EtherApe – Real-Time Network Visualization, the Old-School Way

What is EtherApe

EtherApe is a graphical network monitoring tool that maps traffic in real time. Picture a constantly updating topology map where nodes (hosts) and links (connections) change size and color depending on how much data is moving through them. That’s EtherApe.

It’s inspired by Etherman and crafted for sysadmins who prefer visual over textual. While it won’t replace a full-blown NMS, it’s ideal when you want to see what’s happening — immediately and without digging through logs.

You launch it, and it builds a live map of the network around you, showing who’s talking to whom, and how much. It’s especially helpful for spotting noisy hosts, unauthorized connections, or unusual activity in seconds.

Technical Overview

How It Works in Practice

Run EtherApe as root (or with proper capabilities) so it can read network interfaces. Choose which interface to listen on (eth0, wlan0, etc.), and it starts populating the map based on real traffic.

You can limit traffic capture to a single protocol (e.g., TCP), or watch everything. Heavy talkers show up as fat lines. Quiet nodes fade into the background. It’s all visual, live, and constantly adjusting.

There’s no backend, no logging, and no storage. When you close EtherApe, it’s gone. That’s the point — it’s for watching what’s happening right now.

When It’s Worth Using

– Spotting suspicious traffic without digging through packet dumps
– Teaching network basics with a visual, interactive map
– Seeing how chatty that “quiet printer” actually is
– Monitoring traffic bursts during specific actions (logins, syncs, etc.)
– Quickly mapping unknown networks or new VLAN segments