[CLUE-Tech] root kit checker

[Mike Staver]

Hello everybody - I need help trying to determine what's going on with a 
linux box of mine.  I have ntop running, and it's showing that this box 
is sending about 10 megs of tcp traffic an hour to an ip:

65.54.164.101

The reverse dns on this is wrong I think, it claims it's part of 
msn.com, which I find hard to believe since it has no forward dns 
pointer record assigned to it.  Anyhoo, I have run ps -auwx and I do not 
see any programs running that shouldn't be - and I ran nmap against the 
box looking for odd ball open ports, and that didn't show anything 
either.  Tcpdump keeps showing:

10:23:08.950296 msnbot64101.search.msn.com.33839

What's a good tool that will show me what process is spewing traffic to 
this ip?
-- 

                                 -Mike Staver
                                  staver at fimble.com
                                  mstaver at globaltaxnetwork.com