Ape about EtherApe
It is always the same scene in Hollywood films. The networks are penetrated; cryptic images and characters are scrolling across the screen. We're being hacked! Did you ever wish you could keep a closer eye on your network? Sure we have sniffers and other tools, but did you ever want something graphical?
I've always been a huge fan of ntop, but feel that it lacks on graphical end. My curiosity drives the question, what is happening on my network? Another interesting program that I enjoy using is EtherApe. It is a network monitor that displays traffic graphically. It supports a wide range of protocols and network types. The display is color-coded allowing users to quickly understand the type of traffic on a network.
The project is several years old, originally being based on etherman. It is licensed under the GPL and is currently packaged for many different Linux distributions. The hardware requirements are minimal, however it does require you to use X and have libcap installed.
With EtherApe you'll find the network monitoring has never been this fun. On an active network, one can easily be drawn to just watching the activity. It can be a very useful tool, but the entertainment value should not be discounted.
One of the most useful features of EtherApe is the dynamic graphic images it creates. These can be used to further explain concepts or attacks methodologies to business decision makers who wouldn't normally understand the output of tcpdump.
More information about EtherApe can be found at the project website: /
Also, for those of you who are just curious, severals screenshots are also available: /images/
Until next time, cheers!
LinuxSecurity.com Feature Extras:
Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).
A 2005 Linux Security Resolution - Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide.
State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Conectiva: php4 Fixes for multiple php4 vulnerabilities | ||
13th, January, 2005
This announcement fixes seven vulnerabilities[2] found by Stefan Esser and four other vulnerabilities. For further information, please refer to php4's changelog[3]. |
||
| Conectiva: ethereal Fixes for security vulnerabilities in ethereal | ||
13th, January, 2005
This update fixes several vulnerabilities[2,3,4] in ethereal. |
||
| Conectiva: krb5 Fix for buffer overflow in libkadm5srv | ||
13th, January, 2005
Michael Tautschnig noticed that the MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow[2] in password history handling code which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) host. |
||
| Debian: kerberos arbitrary code execution fix | ||
7th, January, 2005
A buffer overflow has been discovered in the MIT Kerberos 5 administration library (libkadm5srv) that could lead to the execution of arbitrary code upon exploition by an authenticated user, not necessarily one with administrative privileges. advisories/debian/debian-kerberos-arbitrary-code-execution-fix |
||
| Debian: lintian insecure temporary directory fix | ||
10th, January, 2005
Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn't created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack. advisories/debian/debian-lintian-insecure-temporary-directory-fix |
||
| Debian: kdelibs arbitrary FTP command execution fix | ||
10th, January, 2005
Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command. advisories/debian/debian-kdelibs-arbitrary-ftp-command-execution-fix |
||
| Debian: linpopup arbitrary code execution fix | ||
10th, January, 2005
Stephen Dranger discovered a buffer overflow in linpopup, an X11 port of winpopup, running over Samba, that could lead to the execution of arbitrary code when displaying a maliciously crafted message. advisories/debian/debian-linpopup-arbitrary-code-execution-fix |
||
| Debian: bmv insecure temporary file creation fix | ||
11th, January, 2005
Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack. advisories/debian/debian-bmv-insecure-temporary-file-creation-fix |
||
| Debian: HylaFAX unauthorised access fix | ||
11th, January, 2005
Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system. advisories/debian/debian-hylafax-unauthorised-access-fix |
||
| Debian: exim arbitrary code execution fix | ||
12th, January, 2005
Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address. advisories/debian/debian-exim-arbitrary-code-execution-fix |
||
| Debian: New libc6 packages fix insecure temporary files | ||
12th, January, 2005
Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack. advisories/debian/debian-new-libc6-packages-fix-insecure-temporary-files |
||
