stuff comes up "missing" all the time.
this is a story of using linux to find some "missing" stuff.

at a prior job, some random items were "missing".
the most notable item was a tablet pc. these tablets are used daily by many different people.
since no one was sure if the items were stolen or misplaced or what, not much effort was put into finding the items.

then one day a fluke cable tester came up missing from a "locked" area.
the bag for the cable tester was still on the shelf, and the manuals were missing.
odd, we never take the manuals anywhere... we know how to use it.
after a few days of asking the people that had access to the "locked" area,
my boss asked me to do some reconnaissance on a certain ip address on the network.

so i logged into our core switch and setup a port mirror(span port in cisco-ese) of our internet connection.
plugged a laptop into the mirrored port and booted knoppix-std.
fired up ethereal, yay, i could see everyones internet bound traffic.
the ip in question was entered into the ethereals filter..... ip.addr == x.x.x.x
sweetness, all internet traffic to-from that ip was showing up.
i looked thru packets being captured..... all the traffic is encrypted.
DAMNIT, crazy people that use VPN's.

i did some digging on the ip the packets were going to on the outside, it was the VPN of one of our contractors parent company.
ho-hum.
urlsnarf was fired up grep'ing for the ip address in question.
just hoping that the VPN will be disconnected, so i can see something of interest.

a few hours later, cha-ching, the VPN dropped and started surfing the web.
a visit to ebay.... oh look, that looks like an ebay username in that url.

fire up a browser, log into ebay, hit the advanced search.
hit "Items by Seller", type in that username.
hey, what do you know, they are from starkville ms. what are the odds?
wow, that user is selling a fluke cable tester.... just like the one we had come up missing.
and the auction stated the bag was missing.
hrm, what else has this user sold? lots of stuff we didn't even know was missing.

so i packaged up some printouts and showed my boss.
the sheriff went to visit this persons house later that evening....
about a dozen items had been stolen. some had been sold on ebay, others were at the house.

ebay records were subpoenaed.
the person hired a local attorney who happens to be a good friend of mine.
after hearing the story from the accused, all the lawyer could say is:
"fucking foo"