Passive scanning of the LAN: you can retrieve info about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and estimated distance in hops.
The Tenable Passive Vulnerability Scanner (PVS) can find out what is happening on your network without actively scanning it. Each PVS monitors your network for vulnerable systems, watches for potential application compromises, client and server trust rela ...
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 ...