driftnet

Capture images from network

$ driftnet -i [eth0]

$ driftnet -i [eth0] -d [/tmp/images]

$ driftnet -i [eth0] -a -d [/tmp/images]

$ driftnet -f [capture.pcap]

$ driftnet -v -i [eth0]

driftnet [options]

driftnet captures and displays images from network traffic in real-time. It extracts JPEG, GIF, and PNG images transmitted over unencrypted HTTP connections passing through the monitored network interface.
The tool is useful for network monitoring, security demonstrations, and forensics. In display mode, captured images appear in a window; in adjunct mode, they're saved to disk.
driftnet can also extract audio data from network streams, playing it in real-time or saving to files.

-i INTERFACE

Network interface to capture on.

Directory to save images.

Adjunct mode (no display).

Read from pcap file.

Don't put interface in promiscuous mode.

Verbose mode.

Beep when image captured.

Display help information.

Only captures unencrypted traffic (HTTP). Requires root/promiscuous access. HTTPS traffic not visible. Intended for authorized monitoring only.

driftnet was created by Chris Sherlock as a demonstration of network traffic visibility. It highlights the privacy implications of unencrypted communications and is used in security awareness training.

tcpdump(8), wireshark(1), ettercap(8)