Re: Chkrootkit report
Rick Friedman wrote:
> I just ran a program called chkrootkit. It reports the following:
>
> eth0: PACKET SNIFFER(/usr/sbin/pppd[5072])
>
> I realize that 5072 is the process id for pppd. But what is the message
> actually saying? Is there a problem with pppd?? Or is this normal?
A "packet sniffer" is a process that reads all traffic on a given
network device. And this message tells you that there is a process
called pppd which does exactly this.
It is still up to you to decide, whether that is a problem. If you
are running pppd (for example for PPP over Ethernet), this is
probably O.K. But if you have never installed or used pppd, there
may be a problem.
There are many programs which trigger false alarms regularly. See
/usr/share/doc/chkrootkit/README.Debian
Regards,
Dennis
Reply to: