Hi Gals/Guys

while monitoring my network traffic on server i came across few packets which were generated from my Outer interface (DSL) and was destined to one of the Internal user having IP 192.168.0.143. They were MSn packets as i was fiiltering the received packets for MSN traffic only. Well i couldnot see any MSN packet generated from that source only there were replies, this looks suspicious to me that there must be going on. I thought the user must have generated packets before i started capturing.

Anyways then i run msn track on server, by default it started capturing on LAN Interface, i could see my internal users chatting and it was fine. But when i changed the interface to the External (DSL) one, I saw the same user (192.168.0.143 by the way she is pretty smart woman ), using MSN and chatting with a friend. Since she is not authorized to use MSN i have to fire my gun on her, but before doing this i must have her in my range as she is among senior Managers in the company. So what i want to know is ?

1) How come i can't see her msn communication one Lan Interface of the server using Etherial while i can see others?

2) If she is using HTTP port then ISA should logged it. If yes then what could be i looking for in the log?.

3) IS she somehow by passing my Monitoring? If Yes then How?

Although i know she is not an IT related person, and hasn't had any IT background, but still she is making us fool.

Awaiting your replies.

Cheers