| Debian: New exim-tls packages fix arbitrary code execution | ||
13th, January, 2005
Philip Hazel announced a buffer overflow in the host_aton function in exim-tls, the SSL-enabled version of the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address. advisories/debian/debian-new-exim-tls-packages-fix-arbitrary-code-execution |
||
| Debian: New gopher packages fix several vulnerabilities | ||
13th, January, 2005
"jaguar" has discovered two security relevant problems in gopherd, the Gopher server in Debian which is part of the gopher package. advisories/debian/debian-new-gopher-packages-fix-several-vulnerabilities |
||
| Fedora: sane-backends-1.0.15-1.4 update (corrected) | ||
7th, January, 2005
This is version 1.0.15 of the sane-backends scanner drivers. This package also resolves the issues concerning device permissions for USB scanners which are always connected. advisories/fedora/fedora-sane-backends-1015-14-update-corrected-10-25-18-117815 |
||
| Fedora: libtiff-3.6.1-9.fc3 update | ||
7th, January, 2005
The updated libtiff package fixes an integer overflow which could lead to a buffer overflow in the tiffdump utility. advisories/fedora/fedora-libtiff-361-9fc3-update-16-55-47-117820 |
||
| Fedora: libtiff-3.5.7-22.fc2 update | ||
7th, January, 2005
The updated libtiff package fixes an integer overflow which could lead to a buffer overflow in the tiffdump utility. advisories/fedora/fedora-libtiff-357-22fc2-update-16-56-45-117821 |
||
| Fedora: gtk2-2.4.14-2.fc3 update | ||
7th, January, 2005
The updated gtk2 package fixes several cases of missing locking in the file chooser which could cause deadlocks in threaded applications. advisories/fedora/fedora-gtk2-2414-2fc3-update-16-57-45-117822 |
||
| Fedora: selinux-policy-targeted-1.17.30-2.68 update | ||
7th, January, 2005
Allow ldconfig to run with full privs. advisories/fedora/fedora-selinux-policy-targeted-11730-268-update-18046-13-04-18-117843 |
||
| Fedora: epiphany-1.2.7-0.2.0 update | ||
10th, January, 2005
Rebuild because of Mozilla API changes. advisories/fedora/fedora-epiphany-127-020-update-13-01-01-117840 |
||
| Fedora: epiphany-1.2.7-0.2.2 update | ||
10th, January, 2005
Rebuild because of Mozilla API changes. advisories/fedora/fedora-epiphany-127-022-update-13-02-12-117841 |
||
| Fedora: policycoreutils-1.18.1-2.3 update | ||
10th, January, 2005
backport restorecon and fixfiles from rawhide. to eliminate bad warning. messages and fix handling of rpm files advisories/fedora/fedora-policycoreutils-1181-23-update-13-03-19-117842 |
||
| Fedora: selinux-policy-targeted-1.17.30-2.68 update | ||
10th, January, 2005
Require policycoreutils for selinux-policy-targeted. Run ldconfig as an unconfined_domain advisories/fedora/fedora-selinux-policy-targeted-11730-268-update-18046-13-04-18-117843 |
||
| Fedora: kernel-2.6.10-1.8_FC2 update | ||
10th, January, 2005
This update rebases the kernel to match the upstream 2.6.10 release, and adds a number of security fixes by means of adding the latest -ac patch. advisories/fedora/fedora-kernel-2610-18fc2-update-00-00-00-117849 |
||
| Fedora: kernel-2.6.10-1.737_FC3 update | ||
10th, January, 2005
This update rebases the kernel to match the upstream 2.6.10 release, and adds a number of security fixes by means of adding the latest -ac patch. advisories/fedora/fedora-kernel-2610-1737fc3-update-00-00-00-117850 |
||
| Fedora: yum-2.1.12-0.fc3 update | ||
10th, January, 2005
New yum release fixes many small bugs. advisories/fedora/fedora-yum-2112-0fc3-update-00-00-00-117851 |
||
| Fedora: system-config-samba-1.2.23-0.fc3.1 update | ||
11th, January, 2005
Unfortunately there have slipped in some bugs in this release which were detected after the sign and push request went out. The bugs in question prevent proper configuring of global preferences. advisories/fedora/fedora-system-config-samba-1223-0fc31-update-99067-10-56-03-117859 |
||
| Fedora: system-config-services-0.8.17-0.fc3.1 update | ||
11th, January, 2005
throw away stderr to not be confused by error messages (#142983). don't hardcode python 2.3 (#142246). remove some cruft from configure.in advisories/fedora/fedora-system-config-services-0817-0fc31-update-92513-10-57-34-117860 |
||
| Fedora: cups-1.1.20-11.9 update | ||
11th, January, 2005
This package fixes a small regression introduced by FEDORA-2004-574. advisories/fedora/fedora-cups-1120-119-update-10-59-10-117861 |
||
| Fedora: cups-1.1.22-0.rc1.8.3 update | ||
11th, January, 2005
This package fixes a small regression introduced by FEDORA-2004-575. advisories/fedora/fedora-cups-1122-0rc183-update-11-00-15-117862 |
||
| Fedora: subversion-1.1.2-2.3 update | ||
11th, January, 2005
