Abstract. The aim of passive testing is to detect faults in a system while observing the system during normal operation, that is, without forcing the system to specialized inputs explicitly for the purposes of testing. We formulate some general correctness requirements on any passive-testing algorithm which we term soundness and completeness. With respect to these definitions, we show that the homing algorithm, first proposed in [4], and subsequently used in [6][7][8], is sound and complete for passively testing the conformance of an implementation for several distinct conformance notions ranging from trace-containment to observational equivalence to even exact identity. This implies that, for some notions of conformance, there are faulty implementations that would not be detectable by any sound passive testing algorithm. We define a property to be passively testable as one admitting complete fault coverage under passive testing, i.e., one for which any faulty execution can be detected through passive testing. We provide an exact characterization of passively testable properties as being a natural subclass of safety properties, namely, those that are trace-contained in sets that are prefix-and suffix-closed. For such properties, we derive efficient complete passive testing algorithms that take constant time. We demonstrate the applicability of these results to networks and network devices by considering the problem of passively testing an implementation for conformance to the TCP protocol.