What does 0.0.0.0 mean
Monah Baki
monahbaki at gmail.com
Fri Aug 29 08:38:07 EDT 2014
Hello,
I’m running argus 3.0.8 with the following command:
racluster -r argus.out -m saddr sport -s saddr sport daddr dport
sbytes | grep 0.0.0.0
8.18.45.80.https 0.0.0.0 4219
10.1.0.8.svrloc 0.0.0.0 64752
10.1.0.52.0x0008 161.203.16.0.0x0000 84770
10.1.0.182.ntp 0.0.0.0.ntp 1900
10.1.0.209.ntp 0.0.0.0.ntp 630
10.1.0.224.https 0.0.0.0 20426444
10.1.0.224.ipsec* 0.0.0.0 32044
10.1.0.225.netse* 0.0.0.0.http 4103
10.1.0.225.45809 0.0.0.0.http 4480
10.1.0.225.50857 0.0.0.0.http 5519
10.1.0.225.56688 0.0.0.0.http 3573
10.1.44.7.50079 0.0.0.0.domain 648
10.1.44.7.52348 0.0.0.0.domain 774
10.1.44.7.54011 0.0.0.0.domain 774
10.1.44.7.57264 0.0.0.0.domain 648
10.1.44.100.0x0008 75.75.75.75.0x0004 490
10.1.44.134.50026 0.0.0.0.domain 774
10.1.44.134.58524 0.0.0.0.domain 648
10.1.44.134.60525 0.0.0.0.domain 774
10.1.44.134.65172 0.0.0.0.domain 648
10.1.44.156.0x0008 75.75.72.0.0x0004 784
10.1.44.170.0x0008 75.75.72.0.0x0004 980
10.1.44.170.incog* 0.0.0.0 366
10.1.44.170.armi-* 0.0.0.0.http 11872
10.1.44.170.t1-e1* 0.0.0.0 1063
10.1.44.170.avsec* 160.0.0.0.http 2629
10.1.44.170.syssc* 0.0.0.0.http 3638
10.1.44.170.pda-s* 0.0.0.0 2458
10.1.44.170.semap* 0.0.0.0 6129
10.1.44.170.cpqrp* 0.0.0.0 965
10.1.44.170.cpqrp* 0.0.0.0.https 7988
10.1.44.170.iveco* 0.0.0.0 4731
10.1.44.170.epncd* 0.0.0.0.https 8210
10.1.44.170.ccmail 0.0.0.0 1413
10.1.44.170.pdrncs 0.0.0.0 1536
10.1.44.170.3300 0.0.0.0.http 9946
10.1.44.170.opses* 0.0.0.0.http 8410
10.1.44.170.odett* 0.0.0.0.http 9771
10.1.44.170.mysql 0.0.0.0.http 492
What does the 0.0.0.0 mean?
If I run the same command but omit (saddr sport in –m)
racluster -r argus.out -m -s saddr sport daddr dport sbytes | grep 0.0.0.0
I do not see any daddr with 0.0.0.0
Thank you
Monah
More information about the argus
mailing list