Passive attacks are very hard to detect since they leave little or no trace of activity. In a passive attack, the attacker monitors and maybe records the data that passes by on the network. Eavesdropping and traffic analysis are types of passive attacks.
In active attacks, the attacker takes an active part in the communication. The attacker modifies or deletes data belonging to the stream coming from a legitimate party, inserts extra data to the stream, or initiates direct connections. Active attacks are usually easier to detect but they also cause most harm. IP spoofing, TCP hijacking, replay, routing spoofing, and denial of service (DoS) are types of active attacks.