Every wonder if someone is remotely logging in to one of your boxen and then going on to another? Now you can find out without even logging into the box by only analyzing the packets on the network! (bad description I know, but I'm tired)

.debs are availible at the ftp site.

• Works on (at least) x86, sparc and hp

• correlate UDP and ICMP to find backdoor shells
• use some real connection tracker
• resolving (off by default), also using custom hosts file
• make ncurses interface
• remove connections that close