Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,695

    chkrootkit output, what's this?

    Can somebody explain the following:

    Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
    eth0:1: not promisc and no PF_PACKET sockets
    eth0:2: not promisc and no PF_PACKET sockets
    eth0:3: not promisc and no PF_PACKET sockets
    eth0:4: not promisc and no PF_PACKET sockets

    Everything else is clean, just not sure what this translates to, it only showed up today, yesterdays was fine and all i've done inbetween is upgrade php 4.3.3 > 4.3.4 disabled the use of system and exec commands and installed zend.

    Thanks

  2. #2
    Join Date
    Jul 2001
    Posts
    889
    not sure what PF_PACKETS are, but 'not promisc' means it's not in promiscuous mode, meaning it's not listening to all the packets on the LAN - only ones addressed to that NIC. (which is the way it should be)

  3. #3
    Join Date
    Sep 2003
    Location
    New York City
    Posts
    88
    no PF_PACKET sockets probably means there is no sniffer running on the box.
    Reliable Business E-mail Hosting
    http://www.bizintegrators.com

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    PF_PACKET - packet interface on device level.


    http://annys.eines.info/cgi-bin/man/man2html?PF_PACKET
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •