EtherApe

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

EtherApe has enough functionality to be useful, but it's far from complete. It's still beta software, and new features and bug fixes are being added all the time. Here is the list of features, current as of version 0.9.5, in no particular order:

Features:

• Network traffic is displayed graphically. The more "talkative" a node is, the bigger its representation.
• Node and link color shows the most used protocol.
• User may select what level of the protocol stack to concentrate on.
• You may either look at traffic within your network, end to end IP, or even port to port TCP.
• Data can be captured "off the wire" from a live network connection, or read from a tcpdump capture file.
• Live data can be read from ethernet, FDDI, PPP and SLIP interfaces.
• The following frame and packet types are currently supported: ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK, AARP, IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP, PUP, UDP, IDP, TP, IPV6, ROUTING, RSVP, GRE, ESP, AH, ICMPV6, EON, VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP and UDP services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS, IRC, DOMAIN, SNMP, etc.
• Data display can be refined using a network filter.
• Display averaging and node persistence times are fully configurable.
• Name resolution is done using standard libc functions, thus supporting DNS, hosts file, etc.
• Clicking on a node/link opens a detail dialog showing protocol breakdown and other traffic statistics.
• Protocol summary dialog shows global traffic statistics by protocol.
• Scrollkeeper-compatible manual.

fig My EtherApe in action