Microsoft Creates Free Utility for Detecting Network Sniffers
- By Scott Bekker
Microsoft on Wednesday posted a free security tool in the Microsoft Download Center to help administrators root out unauthorized network sniffers running on Windows computers.
The tool is called Promqry 1.0 and comes in a command line version (promqrycmd.exe) and a version with a graphical UI (promqryUI.exe). The command line version is a 113 KB download, and the graphical version is a 255-KB file.
"Promqry can accurately determine if a modern (Windows 2000 and later) managed Windows system has network interfaces in promiscuous mode. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system," Microsoft says in the overview of the tool on its download page. "Promqry cannot detect standalone sniffers or sniffers running on non-Windows operating systems."
A full description of the tool will be available under the Knowledge Base Article number 892853, but the page hadn't been posted Thursday morning.
Network sniffers are frequently installed when systems are compromised by a Trojan horse. Attackers can use the sniffers to capture usernames, passwords and other sensitive information as it crosses the network.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.