Did you ever had a need to know whether your Windows system is sniffing network traffic off the network without your knowledge?
This type of passive attack can be very difficult to detect. There are numerous third party tools that try to detect network sniffers running on the network by looking for signs of systems with network interfaces running in promiscuous mode. Since many of these tools use network-based detection techniques that rely on bugs in operating systems and/or specific sniffer behavior, they can generate false positive and false negative results.
Microsoft has released a tool that can detect managed Windows systems that have network interfaces running in promiscuous mode – a key indicator that a network sniffer is running on the system. It uses a host based detection technique instead of a network based detection technique to make it as accurate as possible.
- Query the local systems network interfaces
- Query a single remote systems interfaces
- Query a range of remote systems interfaces
Additionally, the tools have the following limitations:
- It cannot detect stand-alone sniffers.
- It cannot detect sniffers that are running on operating systems prior to Microsoft Windows 2000.
- It cannot remotely detect sniffers that are running on Windows systems where the network hardware has been modified specifically to avoid detection.
You can get both Promqry from:
Blogged with Flock