Gartner analyst John Pescatore: “An apparent increase in scanning activity may signal an impending malicious-code attack exploiting a critical Windows vulnerability” Since when is remote reconnaissance considered “sniffing”? Sniffing is a term reserved for inspecting traffic either on the wire or passed via RF. The word implies having a degree of access to an enterprise completely unrelated to conducting port scans. I do not know what motivated an outfit like Gartners to apply “snifing” to the scanning activity in question.”]
Source: https://taosecurity.blogspot.com/2005/06/ids-is-dead-prophet-misunderstands.html