Page 1 of 1

[SOLVED] A sniffer in a WPA Supplicant.

PostPosted: Apr 10th, '14, 18:51
by mika
Hi!

The chkrootkit -program gave the following output:
Code: Select all
Checking `sniffer'... wlo1: PF_PACKET(/usr/sbin/wpa_supplicant)

Most likely, this is a false positive. But how can I make sure it?

regards Mika

Re: A sniffer in a WPA Supplicant.

PostPosted: Apr 10th, '14, 22:22
by doktor5000
Simply google for it and crosscheck from various sources. It's simply a false positive:
https://bugs.debian.org/cgi-bin/bugrepo ... bug=630880

Re: A sniffer in a WPA Supplicant.

PostPosted: Apr 11th, '14, 20:48
by mika
I checked the sha256sum of the /usr/sbin/wpa_supplicant -file and its counterpart from the original RPM.
Checksums matched, so the problem doesn't exist.

P.S.
If one has a similar case you can extract a RPM without installing it using:
Code: Select all
rpm2cpio wpa_supplicant-2.0-2.mga4.x86_64.rpm | cpio -idmv


So long!

Re: [SOLVED] A sniffer in a WPA Supplicant.

PostPosted: Apr 12th, '14, 01:41
by doktor5000
You could just run
Code: Select all
rpm -V wpa_supplicant
to check if the checksums from all files match with those from the rpm.