Microsoft Knowledge Base Article 892853 contains the following introduction and summary:
INTRODUCTIONThis article introduces two tools that enable you to detect a network sniffer that is running on a computer that is running Windows Server 2003, Windows XP, or Windows 2000.
SUMMARYA network "sniffer" is designed to collect data that is flowing across a network. The data can be useful for many purposes, including troubleshooting, network traffic analysis, and security purposes. However, the data can be used for illegitimate purposes, such as network attack. This article introduces two tools, Promqry and PromqryUI, that allow you to detect network sniffers that are running on Microsoft Windows Server 2003, on Microsoft Windows XP, and on Microsoft Windows 2000.
Promqry is a command-line tool that can also be used in scripts. PromqryUI is a tool that has a Windows graphical user interface. Both tools have the same basic functionality:
|To query the local computer's network interfaces|
|To query a single remote computer's interfaces|
|To query a range of remote computers' interfaces|
|They cannot detect stand-alone sniffers.|
|They cannot detect sniffers that are running on operating systems prior to Microsoft Windows 2000.|
|They cannot remotely detect sniffers that are running on Windows systems where the network hardware has been modified specifically to avoid detection.|