Looking at their literature briefly, they do not actually scan anything at all, they simply analyze traffic and generate some form of baseline. in future, deviations from that baseline would be flagged, or so it seems. this box would apparently sit on a mirror port, just watching data, like snort does, infact, it probably *IS* snort. if, as their literature says, no packets leave the box whatsoever, you cna't actually doa network scan at all, a la nessus, but just watch and look for abnormalities.
|