1) Use the span port built into many switches.
2) "Hub out" a machine or even a whole segment.
3) Throw a tap on a machine/segment.
Some of it depends on how open or stealthy you are, and what you have access to as far as wiring closets, etc. Even just "hubbing" or tapping a single machine will usually get you enough information to get the IP range, GW, and DNS info.