Just for giggles yesterday I ran my WAN traffic from my modem through a hub before it reached my firewall so that i could connect a box outside and sniff some traffic (I plan to include it in the much-delayed final part of my Ethereal/Wireshark tutorial) from the 'unsanitised' Internet. It worked fine - I got loads of juicy messenger spam & 1433/143 probes amongst the rest of the usual background noise - and I'm thinking of hardening the box and leaving it on there, just to see what flies I can attract. Its not exactly a honeynet i know, but it might be interesting to see the actual packets that get blocked by my firewall... Anyone ever tried this and have any suggestions for what OS to put on the box? I'm 90% certain it'll be some stripped down flavour of Linux, but it might be a perfect time for me to learn FreeBSD - as I understand you can configure that down to the real barebones - all it needs to run is the absolute basic OS and Wireshark, so it should be (relatively - especially for someone with no experience of it) easy to set up. Anyone have any thoughts?