The diff command finds differences between the object that should be installed in a host, and the one really installed. It basically generates the object for that host, and makes a ``diff -u'' between this object and the one installed in the remote host.
It's very useful to see if a host has the latest version of an object.