What does passive scanning typically look for?

Passive scanning primarily involves monitoring the network environment without actively engaging with or probing the systems. This method allows for the collection of data regarding network elements and activities without drawing attention to the scanning process itself.

In the context of detecting rogue devices, passive scanning is particularly effective because it relies on observing network traffic and identifying unauthorized devices that may be attempting to connect to or communicate over the network. By analyzing the transmission of packets and other communications, security professionals can identify devices that do not belong to the organization and take appropriate action to mitigate the risks posed by these rogue entities.

Although other options may involve certain aspects of network monitoring, they typically require active scanning techniques. For instance, identifying open connection ports or detecting active intrusions would generally necessitate sending specific requests or probes to gather detailed responses, which is not characteristic of passive scanning. Similarly, while monitoring for unencrypted data packets can involve some passive techniques, it more often involves active measures to ensure secure communications.