Unlike, "normal" scan methods, passive scanning does NOT send any packets.
Basically, this scan method works like a sniffer. It listens to the packets that comes through the network, but, unlike network sniffers, not all packets are memorized. Each received packet is analyzed and if it's type is recongnized, some relevant informations are extracted and memorized. Based on extracted informations, there is an aggregation mechanism implemented that associates the analyzed packets with hosts.
Analyzed packet typesCurrently, the analyzed packet types are (highest protocol mentioned):
As a work in progress and future development, the following packet types will be analyzed:
Passive scanning also counts received packets, maintaining counters for the following types:
[ User Guide ]