Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2003
    London, UK

    chkrootkit output, what's this?

    Can somebody explain the following:

    Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
    eth0:1: not promisc and no PF_PACKET sockets
    eth0:2: not promisc and no PF_PACKET sockets
    eth0:3: not promisc and no PF_PACKET sockets
    eth0:4: not promisc and no PF_PACKET sockets

    Everything else is clean, just not sure what this translates to, it only showed up today, yesterdays was fine and all i've done inbetween is upgrade php 4.3.3 > 4.3.4 disabled the use of system and exec commands and installed zend.


  2. #2
    Join Date
    Jul 2001
    not sure what PF_PACKETS are, but 'not promisc' means it's not in promiscuous mode, meaning it's not listening to all the packets on the LAN - only ones addressed to that NIC. (which is the way it should be)

  3. #3
    Join Date
    Sep 2003
    New York City
    no PF_PACKET sockets probably means there is no sniffer running on the box.
    Reliable Business E-mail Hosting

  4. #4
    Join Date
    Mar 2003
    California USA
    PF_PACKET - packet interface on device level.
    Steven Ciaburri | Industry's Best Server Management -
    Software Auditing - 400+ Vulnerabilities Found - Quote @
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts