[lab 10 poisoning and sniffing ] [ driftnet ] warning: link-level (LINUX_SLL) header is not supported


Hello everyone, I was working on the lab 10 and have difficulties on getting driftnet to work. When I use command (with arpspoofing),

driftnet -i tap0

I get no images. When I use the command,


It pops up the warning message “warning: link-level (LINUX_SLL) header is not supported”. Can anyone help me to troubleshoot the driftnet? Thank you very much.

update: I can capture pictures using eth0. When I use tap0 and arpspoofing, i can see the new connections in driftnet (wtih verbose on). However, I still cannot get the pictures.

I see only black screen (driftnet), and no http traffic between and in Wireshark.
I enabled ip forward and run two arpspoof commands. I used tap0, it’s my vpn interface.
I can’t solve this issue… don’t understand why it doesn’t work…

that should not be the case - at least not for the lab pictures?

Could you provide the commands you executed?
could you provide the out put of the following commands?
ip r
ip a
sysctl net.ipv4.ip_forward
sudo iptables -L -n
sudo iptables -L -n -tnat

1 Like

What Friedrich said—this is likely a misconfig somewhere.

The commands provided do the following (in case you’re unsure what they do):

ip r: shows routes
ip a: shows network interfaces (you can redact MAC addresses from this output)
sysctl net.ipv4.ip_forward: shows whether or not IPv4 packet forwarding is enabled
sudo iptables -L -n -tnat: lists iptables configs, numeric (no resolution), and NAT configs)

Also, an alternative to driftnet would be exporting objects from Wireshark.

Could the issue be due to iptables? I had the same issue (no pictures in driftnet and didn’t see any HTTP traffic between the hosts) when sudo iptables -L showed Chain FORWARD (policy DROP). After running sudo iptables -P FORWARD ACCEPT it started working for me. Got the solution thanks to @Z3r0n37.