-
Notifications
You must be signed in to change notification settings - Fork 19
/
FAQ
73 lines (68 loc) · 3.37 KB
/
FAQ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
EtherApe FAQ
* Why I see only the traffic to/from the EtherApe machine ?
Probably you have a switched network. Unless all traffic goes thru
the etherape machine (or you have an hub), etherape sees local
traffic.
Etherape can "see" only the traffic physically passing on the
netcard wire. Many small network use hubs to connect computers, so
every packet is physically transmitted to every netcard.
A larger network use combinations of switches and routers,
sometimes even firewalls to connect nodes, so your network card
receives only its own traffic or broadcast.
To monitor an entire network you can enable analisys/roving mode on
your switch (essentially copies all traffic to a single port). If
you have multiple switches, or routers, or the total bandwith
exceeds the port maximum, you still will see only part of the
traffic.
If you only want to monitor internet traffic, a better solution is
to place etherape on the (internal) internet gateway.
* How can I see the detail dialogs ?
Double click on a node or link opens the corrisponding dialog.
* Why is one computer constantly changing names?
You are running in ethernet mode. Switch to IP mode.
* Why can I only see computers on my own network?
See question above
* I can't see any text, just little squares. What gives?
Go to preferences and change the text font. Make sure you save your
changes
* Is it possible to see just traffic within my network? Is it
possible to see just traffic to/from the internet?
You can indeed filter traffic. Have a look at the filter entry in
preferences->capture->filter
Suppose your network address starts with 213.227
If you only want to see traffic within your network, then the
proper syntax is
ip and src net 213.227 and dst net 213.227
Or if you want to see connections to/from outside your network then
try something like
ip and ((not src net 213.227) and dst net 213.227) or (src net
213.227 and (not dst net 213.227))
* What's the format for /etc/ethers?
Just pairs of Ethernet addresses and names, like
00:40:33:35:80:5F LAZARO
00:40:33:35:80:6D NEBAJ
00:C0:26:A2:58:FE ARGOS
* How do I find the ether address of an IP node?
Here is an example:
argos:~# ping lazaro
PING lazaro.tattoine.es (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=1.8 ms
round-trip min/avg/max = 1.6/1.7/1.8 ms
argos:~# arp lazaro
Address HWtype HWaddress Iface
lazaro.tattoine.es ether 00:40:33:35:80:5F eth0
Of course, you can only do this for nodes in your network.
* How do I find the IP corresponding to an ether address?
You could, for instance, use
argos:~# tcpdump -f "ether src 00:40:33:35:80:5F" -n
tcpdump: listening on eth0
10:34:11.116930 192.168.1.1.7002 > 192.168.1.2.1031: P
76753564:76753576(12)
There you have it, the IP src is 192.168.1.1
* Hosts keep moving because they come and go... What can I do?
Set node timeout to 0.
__________________________________________________________________
$Id$
[1]sourceforge
References
1. http://sourceforge.net/