This update includes the latest release of Subversion 1.1, including a number of bug fixes. advisories/fedora/fedora-subversion-112-23-update-11-01-26-117863 |
||
| Fedora: initscripts-7.55.2-1 update | ||
11th, January, 2005
This update fixes the mouting of usbfs on boot, along with various other accumulated fixes. advisories/fedora/fedora-initscripts-7552-1-update-15-51-16-117875 |
||
| CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.0 | ||
12th, January, 2005
Rebuild because of Mozilla API changes. advisories/fedora/correction-fedora-core-2-update-epiphany-127-020-09-40-50-117885 |
||
| CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.2 | ||
12th, January, 2005
Rebuild because of Mozilla API changes. advisories/fedora/correction-fedora-core-2-update-epiphany-127-022-09-41-50-117886 |
||
| Fedora Core 2 Update: vim-6.3.054-0.fc2.1 | ||
12th, January, 2005
Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. Javier Fern‡ndez-Sanguino Pe–a discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack. advisories/fedora/fedora-core-2-update-vim-63054-0fc21-09-54-46-117887 |
||
| Fedora Core 3 Update: vim-6.3.054-0.fc3.1 | ||
12th, January, 2005
Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. Javier Fern‡ndez-Sanguino Pe–a discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack. advisories/fedora/fedora-core-3-update-vim-63054-0fc31-09-56-05-117888 |
||
| Fedora: system-config-samba-1.2.26-0.fc3.1 update | ||
12th, January, 2005
ignore case of share name when deleting share (#144504). when double clicking share, open properties dialog. assume default is "security == user" to avoid traceback on users dialog (#144511). update main window when changing share path (#144168). include Ukranian translation in desktop file (#143659). advisories/fedora/fedora-system-config-samba-1226-0fc31-update-12-29-19-117892 |
||
| Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.72 | ||
12th, January, 2005
Allow dhcpd and nscd to read certs files in usr_t. Allow postgresql to use ypbind and fix db creation calls. advisories/fedora/fedora-core-3-update-selinux-policy-targeted-11730-272-15-15-15-117899 |
||
| Fedora Core 2 Update: gpdf-2.8.2-1.1 | ||
13th, January, 2005
Update to 2.8.2. Remove all patches, they are upstream advisories/fedora/fedora-core-2-update-gpdf-282-11-10-28-32-117912 |
||
| Fedora Core 3 Update: gpdf-2.8.2-1.2 | ||
13th, January, 2005
Update to 2.8.2. Remove all patches, they are upstream advisories/fedora/fedora-core-3-update-gpdf-282-12-10-29-27-117913 |
||
| Fedora Core 3 Update: exim-4.43-1.FC3.1 | ||
13th, January, 2005
This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0021 and CAN-2005-0022 to these, respectively. advisories/fedora/fedora-core-3-update-exim-443-1fc31-11-52-57-117914 |
||
| Gentoo: dillo Format string vulnerability | ||
9th, January, 2005
Dillo is vulnerable to a format string bug, which may result in the execution of arbitrary code. |
||
| Gentoo: TikiWiki Arbitrary command execution | ||
10th, January, 2005
A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts. |
||
| Gentoo: pdftohtml Vulnerabilities in included Xpdf | ||
10th, January, 2005
pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file. |
||
| Gentoo: UnRTF Buffer overflow | ||
10th, January, 2005
A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file. |
||
| Gentoo: mpg123 Buffer overflow | ||
10th, January, 2005
An attacker may be able to execute arbitrary code by way of specially crafted MP2 or MP3 files. |
||
| Gentoo: konqueror Java sandbox vulnerabilities | ||
11th, January, 2005
The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. |
||
| Gentoo: Kpdf, Koffice More vulnerabilities in included Xpdf | ||
11th, January, 2005
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file. |
||
| Gentoo: KDE FTP KIOslave Command injection | ||
11th, January, 2005
The FTP KIOslave contains a bug allowing users to execute arbitrary FTP commands. |
||
| Gentoo: imlib2 Buffer overflows in image decoding | ||
11th, January, 2005
Multiple overflows have been found in the imlib2 library image decoding routines, potentially allowing the execution of arbitrary code. |
||
| Gentoo: o3read Buffer overflow during file conversion | ||
11th, January, 2005
A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file. |
||
| Gentoo: HylaFAX hfaxd unauthorized login vulnerability | ||
11th, January, 2005
HylaFAX is subject to a vulnerability in its username matching code, potentially allowing remote users to bypass access control lists. |
||
| Gentoo: poppassd_pam Unauthorized password changing | ||
11th, January, 2005
