Hi, > maybe setup an acl for port range 137 to 139 with log > then check on the logg OS fingerprinting with ISC DHCPD (if you have a DHCP environment) tcpdump listening to a PSAN intance on that subnet...very soon you'll see all the pretty broadcast rubbish from the windows hosts alan