See what images are being viewed on your network with driftnet

Jack Wallen
Sep 19, 2010
Updated • Jul 6, 2019
Image, Network
|
6

I want to preface this article by saying I am not, in any way advocating spying on your users. With that said, there are times (and reasons) why you might need to see what images are being viewed on your network. Whether it be an end user who is viewing content that goes against specific company policies or, worse, against the law. When this happens, you might have need or cause to see just what is being viewed from your LAN. When this is the case there is a handy tool for that called Driftnet.

Driftnet was inspired by the old Apple program EtherPEG and works by watching TCP streams for images and MPEG audio streams. As it listens it dumps the images into a user configured directory and/or it can display the images within a window as they are captured. In this article I will show you how to install and use Driftnet.

Installation

You will fortunately find Driftnet in the standard repositories for both Ubuntu and Fedora, so the installation is simple. Since you will be running Driftnet from command line, let's install the same way.

To install Driftnet in Ubuntu, follow these steps:

  1. Open up a terminal window.
  2. Issue the command sudo apt-get install driftnet.
  3. Type your sudo password and hit Enter.
  4. Accept any dependencies necessary.
  5. Watch the installation complete.
  6. Keep the terminal window open for usage.

To install in Fedora, follow these steps:

  1. Open up a terminal window.
  2. Su to the root user.
  3. Type the root user password and hit Enter.
  4. Issue the command yum install driftnet.
  5. Accept any dependencies necessary.
  6. Watch the installation complete.
  7. Keep the terminal window open for further usage.

You are now ready to begin using driftnet.

Usage

Driftnet needs to have administrative rights to run. So you will either be running this as root or using sudo (depending upon your distribution). The basic usage of Driftnet is:

driftnet OPTIONS

The common options you will use are:

  • -i This determines the interface you want to specific. If none is specified it will assume "all".
  • -d This dictates the directory you want images to be saved into.
  • -x The prefix you want to prepend  to the images collected. This is handy when you need to add a date to all images collected.
  • -a This will run Driftnet in adjunct mode where no image window is displayed (images are only collected in the defined directory).

Before you start using Driftnet, you need to create a directory that will collect the images. I just create a directory called ~/DRIFT for my image collection. Once you have that directory created you can fire up Driftnet like so:

sudo driftnet -d ~/DRIFT

Figure 1

When you issue this command Drifnet will open up a window (see Figure 1) and start collecting images. As you can see, in Figure 1, I have googled "ubuntu wallpaper" and Drifnet captured those images. The application happens very quickly and as soon as you kill the Driftnet command the images will be wiped away.

A word of warning

Driftnet can consume a lot of your system resources. This is especially true when not running in adjunct mode.

Final thoughts

It's a slippery slope and can be considered an invasion of privacy. But when you need to see if an end user is viewing images that go against company policy, Driftnet will help you do so.

Summary
See what images are being viewed on your network with driftnet
Article Name
See what images are being viewed on your network with driftnet
Description
Driftnet was inspired by the old Apple program EtherPEG and works by watching TCP streams for images and MPEG audio streams.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. TempName said on July 6, 2019 at 9:09 am
    Reply

    i know this is old and will never be read but mr obvious that is incorrect due to the fact that on a *wifi* network you can see packets meant for other devices and therefore very easily quietly sniff away at the images there

  2. Anonymous said on June 7, 2012 at 5:59 am
    Reply

    use the -i command to get rid of the error

  3. Mr. Obvious said on September 21, 2010 at 3:27 am
    Reply

    Of course, a simple network switch renders driftnet useless, unless you can find a span port, you’re networking in 1992, all of your internet users are users on your box, or your box is a firewall/router.

    Ettercap or some DNS trickery combined with a transparent squid setup will give you something more effective.

  4. Bill said on September 20, 2010 at 6:22 pm
    Reply

    Sounds cool, but I get: driftnet: pcap_compile: syntax error

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.