This first article in a two-part series deals with tools to find security holes in webservers and workstations. Some of the topics covered are: port scanning, finding NFS security holes, and using lsof.
Use the gnome program Cheops (http://www.marko.net/cheops) to produce a graphical network plan with machine types and connections. The program can do portscans, too, but is not as flexible and powerful as nmap.
Using the network monitor Ethereal (http://ethereal.zing.org/) to analyze network traffic. Ethereal can follow TCP streams and is useful for dumping clear text passwords as transmitted by telnet, ftp, pop3 and other protocols.