1) What I originally meant was that your system was already compromised and had a remote control agent or some kind of other backdoor installed. This would allow the remote person to see everything you do, but the way you brought this up reminded me of other things. For example, if you log onto a windows domain, there are software packages (SMS I think), that allows for complete control of your box down to controling the mouse on your screen. If you log onto any domains at your ISP, it is possible they could do this...

2) Depending on the quality of the product you are using to sniff and assuming they are somewhere in the path betwen you and the destination, the can see everything crossing on the wire. A low tech sniffer will just pass along packet contents, which gives enough information to at least tell what you are looking at and if you are really interested, to go to the site to see for yourself (and yes this does include usernames/passwords passed in cleartext). However, there are some exceptionally well written sniffer products that can entirely rebuild the session and replay it for the person doing the sniff...very interesting to see...Anything you do on the network has to traverse it through packets and unless your information is encrypted (think SSL web site), it will pass in plaintext and allow the person to read it, be it mail ,web traffic, telnet, whatever.

3) There are ways you can detect a sniffing product on your own particular network by trying to sense if any cards are out there in promiscious mode. If memory serves, l0pht had a tool that did that.

4) TCP Session Hijaacking. Very complicated to explain and it requires a pretty good understanding of how a TCP/IP connection is established. First thing that turned up on google was: http://cs.baylor.edu/~donahoo/NIUNet/hijack.html. It would be a good first stop for reading.

Neb