I used chkrootkit -q and found a packet sniffer on this system. So decided to do something about it. First I ran unlink dhclient <cr> and that removed the PACKET SNIFFER dhclient[865] from the system according to chkrootkit -q when once run again. Interestingly chkrootkit reports a packet sniffer as deleted once this is done rather than being silent. Then I took the system off line by disconnecting the ehternet cable from the computer and rebooted it. I ran chkrootkit -q again and silence was all that came back. Okay no more packet sniffer, so while the system is still offline let's change all the passwords to new strong passwords then run pwconv on them. Other things I'm sure will still require a system reinstallation but packet sniffers can at least be handled relatively easily. By the way, I'm living quite close to a military base which is a very major target of foreign intelligence so expect more packet sniffers will be on this system shortly. At least now I have a procedure for dealing with them and I'll be running chkrootkit more frequently too.
