[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x)

Lawrence Houston <debian@greenfield.dyndns.org> writes:

> Running the latest CHKROOTKIT (0.43) under Debian (3.0r2) I am now
> receiving the following messages on my Router:
>    Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x)
>    eth1: PF_PACKET(/sbin/dhclient-2.2.x, /usr/sbin/dhcpd-2.2.x)
> Which is a bit worrisome since I had NOT this with previous versions of
> CHKROOTKIT (up to and including 0.42b)!!!  Does anyone know if this is
> "normal" for Woody's dhcp-client???

yes, it's normal.

it just means that /sbin/dhclient-2.2.x, /usr/sbin/dhcpd-2.2.x use the
packet interface (which many sniffers use).  consider it a false positive.


Reply to: