I have been playing with nmap lately, trying out arp-ping scanning and using idle hosts, etc...
Looking at Wireshark, there is always some suspicious activity when performing scans. The thing is, I do have to scan to find idle hosts to use and whichever type of scan I use is never 100% silent. There is always suspicious traffic and/or logs in the target machines.
So I had this idea: why not use Wireshark as a scanner? Instead of actively scanning machines I could just start Wireshark or a similar sniffing program and watch how machines interact with one another in the network with the data being stored in a database.
My question is, is there any program or Wireshark mode/module/etc that already does that?