Netstat
Unhide
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
This package can be used by rkhunter in its daily scans.
Canonical does not provide updates for unhide. Some updates may be provided by the Ubuntu community.
Forensic Toolkit
http://www.foundstone.com/us/index.asp
Hackers and malicious insiders are an undeniable threat to your organization’s network. They have sophisticated tools and backdoor programs at their disposal with which to steal information, perform unlawful or unauthorized activities, and cover their tracks. Security professionals charged with protecting their organizations can become overwhelmed in developing specialty applications to combat these threats.
To help bridge this gap, Foundstone offers several unique utilities that you can add to your network security arsenal.
As the premier provider of security risk management, vulnerability assessments and protection, Foundstone has created a series of tools that are used in the field by its consultants. The company offers this software free of charge to the public. Download them today to defend your organization against attacks
Sysinternal
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.