Active network scanning injects traffic into a network and observes responses to draw conclusions about the network. Passive network analysis works by looking at network meta data or by analyzing traffic as it traverses a fixed point on the network. It may be infeasible or inappropriate to scan critical infrastructure networks.
Techniques exist to uniquely map assets without resorting to active scanning. In many cases, it is possible to characterize and identify network nodes by passively analyzing traffic flows. These techniques are considered in particular with respect to their application to power industry critical infrastructure.