Hi , I was thinking about sniffing Oracle authentications out of network traffic ,but since long time ago I`ve not seen any implementation of such tool in public. maybe the reason is the way Oracle switch client to new random port before authentication . Although simple sniffing won`t work for this case but I guess it`s not that hard to develop a smart sniffer that capture traffic on 1521 and follow oracle to it`s new port , offered to client for authentication. *maybe there is another issue about sniffing auth. info which I`m not aware ? Any comments , tools recommendations , URLs about this topic ? regards Hamid.K