This is a trick I learned a long time ago. I used to teach it in my linux administration, digital forensics, and ethical hacking courses I taught at college. It has been one of the most useful commands I ever learned. So the scenario goes like this: lets assume you have a user you suspect is doing something nefarious…maybe even a hacker has a shell on your server. You would like to be able to see exactly what they are doing. Wouldn’t it be nice to be able to connect to their shell without them knowing so you can watch what they are doing?
Here is how it is done…..