Driftnet on Debian: Sniffing images within a network

In this tutorial we’ll sniff a network to intercept graphical content from the devices’ traffic.We’ll learn how to intercept information delivered through unencrypted protocols such as HTTP.

In this case we will intercept images, we’ll discover images being downloaded or uploaded by users as generated by camera devices, in the next article we’ll scan for credentials.

The main tools to carry out this sniffing are Ettercap and Driftnet, initially this tutorial was meant to include credentials too but after finding all tutorials online on Driftnet are not complete I prefered to leave it dedicated to users with difficulties sniffing images, the process is pretty simple but all steps must be carried out, probably other tutorials are focused on Kali which brings by  default proper settings for the program to work since it’s execution and thi is not the case for many users.

In this case I have access to a wired network but if you need help on forcing access to someone else’s network you can check previous articles on this subject published on LinuxHint.

Installing proper packages

Ettercap: featured by it’s own website as a suite for “Man In the Middle” attacks. To install it just run:

apt  install ettercap-text-only -y
apt install ettercap-graphical  -y

Wireshark: featured as a packets analyzer. To install it run:

apt install wireshark -y

In my case some tools are already installed and Linux informs it is already installed and updated.

Driftnet: This is a sniffer for images featured on Kali Linux, to install it on Debian or Ubuntu just run:

apt install driftnet -y

Capturing images from the network

Once you installed the proper software, let’s start intercepting images, in order to be able to intercept traffic without blocking the “victim” connection we need to enable the ip_forward, to do so execute:

echo "1">/proc/sys/net/ipv4/ip_forward

Then to start analyzing the network execute:

ettercap -Tqi enp2s0 -M arp:remote

Where enp2s0 set your network device.

Wait for the scan to end. Then run driftnet in a new terminal as shown below:

driftnet -i enp2s0   (remember to replace enp2s0 for your proper network card, e.g wlan0 or eth0)

As you can see a black window  prompted with two images which surely are being transferred through unsafe protocols (http). You can also see some errors in the terminal next to the black window, these errors refer both to corrupt images (to driftnet) or false positive in the traffic.
Let the scan progress and driftnet will obtain new images if available in the network.

Ignore the background program and focus on the black square which you can resize with your mouse to see images in a more comfortable way.

As you see images vary according as the scan process of the network continues.

Finally driftnet will store all images at the directory or partition /tmp, you can see driftnet’s subdirectories by running

ls /tmp


cd /tmp

Protecting your network against this attack

The most basic way to avoid getting sniffed and protect your privacy through your network is to use secure protocols only, try to redirect all traffic only through secure protocols like HTTPS or SFTP instead of HTTP or FTP to give a couple of examples. Using IPsec in your network and keeping your LAN and WAN separated are also good recommendations to hide the content you interact with and avoid external attempts to access through wifi.

In our next tutorials I’ll show you how to sniff credentials sent through unencrypted protocols too, usernames, passwords and maybe other useful information like website URLs visited by the devices attached to the network.

I hope you’ll find this tutorial helpful, keep in touch with LinuxHint for more tips and tutorials on Linux.

Sandclock IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, Sandclock IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

OAuth Login Management

Important things you need to know about OAuth OAuth is something every developer must know about. If you are making a standalone...

How to check for open ports on Linux

Checking for open ports is among the first steps to secure your device. Listening services may be the entrance for attackers...

Linux security hardening checklist

This tutorial enumerates initial security measures both for desktop users and sysadmins managing servers. The tutorial...
Bài Viết

Bài Viết Mới Cập Nhật

Hướng dẫn chuyển đổi windows server windows evaluation to standard và active windows server 2008 + 2012 + 2016 + 2019

How to Update Ubuntu Linux

Squid Proxy Manager cài đặt và quản lý Proxy Squid tự động trên ubuntu

Hướng dẫn cài đặt Apache CloudStack

Hướng dẫn ký file PDF bằng chữ ký số (chữ ký điện tử) và sửa lỗi mới nhất 2021 foxit reader