My network with approx 300 users is routed to the internet through a proxy and firewall, we have a DNS server and PDC Server. It is a winXplease network.
Is it a WinXP proxy/firewall? If so, changing *that* box to a Linux box would be my first recommendation.
1) Track an internal PC running a sniffer of some sort, obtain its ip and mac address, then stop it sniffing and maybe kick it off the network.
2) Be alerted when someone tries to sniff from outside, trace him and obtain his details or ISP details.
Define "sniff". If you mean it the same way I do, as in passively listening to as much traffic as possible for analysis in search of weaknesses, then I don't think you can. Listening does not make any noise... it's the basic principle of passive sonar arrays for submarines.
However, if in general you want security tools to detect malicious activity, then I suggest using Shorewall [1] as your firewall package on the Linux box, and Snort [2] for an intrusion detection system (IDS). Both tools are top-of-the-line and will likely do a huge percentage of what you want.
[1] http://www.shorewall.net
[2] http://www.snort.org
Cheers,
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com
