I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

Driftnet and Ettercap

By   WirelessPhreak      Sunday, May 31, 2015      Labels:  

EtherPEG/Driftnet works by capturing unencrypted TCP packets from your local network, collecting packets into groups based on TCP connection (determined from source IP address, destination IP address, source TCP port and destination TCP port), reassembling those packets into order based on TCP sequence number, and then scanning the resulting data for byte sequences that suggest the presence of JPEG or GIF data. EtherPEG/Driftnet works with any TCP/IP network, including ethernet and wireless networks, as long as the data is not encrypted. If the data is encrypted using TLS or IPSec Driftnet will not be able to resemble the packets.

The Driftnet software is very strait forward and easy to install, it does get a little tricky to capture traffic if you are on a switched network. One way to capture traffic on a switched LAN is by deploying ARP poisoning, there are different ways to do this but ettercap and it’s GUI is probably the easiest. 

Disclaimer... Do not do this on a network you do not own. There are network monitor systems that can identify computers performing ARP attacks on public networks this could be illegal. You are performing a man in the middle attack and all traffic will traverse your laptop for that network segment.

Now on to installing the tools. Using Ubuntu you can actually go to software install and update, make sure you allow all software sources and search for ettercap. Installing ettercap this way will install the GUI portion automatically, if you use apt-get it may not be in the repository. 

Driftnet is even easier to install either use the software install and update tool or go to terminal window and type sudo apt-get install driftnet. Once everything is installed you are ready to start playing.

in driftnet all you have to do is type this:
sudo driftnet -i <interface>

and ti launch ettercap
sudo ettercap -G
then in the GUI
sniff—>unified sniffing (click ok on your interface and press Ctrl and s at the same time)
Mitm—>arp poisoning—->check sniff remote connection
start—>start sniffing

Thats it just wait for the other people to surf the web and pics will start showing up.

hope you guys like.

About WirelessPhreak

Just your everyday Packet Wrangler who enjoy's traveling and anything techie...