Processes and network utilization
- lsof (if it exists) is the first choice
- are there programs listening on unusual ports?
- are there programs with open sniffer log files?
- are there unusual network connections in place?
- are there programs running with unusual cwd?
- are there unrecognized programs running?
- checking for Ethernet interface in promiscuous mode
- the ifstatus program can be used
- ftp://coast.cs.purdue.edu/pub/tools/unix/ifstatus/
- ifconfig should not be relied on for this