poppassd_pam allows anyone to change any user's password without authenticating the user first. |
||
| Gentoo: CUPS Multiple vulnerabilities | ||
12th, January, 2005
CUPS was vulnerable to multiple vulnerabilities and as a fix we recommended upgrading to version 1.1.23_rc1. This version is affected by a remote Denial Of Service, so we now recommend upgrading to the final 1.1.23 release which does not have any known vulnerability. |
||
| Gentoo: Exim Two buffer overflows | ||
12th, January, 2005
Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim. |
||
| Mandrake: g-wrap compilation error fix | ||
10th, January, 2005
A compilation error in g-wrap prevented gnucash from running on Mandrakelinux 10.1/x86_64. The updated packages correct the problem. |
||
| Mandrake: xscreensave bug with KDE fix | ||
10th, January, 2005
A bug in xscreensaver existed when running under KDE. When selecting a screensaver, it can be tested and seen properly, but when it actually is supposed to start, only a black screen would come up. |
||
| Mandrake: kde numerous bugs fix | ||
11th, January, 2005
Updates are provided for various components of kdeaddons, kdebase, kdelibs, kdenetwork, and kdepim that fix a variety of bugs. |
||
| Mandrake: nfs-utils 64bit vulnerability fix | ||
11th, January, 2005
Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code. |
||
| Mandrake: hylafax vulnerability fix | ||
12th, January, 2005
Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system. |
||
| Mandrake: Updated imlib packages fix | ||
12th, January, 2005
Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026). |
||
| Trustix: fcron, kernel vulnerabilities | ||
13th, January, 2005
Security vulnerabilites have been found in fcronsighup, the program used by fcrontab to tell fcron it should reload its configuration. Fcron 2.9.5.1 fixes the reported bugs and improves fcronsighup's overall security. |
||
| Trustix: glibc iproute setup tsl-utils bug fixes | ||
13th, January, 2005
glibc: Added success/failure to nscd.init to make it consistent with other init scripts. iproute: Now make /etc/iproute2/* config(noreplace). setup: Added lmtp ports in /etc/services. tsl-utils: Now handle more release tags in kernel names. Take II. |
||
| RedHat: Updated lesstif package fixes image vulnerability | ||
12th, January, 2005
An updated lesstif package that fixes flaws in the Xpm library is now available for Red Hat Enterprise Linux 2.1. advisories/red-hat/redhat-updated-lesstif-package-fixes-image-vulnerability-RHSA-2005-004-01 |
||
| RedHat: Updated unarj package fixes security issue | ||
12th, January, 2005
An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available. advisories/red-hat/redhat-updated-unarj-package-fixes-security-issue-RHSA-2005-007-01 |
||
| RedHat: Updated CUPS packages fix security issues | ||
12th, January, 2005
Updated CUPS packages that fix several security issues are now available. advisories/red-hat/redhat-updated-cups-packages-fix-security-issues-RHSA-2005-013-01 |
||
| RedHat: Updated nfs-utils package fixes security | ||
12th, January, 2005
An updated nfs-utils package that fixes various security issues is now available. advisories/red-hat/redhat-updated-nfs-utils-package-fixes-security-RHSA-2005-014-01 |
||
| RedHat: Updated Pine packages fix security vulnerability | ||
12th, January, 2005
An updated Pine package is now available for Red Hat Enterprise Linux 2.1 to fix a denial of service attack. advisories/red-hat/redhat-updated-pine-packages-fix-security-vulnerability-RHSA-2005-015-01 |
||
| RedHat: Updated Xpdf packages fix security issues | ||
12th, January, 2005
Updated Xpdf packages that fix several security issues are now available. advisories/red-hat/redhat-updated-xpdf-packages-fix-security-issues-RHSA-2005-018-01 |
||
| RedHat: Updated libtiff packages fix security issues | ||
13th, January, 2005
Updated libtiff packages that fix various integer overflows are now available. advisories/red-hat/redhat-updated-libtiff-packages-fix-security-issues-RHSA-2005-019-01 |
||
| RedHat: Updated mozilla packages fix a buffer overflow | ||
13th, January, 2005
Updated mozilla packages that fix a buffer overflow issue are now available. advisories/red-hat/redhat-updated-mozilla-packages-fix-a-buffer-overflow-RHSA-2005-038-01 |
||
| SuSE: libtiff/tiff remote system compromise | ||
10th, January, 2005
Libtiff supports reading, writing, and manipulating of TIFF image files. iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards. |
||
| TurboLinux: php, httpd multiple vulnerabilities | ||
13th, January, 2005
The vulnerabilities can allow remote attackers to cause a denial of service and possibly execute arbitrary code. |
||
