Re: Chkrootkit report

To: debian-user@lists.debian.org
Subject: Re: Chkrootkit report
From: Dennis Stosberg <lists@stosberg.net>
Date: Tue, 27 Dec 2005 14:30:19 +0100
Message-id: <[🔎] 20051227133019.GC13880@leonov.stosberg.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200512270809.54220.rickfriedman@verizon.net>
References: <[🔎] 200512270809.54220.rickfriedman@verizon.net>

Rick Friedman wrote:

> I just ran a program called chkrootkit. It reports the following:
> 
> eth0: PACKET SNIFFER(/usr/sbin/pppd[5072])
> 
> I realize that 5072 is the process id for pppd. But what is the message 
> actually saying? Is there a problem with pppd?? Or is this normal?

A "packet sniffer" is a process that reads all traffic on a given
network device.  And this message tells you that there is a process
called pppd which does exactly this.

It is still up to you to decide, whether that is a problem.  If you
are running pppd (for example for PPP over Ethernet), this is
probably O.K.  But if you have never installed or used pppd, there
may be a problem.

There are many programs which trigger false alarms regularly. See
/usr/share/doc/chkrootkit/README.Debian 

Regards,
Dennis

Reply to:

References:
- Chkrootkit report
  - From: Rick Friedman <rickfriedman@verizon.net>

Prev by Date: package broken?
Next by Date: Re: Re: Re: set-up for watching video
Previous by thread: Chkrootkit report
Next by thread: package broken?
Index(es):
- Date
- Thread