Processes and network utilization

• lsof (if it exists) is the first choice
  • are there programs listening on unusual ports?
  • are there programs with open sniffer log files?
  • are there unusual network connections in place?
  • are there programs running with unusual cwd?
  • are there unrecognized programs running?
• checking for Ethernet interface in promiscuous mode
  • the ifstatus program can be used
  • ftp://coast.cs.purdue.edu/pub/tools/unix/ifstatus/
  • ifconfig should not be relied on for this