EtherPEG and DriftNet

Get a compelling visual representation of what people are looking at on your network.

While tools like tcpdump [Hack #37] or Ethereal [Hack #38], and ngrep [Hack #41] give you detailed information about what people are doing on your network, the information they provide just isn’t interesting to most people. They might understand that their wireless data is vulnerable to eavesdroppers, but somehow they still have an attitude of “it’s hard to do, so it won’t happen to me.”

For some reason, this attitude is quickly cured when people are shown the following tools. While they are really simple utilities, I think of them as revolutionary to network monitoring as the Mosaic browser was to the Internet. Rather than make logs for later analysis, they simply show you what people are looking at online, in real time.


EtherPEG ( is a very clever hack for OS X that combines all of the modern conveniences of a packet sniffer with the good old-fashioned friendliness of a graphics-rendering library. It watches the local network for traffic, reassembles out-of-order TCP streams, and scans the results for data that looks like a GIF or JPEG. It then simply displays that data in a random fashion in a large window. As you can see in Figure 3-33, it’s sort of a real-time meta-browser that dynamically builds a view of other people’s browsers, built up as other people look around online.

Figure 3-33. EtherPEG in action.

EtherPEG is decidedly not a commercial ...

Get Wireless Hacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.