TOOL: PromqryUI 1.0

From the “Is your bathroom breeding Bolsheviks?” department:

Is your network interface promiscuous? I’ll admit that when I first heard the term, “promiscuous mode” I thought it was a joke. It’s not. Promiscuous mode is a reception mode specified for a network adapter will it receives all frames on the entire ring. This includes frames that are not destined to that adapter. From searchsecurity.com:

In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for example, for monitoring network usage).

I wonder if ThinkGeek.com has any “promiscuous mode” t-shirts. Anyway, Microsoft recently released a utility that will allow you to quickly scan your infrastructure for any systems that have a network interface(s) running in promiscous mode. It’s called PromqryUI 1.0 and you can grab it herefrom Microsoft Downloads.

Some of you might wonder why a network interface running in promiscous mode could represent a security problem. As it turns out, many packet sniffers utilize these adapters to steal information - such as credentials - on compromised systems. PromqryUI 1.0 detects any network interfaces in promiscuous mode, which may indicate the presence of a network sniffer running on the system.