You can detect a promiscuous interface if you use Windows Management Instrumentation Command-line (WMIC).
You don't need PromiscDetect and Promqry.
Supported OS
Windows XP Professional or later. (Vista/7/8/8.1/10)
Command
wmic /NAMESPACE:\\root\wmi PATH MSNdis_CurrentPacketFilter GET
NDIS_PACKET_TYPE
00000001 1 DIRECTED 00000010 2 MULTICAST 00000100 4 ALL_MULTICAST 00001000 8 BROADCAST 00010000 16 SOURCE_ROUTING 00100000 32 PROMISCUOUS 00001011 11 DIRECTED(1), MULTICAST(2), BROADCAST(8) 00101011 43 DIRECTED(1), MULTICAST(2), BROADCAST(8), PROMISC(32)
Non-promisc
C:\>wmic /NAMESPACE:\\root\wmi PATH MSNdis_CurrentPacketFilter GET Active InstanceName NdisCurrentPacketFilter TRUE Microsoft ISATAP Adapter 0 TRUE Teredo Tunneling Pseudo-Interface 0 TRUE Intel(R) PRO/1000 MT Network Connection 11 <- Non-promisc TRUE WAN Miniport (Network Monitor) 0 TRUE WAN Miniport (IP) 0 TRUE WAN Miniport (IPv6) 0 TRUE RAS Async Adapter 0
Promisc
C:\>wmic /NAMESPACE:\\root\wmi PATH MSNdis_CurrentPacketFilter GET Active InstanceName NdisCurrentPacketFilter TRUE Microsoft ISATAP Adapter 0 TRUE Teredo Tunneling Pseudo-Interface 0 TRUE Intel(R) PRO/1000 MT Network Connection 43 <- Promisc!!! TRUE WAN Miniport (Network Monitor) 0 TRUE WAN Miniport (IP) 0 TRUE WAN Miniport (IPv6) 0 TRUE RAS Async Adapter 0
