Sunday, April 17, 2016

sniff network traffic and choose only picture and audio for display

When you sniff network traffic, there are many difference types of traffic. there are some  packets that are just not useful at all, and sometime data is too big for fitting in a single packets, so it have to be broken down into many packets then send out. so when we want to get some data just as images or audio segment, there will be many tasks to deal with. but driftnet it can do those tasks for us.

Driftnet can sniff network traffic and find only the portion that is either image or audio, then it decode it for you to as a file so you can play it later or just view it in real time.

*** my setup ***

internet -->  (eth0)drifnet(vmnet1)--> client

so when client browse images or listen to audio, we, drifnet pc, will be shown exactly what client is doing.

1- install driftnet
$ sudo apt-get install driftnet

2- run driftnet to capture/sniff traffic on internet vmnet1 and use "client1"  as the save prefix
$ sudo driftnet -x client1 -i vmnet1

when it will shown a windows, and when the client browse images it will display on the window like below


and when you click on the image it will save to the directory that you run driftnet with filename start with client1

some other options

  -b               Beep when a new image is captured.
  -i interface     Select the interface on which to listen (default: all
                   interfaces).
  -f file          Instead of listening on an interface, read captured
                   packets from a pcap dump file; file can be a named pipe
                   for use with Kismet or similar.
  -p               Do not put the listening interface into promiscuous mode.
  -a               Adjunct mode: do not display images on screen, but save
                   them to a temporary directory and announce their names on
                   standard output.
  -m number        Maximum number of images to keep in temporary directory
                   in adjunct mode.
  -d directory     Use the named temporary directory.
  -x prefix        Prefix to use when saving images.
  -s               Attempt to extract streamed audio data from the network,
                   in addition to images. At present this supports MPEG data
                   only.
  -S               Extract streamed audio but not images.
  -M command       Use the given command to play MPEG audio data extracted
                   with the -s option; this should process MPEG frames
                   supplied on standard input. Default: `mpg123 -'.



No comments:

Post a Comment