Re: Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x)

To: Lawrence Houston <debian@greenfield.dyndns.org>
Cc: Debian Users <debian-user@lists.debian.org>
Subject: Re: Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x)
From: lantz moore <lmoore@tump.com>
Date: Sun, 18 Jan 2004 16:06:57 -0800
Message-id: <[🔎] 86llo4u7ha.fsf@tump.com>
In-reply-to: <[🔎] Pine.LNX.4.44.0401111026230.4886-100000@northgate.dyndns.org> (Lawrence Houston's message of "Sun, 11 Jan 2004 10:26:57 -0500 (EST)")
References: <[🔎] Pine.LNX.4.44.0401111026230.4886-100000@northgate.dyndns.org>

Lawrence Houston <debian@greenfield.dyndns.org> writes:

> Running the latest CHKROOTKIT (0.43) under Debian (3.0r2) I am now
> receiving the following messages on my Router:
>
>    Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x)
>    eth1: PF_PACKET(/sbin/dhclient-2.2.x, /usr/sbin/dhcpd-2.2.x)
>
> Which is a bit worrisome since I had NOT this with previous versions of
> CHKROOTKIT (up to and including 0.42b)!!!  Does anyone know if this is
> "normal" for Woody's dhcp-client???

yes, it's normal.

it just means that /sbin/dhclient-2.2.x, /usr/sbin/dhcpd-2.2.x use the
packet interface (which many sniffers use).  consider it a false positive.

-l

Reply to:

References:
- Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x)
  - From: Lawrence Houston <debian@greenfield.dyndns.org>

Prev by Date: Re: [OT] tuxracer + bunny hill: possible?
Next by Date: linux client for graal online
Previous by thread: Re: Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x)
Next by thread: disgo
Index(es):
- Date
- Thread