How To Analyse Suspicious Internet Activity
.....IN REAL TIME
Hypothetical Situation..
A user has full IP logging and has log viewer opened and is using Firefox ( or another browser ) on his computer. He then spots a couple of IP Addresses going out that aren't normally there for the web site he visits. He also has some sort of disk monitor program running and it shows quite some unusual activity of reading from his disk. Rather than disconnecting he decides he wants to monitor the activity and only has a small window of opportunity( say a few seconds ) to capture has much as he can.
1....What commands would you run on the terminal to capture as much as you can that may help in deciding if the activity is abnormal?
2....Could you put the commands in a script and have some sort of 'hot switch' to run those commands at the click of a mouse
3...Are there any programs out there you could run as soon as you spot unusual activity.
You can take my trousers but you won't take my Freedom !
Bookmarks