How-To user EtherApe graphical network monitor with Windows, Mac OS X or Linux
EtherApe is a graphical network monitor for Unix that come with most of the GNU/Linux distrubution
but is not, now is present in MacPorts for Mac OS X and but has no porting for Windows as well.
All present and past releases can be found in our download area. Installation Notes. For a complete list of system requirements and supported platforms, please consult the User's Guide. Information about each release can be found in the release notes. Each Windows package comes with the latest stable release of Npcap, which is required for live packet capture. Network Monitor 2.1.1 for Mac can be downloaded from our software library for free. Network Monitor for Mac belongs to Internet & Network Tools. The actual developer of this Mac application is Hugo Corbucci. Our antivirus check shows that this Mac download is clean. The file size of the latest installation package available for download is 295 KB.
The best use of EtherApe is when it’s installed on a server (or any GNU/Linux machine) connected to the last-hop of your network to allow it to ‘sniff’ (analyze) the whole traffic getting in-and-out of your network. I suggest to put it on the switch or hub that connects your network to the router.
Normally we monitor and manage our network from our workstation trying to access as less as possible the screen of our servers. Because EtherApe would be installed on one of our servers to visualize its output on our screen avoiding the user of screen remotization like VNC, TeamViewer or LogMeIn we need to use X11 protocol forwarding via SSH.
This solution implies that we have and X11 service running on our workstation.
If we are working on a Linux machine it can’t be more easy as we mostprobably are working on a X11 implementation.
If run Mac OS X then we ned to installe Apple’s X11, and you can find the installer inside the Installation disc.
For Windows the game is more tough because it’s not a Unix based system and a X11 server implementation is not part of the standard applications offered as part of the installation options.
Fortunately come in hand the project Xming a free implementation of X Server for Windows: https://www.straightrunning.com/XmingNotes/
The steps to visualize EtherApe on your workstation are:
- Install EtherApe on your GNU/Linux server:
i.e. on a GNU/Debian server:
- Install X11 on your workstation:
- On Linux most probably you have installed x.org package
- On Mac OS X you install the package that you find in the installation disc
- for windows you need to donlaod the public release of Xming:
- Install an SSH client on your workstation
- On Linux and Mac OS X it is part of the base system installtion
- On Windows you need to install PuTTY:
- Enable X11 forwarding through SSH on your server:
- Edit the file /etc/ssh/sshd_config and add or modify the X11 forwarding setting to
then restart the SSH service to load the new configuration
- On Windows only configure Xming to connect via the SSH client to your Linux server and specify to run the program xterm (or any other terminal application you have installed on your server) and specify as connecting user root or any sudoer user because EtherApe needs root privileges to turn the network card in listening mode.
- run EtherApe from the ssh connection just fireing the command ‘etherape’
Powered by Facebook Comments
NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
NetworkMiner makes it easy to perform advanced Network Traffic Analysis (NTA) by providing extracted artifacts in an intuitive user interface. The way data is presented not only makes the analysis simpler, it also saves valuable time for the analyst or forensic investigator.
NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.
|NetworkMiner (free edition)||NetworkMiner Professional|
|Parse PCAP files|
|Parse PcapNG files|
|Extract files from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3 and IMAP traffic|
|Extract X.509 certificates from SSL encrypted traffic like HTTPS, SMTPS, IMAPS, POP3S, FTPS etc.|
|Decapsulation of GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS and EoMPLS|
|Runs in Windows and Linux|
|OS Fingerprinting (*)|
|Audio extraction and playback of VoIP calls|
|OSINT lookups of file hashes, IP addresses, domain names and URLs|
Protocol Identification (PIPI)
|User Defined Port-to-Protocol Mappings (decode as)|
|Export to CSV / Excel / XML / CASE / JSON-LD|
|Configurable file output directory|
|Configurable time zone (UTC, local or custom)|
|Geo IP localization (**)|
|DNS Whitelisting (***)|
|Advanced OS fingerprinting|
|Web browser tracing (4:10 into this video)|
|Online ad and tracker detection|
|Host coloring support|
|Command line scripting support||(through NetworkMinerCLI)|
|Price||Free||$ 900 USD|
|Download NetworkMiner |
| * Fingerprinting of Operating Systems (OS) is performed by using databases from Satori and p0f|
** This product includes GeoLite data created by MaxMind, available from http://maxmind.com/
*** Domain names in the DNS tab are checked against the Alexa top 1,000,000 sites
NetworkMiner can extract files, emails and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network.
NetworkMiner showing files extracted from sniffed network traffic to disk
NetworkMiner showing thumbnails for images extracted to disk
User credentials (usernames and passwords) for supported protocols are extracted by NetworkMiner and displayed under the 'Credentials' tab. The credentials tab sometimes also show information that can be used to identify a particular person, such as user accounts for popular online services like Gmail or Facebook.
Another very useful feature is that the user can search sniffed or stored data for keywords. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.
Network Monitor For Mac Os 10.13
NetworkMiner Professional comes installed on a specially designed USB flash drive. You can run NetworkMiner directly from the USB flash drive since NetworkMiner is a portable application that doesn't require any installation. We at Netresec do, however, recommend that you copy NetworkMiner to the local hard drive of your computer in order to achieve maximum performance.
» How To Buy NetworkMiner Professional «
The latest version of NetworkMiner can be downloaded from:
» https://www.netresec.com/?download=NetworkMiner « (executable application)
SHA256 hash: 34d81e42eec33183b79191de165ae506933fa3bb5b1fd836e70ef81468c9c65b
» https://www.netresec.com/?page=NetworkMinerSourceCode « (source code)
SHA256 hash: 8dc5802cd90eb081097398b8b6606e0c56dcf7498616a5a28d01e6b247e168a1
For older releases of NetworkMiner (prior to version 2.0), please visit the NetworkMiner page on SourceForge:
However, please note that we no longer release new versions of NetworkMiner on SourceForge.
|Version||Release Date||Major Improvements|
|JA3 hash extraction and parsers for the HTTP/2, DoH and CIFS browser protocol.|
|Username extraction from Kerberos traffic, ICS device fingerprinting and improved Linux support.|
|Improved email and VoIP call extraction.|
|VoIP call audio extraction and playback as well as OSINT lookups of file hashes, IP addresses, domain names and URLs.|
|Faster parsing speed (x2) and CASE export.|
|Improved HTTP parser.|
|NetworkMiner 2.1||2017-01-11||New protocols: POP3, IMAP, VXLAN, OpenFlow and SOCKS.|
|NetworkMiner 2.0||2016-02-09||New protocols: SMB2 and Modbus/TCP.|
|NetworkMiner 1.6||2014-06-16||Improved SMTP and DNS parsing.|
|NetworkMiner 1.5||2013-08-07||New protocols: PPPoE and LLMNR, fixed two vulnerabilities.|
|NetworkMiner 1.4||2012-08-16||New protocol: IEC 60870-5-104.|
|NetworkMiner 1.3||2012-04-12||Username and password from HTTP Digest Authentication (RFC 2617).|
|NetworkMiner 1.2||2011-11-19||New protocol: GRE, platform independent (works in Linux, Mac OSX etc).|
|NetworkMiner 1.1||2011-09-15||New protocol: PPP. Screen resolution, color depth, browser language and flash version extracted from Google Analytics.|
|NetworkMiner 0.71||2007-02-16||First public release of NetworkMiner.|
Mac Network Speed Monitor
Network Monitor Os X
Network Monitoring Software Mac
There are also several blog posts about NetworkMiner on the NETRESEC Network Security Blog:
Bandwidth Monitor Mac