Announcing PromiscDetect

From: Arne Vidstrom (arne.vidstrom@NTSECURITY.NU)
Date: 04/16/02 

Date:         Tue, 16 Apr 2002 15:57:16 +0200
From: Arne Vidstrom <arne.vidstrom@NTSECURITY.NU>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Hello,

I've coded a small tool called PromiscDetect for Windows NT 4.0 / 2000 / XP
that checks if your network adapter(s) is in promiscuous mode or not (that
is, in most cases, if a sniffer is running on the computer or not). Of
course the attacker might be intercepting the communication between the tool
and the adapter, making the result unreliable, but there are probably many
more cases out there where the tool will really detect a sniffer. But please
be aware that you can't trust the result to 100% because of this. You can
find PromiscDetect at:

http://ntsecurity.nu/toolbox/promiscdetect/

You can find other freeware security tools and more at our site:

http://ntsecurity.nu

Regards /Arne Vidstrom

Relevant Pages

  • RE: sniffer in promiscuous mode
    ... Subject: sniffer in promiscuous mode ... traffic from one port to another) so the port with the sniffer gets copies ... Is there something else I have to do to capture TCP packets? ...
    (Security-Basics)
  • [TOOL] PromiscDetect, Windows Based Promiscuous Mode Detector
    ... What would be the response for an adapter in "normal" mode? ... the adapter is in promiscuous mode it probably is ... My adapter is in promiscuous mode but there is no sniffer in my ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • Re: Detect a sniffer ?
    ... I heard once that a NIC in promiscuous mode has a hardware address of ... look it up in DHCP or in your documentation ... I also believe that the sniffer that comes with SMS has a ... > detect if a user is running a packet sniffer on my network? ...
    (microsoft.public.security)
  • Re: Tracking Who Is Leeching Off My Network!
    ... The ethernet adapter has to be able to go into promiscuous mode. ... Otherwise the sniffer you use should tell you whether the ... > I put a hub in between and connected to it but didn't see anything. ...
    (comp.security.firewalls)
  • Re: Firewall and IDS, (the second way).
    ... There's only two ways of detecting an IDS that I know. ... Look for the data stream from a remote sensor (sniffer) to wherever ... a network card usually discards ethernet ... This also isn't very useful for remote sniffer detection. ...
    (Vuln-Dev)