SQL injection work for sites that use a SQL Database engine to retrieve login information and such by using stored procedures, you can get the table names and such by using injections and retrieving errors, you can then inject the right SQL command to get the target to use the specified database table. Yes sites can track Bruteforce password breakers (That is why Brutus has the option to use a proxy server), a packet sniffer is a tool that capture packets between a router and another computer or another computer and another computer from your computer, the main reason to sniff packets wireless is to get the password, the main reason to sniff between computers is to engage a man in the middle attack by sniffing with APR (Cain and Able is a good tool to use for that), sniffers can not be tracked, reason is that you never made any contact with any of the remote computers you are monitoring, all you are doing is capturing data as is flows on the network. Then linux is the best for hacking because tools like Ophcrack, Aircrack-ng, Nessus, pdf-crack, and a few other much needed hacking tools work best on linux, e.g: Aircrack-ng for linux can inject packets into wireless network by using Aireplay-ng and its all free. Linux can have 10 IP addresses on one network interface, it can be a router, it can be dns server by one simple command, it is very good with NAT. Put webmin on and you can control the linux box from anywhere the same way you do with a linksys router (for example), and it is all free. If you have tools that only work on windows and you need them then get wine windows emulator for linux by using this command you have it:

apt-get install wine

and in seconds you will be able to run windows apps in linux.
Most people still prefer windows but I use them both so that I can do basically anything.