There are many possibilities to how you can implement and use a HiPPIE system.  However, most of those options fall back upon two larger options for implementation: Active and Passive.  On many levels there is no difference between the two, short of one main function.  The following document explains the difference in these two options, the advantages and disadvantages of each, and so on.

The first key piece of information to understand about the difference between an active implementation and a passive one is the positioning of your HiPPIE system.  Active systems are those systems that sit "inline" to the flow of traffic in your network, much as a firewall or switch or router would.  They must actively move the traffic in and out of the system, either as a bridge or as a routing device, in order to meet this type of implementation.  There are a few upsides to this implementation over passive, but some downfalls as well.  Passive implementations on the other hand are implementations that are fed packets for analysis through some third-party means, such as a network tap.  Because of this, they are not quite as capable in some areas as an active implementation, but also limit some of the downfalls of an active implementation.

The Main Difference

The single greatest advantage to an active HiPPIE implementation is the ability to filter packets based on the recognition that HiPPIE provides.  Any other use of HiPPIE could almost certainly be met by a passive installation of HiPPIE.  So, what an active installation really provides is the ability to use netfilter to actively throw away packets or sessions that meet certain protocol criteria.  Whether this is attempting to filter peer-to-peer traffic, limiting usage of other protocols on your network to only certain systems, such as only allowing SMTP traffic to and from your mail servers, or simply recognizing and stopping other non-standard usages of standard protocols on your network, an active HiPPIE installation is wonderfully capable of this. 

However, to implement HiPPIE in an active manner also leaves you with one potential downfall.  Because the system must be inline to your network, if the system were to go into an error state, it could potentially break the connections that flow through the system, leaving your network down.  There are ways to mitigate this problem, which are discussed elsewhere, but for the time being, only that recognition is necessary in making your decision.  If you purely intend to use HiPPIE as a "crystal ball" type look into what is happening in your network, then a passive installation will more than meet your needs.  But if your choice is to want to filter packets, then active is the way to go.

Regardless, there is one beautiful thing to point out at this point.  As far as the actual configuration of HiPPIE itself, there is no difference between an active and passive implementation of HiPPIE, as they differ only in how the information obtained through HiPPIE is used.  That being the case, should you patch a kernel with HiPPIE one time for a passive installation, but decide on a whim to insert HiPPIE into a bridged active mode, it could be done without reconfiguring HiPPIE.  In the same manner, should you choose to build a system prepared for an active installation, but first want to test the capabilities in a passive manner, you can do so without reconfiguration as well.

Now that you have a bit more information about this difference, you can continue through with installing HiPPIE, either Active, or Passive.