One of the things that I'm doing is evaluating an enterprise forensic solution. For those who are doing the same, here is what I found right off the bat with NetForensics 3.1:

SETUP
==============================
RedHat Advanced Server 9
Dell PowerEdge 2650
2 GIG RAM
73GIG SCSI drives x 2

SNIFFER
==============================
Ethereal .9.11

INITIAL DISQUALIFYING RESULTS
==============================
The NetForensics box passes, username, password hash and user rights level in the clear.

Anyway, since this is supposed to be a security product and since it would be housing all of our logs, I'd have to say that this initial finding removes it from the list of viable solutions, at least for shops that take security seriously.

Hope this saves someone some time. I know that if we had this info from the start, we wouldn't have even bothered to ask for a demo.

PS
We pumped 8 records per second to the box and it was at about 98% utilization. Hate to see what would happen if I directed my firewall logs at this thing

--Th13