During an internal network active reconnaissance, the entire local network can be scanned using nmap (nmap -v -sn IPrange) to sniff the ARP broadcasts. In addition, Kali has arp-scan (arp-scan IP range) to identify a list of hosts that are alive on the same network.
The following screenshot of Wireshark provides the traffic generated at the target when arp-scan is run against the entire subnet. This is considered to be a non-stealthy scan: