JSI Tip 9051. Description of the Promqry 1.0 and PromqryUI 1.0 tools, that enable you to detect a network sniffer.

Microsoft Knowledge Base Article 892853 contains the following introduction and summary:


This article introduces two tools that enable you to detect a network sniffer that is running on a computer that is running Windows Server 2003, Windows XP, or Windows 2000.


A network "sniffer" is designed to collect data that is flowing across a network. The data can be useful for many purposes, including troubleshooting, network traffic analysis, and security purposes. However, the data can be used for illegitimate purposes, such as network attack. This article introduces two tools, Promqry and PromqryUI, that allow you to detect network sniffers that are running on Microsoft Windows Server 2003, on Microsoft Windows XP, and on Microsoft Windows 2000.

Promqry is a command-line tool that can also be used in scripts. PromqryUI is a tool that has a Windows graphical user interface. Both tools have the same basic functionality:
  To query the local computer's network interfaces
  To query a single remote computer's interfaces
  To query a range of remote computers' interfaces
Promqry and PromqryUI require the Microsoft .NET Framework to run, and the tools must run under the security context of Administrator. Additionally, the tools have the following limitations:
  They cannot detect stand-alone sniffers.
  They cannot detect sniffers that are running on operating systems prior to Microsoft Windows 2000.
  They cannot remotely detect sniffers that are running on Windows systems where the network hardware has been modified specifically to avoid detection.
At the end of the article, you are provided with details about how to use Promqry 1.0 and PromqryUI 1.0.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.