"This article is the second of a three-part series that
takes a look at some of the common tools you can use on your own
systems to spot holes, look for potential problems, and then take
steps to tighten your grip on the system.
Last time, I took you through a brief introduction to "honey
pots," Ethereal, and the venerable nmap. This time, we'll take a
look at a few more common tools, namely tcpdump and Tripwire.
Tcpdump is a network traffic analysis tool originally created by
the Network Research Group at Lawrence Berkley National Lab. As the
name implies, tcpdump allows you to "dump" TCP traffic to screen or
file for later analysis. Actually, tcpdump also serves as a
back-end program to many other network analysis tools such as snort
and shadow. The underlying traffic capture library, libcap, is also
used in other tools such as Ethereal (which we discussed last
time), tcptrace, and many others. You can find out more details on
these tools from the tcpdump web site. Tcpdump comes with most
Linux distributions by default so you don't have to grab it
yourself."