Do you know whether your Windows system is sniffing network traffic off the network without your knowledge?
This type of passive attack can be very difficult to detect. There are numerous third party tools that try to detect network sniffers running on the network by looking for signs of systems with network interfaces running in “promiscuous mode.” Since many of these tools use network-based detection techniques that rely on bugs in
I have developed a tool that can detect managed Windows systems that have network interfaces running in promiscuous mode – a key indicator that a network sniffer is running on the system. I use a host based detection technique instead of a network based detection technique in order to make this tool as accurate as possible.
I built two versions of this tool:
- Promqry – a command line tool
- PromqryUI – a tool with a GUI
Both of these tools essentially have the same functionality:
- Query the local system’s network interfaces
- Query a single remote system’s interfaces
- Query a range of remote system’s interfaces
Both tools require the
You can get both versions of Promqry (for free) from the download center on www.microsoft.com using these links:
A command line version:
A version with a GUI:
I hope you find these tools useful.