diff --git a/todo/nmap.txt b/todo/nmap.txt
index c235fb89d..1288d609a 100644
--- a/todo/nmap.txt
+++ b/todo/nmap.txt
@@ -157,6 +157,9 @@ o Further brainstorm and consider implementing more prerule/postrule
      port numbers individually and the hosts which had that port open
      (e.g. so you can see all the ssh servers at once, etc.)
      Admittedly you can do that pretty easy with Zenmap instead.
+   o We could have a prerule sniffer script which uses pcap to sniff
+     traffic for some short configurable amount of time and then adds the
+     discovered hosts to the target list.
    o [Implemented] dns-zone-transfer
    o [Implemented, but a joke] http-california-plates