Last summer I did a short post on detecting servers using tcpdump or windump, syn/ack packets, and a few command line tools. It was.... well, pretty rudimentary. *smile*
This spring I decided to put together a passive service sniffer - "Passer". It can report on live tcp and udp servers and clients, ethernet cards and manufacturers, dns records, operating systems, and routers. If you have nmap installed, it will use nmap's service fingerprint file to get a really good guess at exactly what service is running on a port.
The output is comma separated for easy import into a database, a spreadsheet, or command line tools.
Because it's written in python, it should be portable to almost any operating system. Because of my odd Windows XP set up I hit a snag with the underlying packet capture library (scapy) on windows, but it should work on almost anything with python.
Home site: http://www.stearns.org/passer/
Sample output: http://www.stearns.org/passer/passer.txt
-- Bill Stearns