Driftnet Lab

[toggle_content title="Transcript"] Hope you guys are enjoying the videos so far. In this video I want to talk about drift net. Now this is somewhat of a novelty tool that kind of gets everybody's head shaking in class. I want to share this with you - it is called drift net. So the first thing you can do for your bad track image or Kali image is basically just type it, to see if it is already installed. Drift net and basically you will see a little window open up here if you do. It basically tells you that it is working before we get into the use of the tool. I want to close out of it and kind of go a little bit of a overview. So let us look at the manual for driftnet at least it works. So drift net captures images from a network traffic and displays them in the X windows. Actually you can capture audio streams and play them. So that is whole lot of fun it you want to capture somebody's audio traffic if you know what I am saying. You can certainly do that - so it is basically the command syntax would be drift net. Whatever options you want and then the filters in the tools. Alright so you can do a regular -h which is for your help. You can do verbose print additional details of the packet probably don't need to do that you should really dig in for some deep packet analysis. You could certainly set the beep if you want. Now I have only used that once and that was once when I was in a data center across the room and it was little hard to see the screen. So i could hear the beep but I could not see the image. So I did use that once but you are more than likely never use that. Just because the beep gets annoying the interface in which you want to sniff on. You don't have to put this - you only have one interface otherwise you sniff the interface appropriately. Instead of listening on an interface you can read captured packets from a pcap file. if you have already captured it using wire shark or TCP dump or one of those tools or kismet then you can certainly use this tool to interrogate it and replay the images. Do not put the interface into promiscuous mode but you can put it into promiscuous mode. -m and the number you can do a prefix if you want - you can specify the directory in which you want to store the temporary files by default this just stores them in the directory that you normally look in but one of the top questions that I get in class is can I choose the location in which I want to actually store a copy of the files that this tool is going to sniff. The answer is yes you just basically arbitrarily choose the directory of course in Unix syntax. S for attempt to capture streamed audio data from the network this is finally done this a few times. Particularly works well with MPEGs or in this case they are saying that it only works with MPEGs and that is good and that is the only way that I have done it. Captured streamed audio data only ignoring the messages. So just the latest files in any sort of filter codes if you know what they are – I particularly don't get into the filter codes too much. I guess you probably could if you want to look for a particular pcap syntax but definitely outside of the scope of what we are going to do here. Okay so we are going to do drift net -i ethernet zero and -d and we can put this in where ever we want realistically. So you could certainly do actually before we do that make your call leo and you can see that basically I have a directory here. Leo Now now we can do this and so drift net –I ethernet 0 -d and then Leo I might have to give the exact syntax of the full password to the directory here. We certainly could do that but for simplicity let us just leave that off because I just want to show you that is has missed the traffic. So once you have this little tiny window open here. This is the magic part so what we are going to do is we are going to do the web the old interweb here and I find it particularly interesting to go to Google images. So I am going to search for Leo Dregier and particularly Google images and whenever you basically click on a image which basically can see these dumped to the drift capture screen. It does take a little bit of time for the pictures to load in and not all of them get loaded in actually as fast as you possibly want but certainly you could do that. So sometimes it takes a second for them to load. You can see one system I will warn in a virtualized environment this tool can act a little tricky as times just between the way and how it actually sniffs into virtual interface. So I have had hit or miss results with actually the way in which this could sniff. But I would definitely look to combine this with some sort of advanced tool like - you strategically place this in the network. So that I can sniff all of the out bound traffic to the internet or sniff the proxy server. I could get a copy of everybody's file and then basically log all those files to a directory and then analyze them for future use or later. But it is relatively simple here to use - all you have got to do is basically click on a bunch of images and clicking on random images. Most of these are not related to me whatsoever here is one of me and you can see as it loads the traffic in there. There has been you can go through - there are certain people that happening to come up when you search for me. So some of these I know - some of these I don't know. Unless you guys can have some fun with this. So hope you enjoy the lab don't forget to check us out on Facebook LinkedIn YouTube and Twitter. And I will go ahead and I will see you guys in the next video. [/toggle_content] This next lab in the Sniffing Traffic simulation series introduces you to Driftnet. Driftnet is a screen capture tool that allows you to capture images of network traffic in real time. This Sniffing Traffic simulation demonstrates how to use Driftnet, and how to interpret the information Driftnet captures.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?