Is there any way to test which incoming ports are blocked at the gateway from the inside of the network. If the inside is configured w/ non-routable IP's you cannot effectively scan a connectivity to a particular host on the inside because the firewall can have a certain services running for some clients and not for other clients. I'm familiar w/ some techniques of scanning through firewalls but I don't think these would be successful in case of my network. I'm more worried about the unauthorized users on the inside... hence the question at the beginning. Some of you may remember my earlier post... Basically I have a problem user who is surfing the net on company time. I've seen his print cues and he's printed netcat tutorials and such. He isn't completely in the dark... if you know what I mean. So far I've haven’t done anything to stop this activity because I'm not familiar w/ NT & win2k network environment. So I'll ask again. How can I block his browsing. In Linux I'll just make rule-set in chains to block 80, but what can I do in windows natively. We don't have the money to buy firewall so that's out of the question. I know he WILL tunnel the traffic through his home computer if I will block port 80 through some other socket. If I can capture this traffic I can prove that he's doing it deliberately. But for me, the biggest problem is that I don’t know how does windows do this natively. Is it by blocking raw socket at the kernel level (like *nix) or is it by using netbios in some way. Please help or point me to a good tutorial.

Thanx for your time.