- Any malware or spyware compromising your security can be noticed & traced.
- Check on the (unencrypted) packets which can be easily sniffed in open (wifi) network.
$netstat -nap
Alternative tool is lsof utility which allows you to have the list of active ports used by processes and other useful information. Use apt-get to install it.
$ lsof -i
If you want to know more about active connections on your PC, in order for example to monitor the data flow passing through it , you can use a really useful tool embedded in Linux operating
systems which is called TCPdump.
TCPdump allows you to analyze the entire flow of data packets in transit to and from your PC, with a high level of details (headers and plaintext data). It is a great tool to fine-tune the firewall rules.
To list all tcp packets captured by your network interface eth0.
# tcpdump -n -i eth0-n used for displaying ip address & port, -i used for specifying the network interface.
Everything passing through your network interfaces can be sniffed, and to demonstrate the absolute lack of confidentiality in a TCP packet, try to open a msn/yahoo session and sniff all of your packets with the command:
# tcpdump -Xx -s 500 -n -i eth0This lets you see the first 500 characters of a plaintext TCP packet. Everyone over your network could possibly read your confidential messages just using their network inter faces in monitor mode.
References:
http://hakin9.org
Posts
No comments:
Post a Comment