Phish: A NIC, properly dis-associated from all protocols is pretty difficult to locate. Firstly you have to be in the same collision zone because the only way you might get a response is through a broadcast that shouldn't, (technically), be passed through routers, especially cable/dsl modem types... So an attacker needs to gain a foothold in the collision domain of the sniffer..... That would be the cable/dsl modem itself or your firewall. If he's on your firewall then you have a bigger issue than worrying about him finding the logger...

It's pretty safe.... I have run it at work for 18 months or more..... It's interface shows 1 packet transmitted at each restart... that's all.... I restart every 2-3 weeks on average and check the packets sent/received every couple of days.... It works fine from here...... Sure as hell, your average skiddie isn't going to find it and the really talented chaps aren't really interested enough to try to come in.