[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Chkrootkit report

Rick Friedman wrote:

> I just ran a program called chkrootkit. It reports the following:
> eth0: PACKET SNIFFER(/usr/sbin/pppd[5072])
> I realize that 5072 is the process id for pppd. But what is the message 
> actually saying? Is there a problem with pppd?? Or is this normal?

A "packet sniffer" is a process that reads all traffic on a given
network device.  And this message tells you that there is a process
called pppd which does exactly this.

It is still up to you to decide, whether that is a problem.  If you
are running pppd (for example for PPP over Ethernet), this is
probably O.K.  But if you have never installed or used pppd, there
may be a problem.

There are many programs which trigger false alarms regularly. See


Reply to: