Rick Friedman wrote: > I just ran a program called chkrootkit. It reports the following: > > eth0: PACKET SNIFFER(/usr/sbin/pppd[5072]) > > I realize that 5072 is the process id for pppd. But what is the message > actually saying? Is there a problem with pppd?? Or is this normal?
A "packet sniffer" is a process that reads all traffic on a given network device. And this message tells you that there is a process called pppd which does exactly this. It is still up to you to decide, whether that is a problem. If you are running pppd (for example for PPP over Ethernet), this is probably O.K. But if you have never installed or used pppd, there may be a problem. There are many programs which trigger false alarms regularly. See /usr/share/doc/chkrootkit/README.Debian Regards, Dennis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]