You are not logged in.

#1 2004-01-17 20:16:59

terrapin
Member
From: Lockport, IL
Registered: 2003-08-06
Posts: 104

chkrootkit results.

I am having trouble making sense of a chkrootkit scan I just ran.  Under sniffer I get "eth0: PF_PACKET(/usr/sbin/dhcpcd)".  Does anyone know what this means?

I have tried googling "PF_PACKET", "PF_PACKET chkrootkit" and "PF_PACKET sniffer" but haven't found any good answers.  It sort sounds like my NIC is being set to promiscuous mode?

Thanks for any info!

Offline

#2 2004-01-17 21:13:12

andy
Member
From: Germany
Registered: 2002-10-11
Posts: 374

Re: chkrootkit results.

One program in chkroot kit is ifpromisc. On Arch it is /opt/chkrootkit/ifpromisc . It is a stand alone program, just run it to find out more. (chkrootkit is just a shell script which calls this among other things).

Offline

#3 2004-01-17 23:39:22

terrapin
Member
From: Lockport, IL
Registered: 2003-08-06
Posts: 104

Re: chkrootkit results.

thanks for the reply. 

After running ifpromisc, I got the same output which prompted some more googling.  I explicitly set my card to promiscuous mode and ifpromisc correctly noticed that my NIC was set to promiscuous mode.  So I no longer think anything is wrong.

Offline

Board footer

Powered by FluxBB