
Just some notes on using these tools.

1) The network monitoring is more robust on SunOS 5.x.  On SunOS 4.x,
   if the network load gets to high (I have no definition of high), the
   SunOS 4.x machine will gradually become non-functional.  This behavior
   has not been observed with SunOS 5.x (specifically 5.3).

2) Get used to what goes on on your network.  You will see some things
   over and over that are perfectly legit.  I use a script to filter out
   things that I don't care about that 'netwatch' logs.  Extract does
   that automatically for the tcplogger and udplogger logs.

3) Be wary of using these logs as evidence.  They should probably only
   be used for detecting events.  Other, more *accepted* means
   should be used to determine the perpetrator when such information
   is desired.
