Sometime on Jun 22, Benoy George assembled some asciibets to say:
how can I find more details like who is this sniffer and when he enter in to our m/c?
Well, for one, you need to install tripwire. That will fingerprint all your binaries and store it in a database. Then, back up that database on a separate machine/removable disk. Tripwire will check all binaries every night and mail you if there are any discrepancies, reporting what they are. That way you will know if someone has tampered with your system, and what exactly has been changed.
You should also stop all not-required services, and instead redirect all requests on those ports to a logger that will log the entry and send a mail to you reporting.
That way, if anyone tries to scan your machine, you will get immediate notice of it.
You also need to check your log files regularly to see if anything unexpected is happening. Typically, you'd do this every morning, but a better solution may be to get a log analyser that will provide your log files in an easy to read format, possibly over the web. That way, you can have one browser window always open to monitor what's happening.
waiting for more comments on security issues, hacking and cracking...
Just so you know, security issues are related more to cracking than to hacking. A very small part of hacking is related to security. Most of it deals with clever programming of anything from a really efficient factorial program to an os tweak to work around a hardware bug.
Cracking on the other hand has everything to do with security, and little if anything that doesn't deal with security.
A good system administrator needs to know how a cracker works, but not necessarily a hacker. A good programmer should aspire to be a hacker.
Philip