MS Download: Detect Network Sniffers Running On Windows Systems
Sunday, 06 February 2005 by Michel Roth
"There are numerous third party tools that try to detect network sniffers running on the network by looking for signs of systems with network interfaces running in “promiscuous mode.” Since many of these tools use network-based detection techniques that rely on bugs in operating systems and/or specific sniffer behavior, they can generate false positive and false negative results.

Tim Rains has developed a tool that can detect managed Windows systems that have network interfaces running in promiscuous mode – a key indicator that a network sniffer is running on the system. I use a host based detection technique instead of a network based detection technique in order to make this tool as accurate as possible."

Tim Rains built two versions of this tool:

Promqry – a command line tool
PromqryUI – a tool with a GUI

Read more here.

Related Items:

SecureAccessClient Installation Detection&Removal Tool (5 July 2006)
April 12, 2005 Enterprise Update Scan Tool (Standalone Version) (13 April 2005)
eEye Wireless Network Security Scanner (13 April 2005)
Microsoft Network Monitor 3 Beta 2 (11 September 2006)
MicroOLAP TCPDUMP for Windows 3.9 (1 June 2005)
Windows Automated Installation Kit (AIK) (6 February 2007)
Network Monitor 3.0 Beta Soon (5 April 2005)
Virtual Rootkit Targets OS, Not Virtual Machines (17 March 2006)
Using EFS Encryption To Secure Your Virtual Domain Controllers (7 March 2006)
Sysinternals RootkitRevealer Updated To Version 1.20 (10 March 2005)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy