chkrootkit question

Hi all,

I have installed chkrootkit-0.44 on my suse 9.1 and I have it check my
machine every night and email me the results. I have been comparing the
emails for the last month or so and I have noticed that they are consistant
except that there is intermittent jump from

Checking `inetd'... not infected
..
..
Checking `sniffer'... Checking `w55808'... not infected
..
..

to

Checking `inetd'... not tested
..
..
Checking `sniffer'... ppp0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
..
..

and vice versa. Does anyone know why that should be the case, i.e. inetd is
not tested occasionally and why the sniffer is cutoff when inetd is
reported not to be infected?

Thanks

On Thu, 11 Nov 2004 14:29:16 GMT, rsina
<rsina.no-ssppaamm@earthlink.net> wrote:
> Hi all,
>
> I have installed chkrootkit-0.44 on my suse 9.1 and I have it check my
> machine every night and email me the results. I have been comparing the
> emails for the last month or so and I have noticed that they are consistant
> except that there is intermittent jump from
>
> Checking `inetd'... not infected
> .
> .
> Checking `sniffer'... Checking `w55808'... not infected
> .
>
> and vice versa. Does anyone know why that should be the case, i.e. inetd is
> not tested occasionally and why the sniffer is cutoff when inetd is
> reported not to be infected?
>

I don't know why inetd is sometimes not tested, but "sniffer" tests
whatever network interfaces are up at the time. I assume you have no
ethernet, just a dial-up connection.

--
"At a scheduled time, the robot would pull the flush lever and scream as
it got sucked down the drain." --Kibo