[crackez]

There's always - cat /proc/net/tcp*

And remember: echo * can be your "ls" in a pinch.

[Pesthuf]

But let’s be honest, there’s no reason to use these unless you already know your server is compromised. In which case the server would be taken down rather than ssh‘d into.

And even then the attacker could patch cat, bash, provide sneaky aliases or just compromise Libc altogether.

[rurban]

Not with a kernel module. Then this is also compromised