I am having trouble making sense of a chkrootkit scan I just ran. Under sniffer I get "eth0: PF_PACKET(/usr/sbin/dhcpcd)". Does anyone know what this means?
I have tried googling "PF_PACKET", "PF_PACKET chkrootkit" and "PF_PACKET sniffer" but haven't found any good answers. It sort sounds like my NIC is being set to promiscuous mode?
Thanks for any info!
One program in chkroot kit is ifpromisc. On Arch it is /opt/chkrootkit/ifpromisc . It is a stand alone program, just run it to find out more. (chkrootkit is just a shell script which calls this among other things).
thanks for the reply.
After running ifpromisc, I got the same output which prompted some more googling. I explicitly set my card to promiscuous mode and ifpromisc correctly noticed that my NIC was set to promiscuous mode. So I no longer think anything is wrong.