Driftnet – View Images From Live Network Traffic

The New Acunetix V12 Engine

Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.


EtherPEG was a program that sniffed for JPEGs passing by on the AirPort networks at MacHack, and showed them on the huge screen to shame people into a) turning the 802.11 encryption on, or b) reducing amount of pr0n they download at weirdo Mac conventions.

Driftnet can do the same for your office, and make an attractive desktop accessory to boot. The program promiscuously sniffs and decodes any JPEG downloaded by anyone on your LAN, displaying it in an attractive, ever changing mosaic of fluffy kittens, oversized navigation buttons, and blurred images of Big Brother Elizabeth fiddling. It’s UNIX only. Your sysadmin is undoubtedly running it already.

Driftnet is in a rather early stage of development. Translation: you may not be able to make it compile, and, if you do, it probably won’t run quite right. To stand a chance of compiling it, you will need libpcap, GTK, libgif/libungif and libjpeg. If you want to play music, you need mpg123 or mpg321 or whatever. So far, driftnet has only been tested — I use the term in its loosest sense — on Linux and Solaris. If you want a Microsoft Windows version, well, go ahead and write one– the libraries you need support Microsoft Windows too.

You can also now use driftnet with Jamie Zawinski’s webcollage, so that it can run as a screen saver.

You can download Driftnet here:


Or read more here.

Posted in: Hacking News

, ,

Latest Posts:

Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.

6 Responses to Driftnet – View Images From Live Network Traffic

  1. Bogwitch September 7, 2007 at 6:50 pm #

    Nice. This should make real-time monitoring more fun than watching URLs! I don’t think the MPEG audio streams feature will be too useful for me. Support for png and gif might be more useful.

    Now, if only I could find something that will strip out MS Word docs from email traffic. Any ideas anyone?

  2. TheRealDonQuixote September 8, 2007 at 5:16 am #

    Reminds me of that old screensaver called packet fountain. It was cool to watch people’s unencrypted packets pass by, especially when there was a big meeting!!

    This aught to be pretty kewl to try out at your local school of whatever. See if you can catch a teacher looking at naughty pix!!

  3. Sandeep Nain September 8, 2007 at 11:06 am #

    its a cool toy…. its fun to see what other people in the organization are watching… rather than going through the proxy log and finding who accessed the websites which should not have been visited….

  4. CK76 September 9, 2007 at 8:14 am #

    This is a great tool, it’s included on knoppix-std.

  5. Nobody_Holme September 9, 2007 at 11:42 am #

    Great fun… and yet i am SO not running this because i know what my housemates watch in the way of pr0n. :'(

  6. Sir Henry December 15, 2007 at 4:38 pm #

    This is wicked cool. I wonder what will result from running this on my neighbor’s open WAP… >:)