Hi, Let me start right off by saying I am not trying to circumvent the security policy of my office, even though this will sound like that's what I'm trying to do. My office recently instituted a very strict firewall policy which forbids tunneling traffic. Prior to that, I would use putty from my XP desktop to reach a server in our DMZ. I would have an ssh session open for hours and I would often tunnel traffic to administer a sybase database. With the new policy I can still establish and maintain an ssh session for as long as I want but my connection is instantly closed if I try to tunnel. What I would like to know is, how is the tunnel detected? I've always assumed that once my ssh session is made that every packet would be completely encrypted, even the headers of the tunneled packets. So even if the tunnel used GRE (or whatever) it would be encrypted too. Clearly that's not the case. So, how is my tunnel detected? And no I'm not going to keep trying, this is a fireable offense! Gary H.