In recent years there has been an increased push to secure critical ICS infrastructures by
introducing information security management systems. One of the first steps in the ISMS
lifecycle is to identify which assets are present in the infrastructure and to determine which ones
are critical for operations. This is a challenge because, for various reasons, the documentation of
the current state of Industrial Control System networks is often not up-to-date. Classic inventorying techniques such as
active network scanning cannot be used to remedy this because ICS devices tend to be sensitive
to unexpected network traffic. Active scanning of these systems can lead to physical damage and
even injury. This paper introduces a passive network analysis approach to starting, verifying
and/or supplementing an ICS asset inventory. Additionally, this type of analysis can also provide
some insight into the ICS network’s current security posture.

Jennifer Ann Janesko wrote nice whitepaper about passive analyses of PCNs.

You can download full whitepaper at