ME wrote: > If the network is a switched network between the two hosts, then you have > a higher level of security from sniffing since the sniffer would see > nothing but the first ethernet frame from unknown MAC to unknown > MAC/Broadcast MAC unless the switch was configured (puposefully) to flood > to a sniffer-port with a sniffer running on it, or "break" the switch and > make it into a repeater and then see all traffic (prob result in a > RMON/SNMP trap/trigger if the switch was well set up and notify the > network admin) and then have a sniffer on one of those ports being > flooded.
Unless, of course, you had a talented person who ARP'd the switch with the mail server's MAC address, hijacking the bit stream to their own port. Not that this is likely. Just a thought. Chuck Polisher -- "Oh bother," said the Borg, "We have assimilated Pooh".
