding.
• wlan QOS support.
• PPI (Per Packet Incapsulation) decoding.
• basic 802.1Q VLAN support (FRQ: 1561647).
• LLC-SNAP support.
• unified link level mode.
• several performance enhancements.
• refactored and streamlined node id definition.
• improved l3 packet deconding, now fully dynamic.
• improved documentation, now using gnome-doc-utils.
• borrowed some info from Mandriva .desktop file.
• Mandriva now compiles with -Werror=format-security and EtherApe was failing to compile. Thanks to Jerome Brenier for the fix.