Download

More Information

Driftnet

Re: PNGs?

> It would appear that Driftnet (in its

> current version anyway) doesn't support

> the capture and display of PNG images,

This is on the todo list (among many other items), but it seems development on this project has ceased. :(

It would be really cool if someone would continue work on this project.

PNGs?
It would appear that Driftnet (in its current version anyway) doesn't support the capture and display of PNG images, either that or something in my build died (i don'tthink so because everything else is working fine).

Any chance of a PNG fix? Great software otherwise, scary and cool at the same time :D

Re: Pretty Cool

>

> % It would be nice to have an option to

> % tag the images with the source and

> % destination IP addresses, yeah I know

> % that would be a pain.

>

>

> It very deliberately doesn't do this.

> Feel free to add this yourself,

> but I won't accept such a patch into the

> distribution.

I actually have a need for this as well, but not for the Big Brother reasons you were probably thinking in your quote above. I spent some time trying to hack out just the parts of driftnet that I needed today but it hasn't been quite as easy as I had hoped.

I am interested in just grabbing the JPEG images off the wire, checking them for the JPEG buffer overflow vulnerability. If they are infected, log the source and destination address, and URL/image name if possible, but that can be obtained via other means. I actually can take a stock driftnet and use the "-a -m 1000 -d /myjpgs" params and pipe the output to a simple little Perl script that will check the JPEG file for the buffer overflow vulnerability and successfully detect infected JPEGS but it doesn't do me a lot of good without knowing where it came from and where it was going.

I would like to just get rid of the Perl part and strip out the JPEG grabber from driftnet and check for the vulnerability in memory and only write out the infected files along with the addresses (high utulization circuit). I know if I keep plucking at it I could hack out what I need but if anyone would be interested in helping I could use it.

You can find the simple details on how to check for the overflow here:

http://www.easynews.com/virus.html

If anyone is interested in helping create a tool for this using driftnet (or something more appropriate) let me know. Here's a good place to post:

http://voidmain.is-a-geek.net/forums/

I know this wasn't the intended purpose for driftnet but it has most of the parts needed for this needed security app.

Thanks!

Re: Reasons for writing such a software

> There is also the image of an

> environment with a large screen showing

> all information, shared by everyone, a

> place with no secrets. Could such a

> place exist?

I think at one of the last CCC congresses there was a public

screen showing sniffed cleartext-passswords for everyone to

view.... Better encrypt!

Thanks
Just wanted to say thanks for releasing driftnet.
It's great. Part of my job entails monitoring
computer usage to ensure our policies are being
complied with. Driftnet helps a lot.

Also, thanks for coding it so clearly. It would have
been a nightmare adding IP logging if it wasn't so
nicely done.

Thanks again,
Niosop