Passive OS fingerprinting is based on information coming from a remote host when it establishes a connection to our system. Captured packets contain enough information to identify the operating system. In contrast to active scanners such as nmap and QueSO, p0f does not send anything to the host being identified. For more information, refer to Lance Spitzner's old paper about passive OS fingerprinting: http://old.honeynet.org/papers/finger/. Use of this program requires read access to the packet filtering device, typically /dev/bpf0. Granting such access allows the users who have it to put your Ethernet device into promiscuous mode and sniff your network. Running p0f with no options will cause it to analyze packets intended for other hosts.