Tag Archives: traffic

driftnet: Dutifully duplicating

I’ve been tinkering with driftnet over the past day or so, in a little experiment born out of a suspicion that a web site was preloading images before a link was clicked. It’s completely out of context for this site, but it did introduce me to another console tool.

2015-02-19-r8-0acre-driftnet

Mostly I want to keep a note of driftnet here, because I have a feeling I will want to use it again in the future.

And to be honest, as far as driftnet’s console output, there isn’t much to see. In its “default” form, driftnet sends its findings to a viewer window, which suggests it is more intended for a graphical audience anyway.

But it does have an “adjunct” mode that omits that. Instead it keeps a running list of images it senses, and otherwise follows its standard operating procedures. Armed with that much function, you could make a case that it has a nongraphical format as well. (It supposedly can also sense audio files that are transferred, but I didn’t test that.)

And as you can see in that wide and spacious screenshot above, it does a good job grappling with images that pass through an interface, and stashing them for your later perusal.

Of course, the obvious uses for driftnet would be threefold: (1) too keep a local copy of images that your machine retrieves, (2) to access images that are otherwise unsave-able from a browser, or (3) to later accuse some miscreant of abusing their Internet access privileges by requesting images that are inappropriate. 😡

There may be other applications; however you use it, in its console-only format it should be lightweight enough to run in a spare tty, and duly make duplicates of what activity transpires.

driftnet is in Debian-based distros as you can see above. It’s also in AUR but neither the GTK nor Debian patch version would build for me. I didn’t work to hard to get an Arch copy though; it may be acceptable just to hijack the binary from Debian and run from there. 😉

sniffit: Makes sense to me

Right about now is when I tell you how little network finesse I have, and how most of the finer network tools I run across are completely cryptic to me. And that’s usually the case.

sniffit might be my missing link though. It’s not nearly as vague to me as some of the other tools I’ve run across in this little adventure.

2014-05-02-6m47421-sniffit-01 2014-05-02-6m47421-sniffit-02

I see connections. I see traffic. Sometimes I get an idea of what’s actually passing through, or where it’s going. Yeah, that makes sense.

Or at least it looks good. Fullscreen interface, some cues along the bottom to get you started. Oh, look! Color.

Plus some nifty popup dialogues, one for logging and one for rudimentary traffic statistics. And supposedly sniffit can inject packets too, through a series prompts.

But all that is waaay over my head. 🙄

The Arch version doesn’t seem to bundle a man page, but there’s one here that will let you in on all the important commands. The Debian version looks complete.

I give sniffit an ace grade for a real-time fullscreen interface, color and an easy-to-figure out arrangement. If it’s actually useful for packet-sniffing … well, I will defer to more experienced networking experts. 🙂