Hello everyone, I was working on the lab 10 and have difficulties on getting driftnet to work. When I use command (with arpspoofing),
driftnet -i tap0
I get no images. When I use the command,
driftnet
It pops up the warning message “warning: link-level (LINUX_SLL) header is not supported”. Can anyone help me to troubleshoot the driftnet? Thank you very much.
update: I can capture pictures using eth0. When I use tap0 and arpspoofing, i can see the new connections in driftnet (wtih verbose on). However, I still cannot get the pictures.
I see only black screen (driftnet), and no http traffic between 10.10.10.10 and 172.16.5.5 in Wireshark.
I enabled ip forward and run two arpspoof commands. I used tap0, it’s my vpn interface.
I can’t solve this issue… don’t understand why it doesn’t work…
that should not be the case - at least not for the lab pictures?
Could you provide the commands you executed?
could you provide the out put of the following commands?
ip r
ip a
sysctl net.ipv4.ip_forward
sudo iptables -L -n
sudo iptables -L -n -tnat
What Friedrich said—this is likely a misconfig somewhere.
The commands provided do the following (in case you’re unsure what they do):
ip r: shows routes
ip a: shows network interfaces (you can redact MAC addresses from this output)
sysctl net.ipv4.ip_forward: shows whether or not IPv4 packet forwarding is enabled
sudo iptables -L -n -tnat: lists iptables configs, numeric (no resolution), and NAT configs)
Also, an alternative to driftnet would be exporting objects from Wireshark.
Could the issue be due to iptables? I had the same issue (no pictures in driftnet and didn’t see any HTTP traffic between the hosts) when sudo iptables -L showed Chain FORWARD (policy DROP). After running sudo iptables -P FORWARD ACCEPT it started working for me. Got the solution thanks to @Z3r0n37.