Which discovery approach relies on passively monitoring traffic to identify devices and connections?

Passive discovery centers on listening to what the network is already doing rather than sending out probes. It identifies devices and how they’re connected by passively observing traffic, using methods like network taps or span ports, and analyzing flow data (such as NetFlow/sFlow) or protocol exchanges (ARP, DHCP, neighbor discovery). Because no active probes are sent, this approach is stealthy, reduces impact on the network, and is well-suited for continuous visibility and post-incident investigations. It can miss assets that aren’t communicating at the moment or reside on isolated segments. In contrast, active discovery probes the network to elicit responses, which can reveal devices but increases traffic and detectability, while other terms imply different scopes or data sources rather than the passive listening method.