Just open up a "monitor" port on your switch, and hook a machine with a sniffer up to
it. All switches I've seen have the ability to turn on a monitoring port, and
therefore monitor traffic promiscuously. Use a good sniffer with traffic analysis.
Don't bother with the firewall until you find out your users are napstering like
crazy. Users will never admit fault, until you confront them with the incriminating
data.
On the other hand, if you don't already have a firewall in place, that's awfully not
good, either. Firewalls are a must.
jakob
