A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchange which carries user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging on. What do you think is the most likely reason behind this?

A.
L0phtcrack only sniffs logons to web servers

B.
Kerberos is preventing it

C.
There is a NIDS present on that segment

D.
Windows logons cannot be sniffed

Explanation:
In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.