Put the sniffer on a computer that connects to the same HUB that the test computer is on. Don't use a switch though. Set the sniffer to monitor the traffic based on the MAC address of the test computer.

Breaking in from the LAN would show the same thing as from the Internet. It would be much faster though.

Thanks for the info. So would a sniffer be a good way to have/view the data on what I did? Will I be able to see what I did using the sniffer? I'm new to sniffers so I'm unsure. I want to be able to look at the data the sniffer grabbed and be able to see exactly what I did and see how it matches up with the notes that I'll take while I'm actually doing the stuff.

Yes, it will be good but should not be the only tool you use. The logs of the server's services will also be a helpful tool.

...and here's another recent thread relating to this question... http://www.sysopt.com/forum/Forum9/HTML/004748.html

Sniffers...what would be a good way to setup a sniffer to monitor what is going on on a particular machine? I have a server (NT 4) that I want to attempt to compromise. It will be out on the Internet with its own unique ip address. If I set a sniffer up on the server would that keep track of what's going on when I attempt to break in? I have NAI's Sniffer Pro v3.5 but have yet to use it. Would setting up the server internally (on the LAN) and breaking in from the LAN first be a good way to get started? Any help would be great.