>> These are all good ideas, however many sniffers are not Unix systems >> that can be logged into and examined. I have worked with DOS based >> sniffers (Network General Sniffer, Excelan, HP, etc) that are far >> superior to suns (as sniffers/protocol analayzers) and I doubt that >> they are easily detectable even with their transmit lead intact. > I don't think the machine you run sniffer software on could make it > better or worse, they all get the same packets;) Not quite. Some machines designed as sniffers / network analyzers have special network interfaces that let them see things like packets with Ethernet CRC checksum errors, runts, giants, etc - stuff that most Ethernet interfaces either silently drop or just report the existence of. Also, the software on a dedicated machine has usually received a lot more attention to making it useful than the network sniffing software on a general-purpose machine. (Unfortunately, it generally is also completely fixed - you get what someone else thinks is useful, with no way to modify it to do what _you_ want done.) der Mouse mouse@collatz.mcrcim.mcgill.edu