Driftnet

[ Home page | Software ]

Screenshot of driftnet running

Inspired by EtherPEG (though, not owning an Apple Macintosh, I've never actually seen it in operation), Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

In an experimental enhancement, driftnet now picks out MPEG audio streams from network traffic and tries to play them. You can also now use driftnet with Jamie Zawinski's webcollage, so that it can run as a screen saver.

(Obviously, driftnet is an invasion of privacy of a fairly blatant sort. Also, if you are possessed of Victorian sensibilities, and share an unswitched network with others who are not, you should probably not use it. If you're looking for a less dubious network monitoring application, you might want to take a look at Paul Warren's iftop.)

NTK gave me a nice write-up: (thanks, guys)

                                >> TRACKING <<
               sufficiently advanced technology : the gathering

         EtherPEG was a program that sniffed for JPEGs passing by on
         the AirPort networks at MacHack, and showed them on the
         huge screen to shame people into a) turning the 802.11
         encryption on, or b) reducing amount of pr0n they download
         at weirdo Mac conventions. DRIFTNET can do the same for
         *your* office, and make an attractive desktop accessory to
         boot. The program promiscuously sniffs and decodes any JPEG
         downloaded by anyone on your LAN, displaying it in an
         attractive, ever changing mosaic of fluffy kittens,
         oversized navigation buttons, and blurred images of Big
         Brother Elizabeth fiddling. It's UNIX only. Your
         sysadmin is undoubtedly running it already. So stop that. Now.
         http://www.ex-parrot.com/~chris/driftnet/
           - what the world needs is Windows software to snoop on sysadmins

(Real pedants will note that I have corrected the grammar slightly. Call themselves nasty, British and short....)

Driftnet is in a rather early stage of development. Translation: you may not be able to make it compile, and, if you do, it probably won't run quite right. To stand a chance of compiling it, you will need libpcap, GTK, libgif/libungif and libjpeg. If you want to play music, you need mpg123 or mpg321 or whatever. So far, driftnet has only been tested -- I use the term in its loosest sense -- on Linux and Solaris. If you want a Microsoft Windows version, well, go ahead and write one-- the libraries you need support Microsoft Windows too.

Driftnet is free software, licensed under the terms of the GNU GPL.

Enough already. Where's the code?

Get driftnet-0.1.6.tar.gz. You should be able to build it by typing `make'; there is no autoconf script. Please send bugfixes, suggestions and adulation to me. You can also read the README file, changelog, and list of things to do. Or, read the manual page.

You need libpcap, libjpeg, libungif and GTK to build driftnet, unless you want to run it in only in `adjunct' mode.

You can also get driftnet from a public CVS server, like this:

cvs -d :pserver:anonymous@sphinx.mythic-beasts.com:/home/chris/vcvs/repos login
cvs -d :pserver:anonymous@sphinx.mythic-beasts.com:/home/chris/vcvs/repos co driftnet

The password is `anonymous'. This service is experimental, but may help you get the latest and greatest bleeding-edge version of the code.

Folkert van Heusden has created a mirror of Driftnet and other software at http://www.vanheusden.com/mirrors/.

What's in a name?

`Driftnet' is supposed to conjure up images of indiscriminateness. Think `dolphins'.

Melted wheelie bin, full of empty beer cans and wine bottles

Look! Over there! Civilisation is collapsing!

To my horror, somebody spotted that this program is part of an elaborate plot to undermine civilisation as we know it. Here's what they said (on Freshmeat):

Reasons for writing such a software
by scary hans - Jul 20th 2001 14:01:02

Hello,

I wonder why this software was written?

What is its intended purpose?

First, You might be able to see what kind of websites Your users are watching and You can influence Your users.

"As You can see here, a lot of bandwith is wasted for banners, dirty stuff..."

On the other hand, someone could misuse this tool for spying out the habits of the users.

IMHO a lot more people will use this tool for spying than for sensible purposes because You could also see in Your proxy-logs, what kind of sites are visited.

Therefore, I think it was not a good idea to publish it, what do You think?

-- 
-- Air conditioned environment - do not open windows!

Note the lame pseudonym, poor grammar and crude anti-Microsoft signoff. It's true: my plot has been exposed by a Slashdot weenie!


Copyright (c) 2001-2 Chris Lightfoot. All rights reserved.