Only slightly related to this question, because it was discovered in the same scan:
Can someone explain how this happened?
When running netdiscover on my home network, my iPod Touch (identified by DHCP-reserved IP address and MAC address) responded to both its own IP address on our 10.x.x.x subnet and to 0.0.0.0 also. Why would this have happened?
EDIT: After letting netdiscover run awhile longer, it seems one of the PS3s on the network is also answering to 0.0.0.0 - why is this?
From the article 0.0.0.0 :
Computers normally show an address of 0.0.0.0 when they are not connected to a TCP/IP network. Having this address, a computer cannot be reached or communicate with any other devices over IP.
TCP/IP software applications also use 0.0.0.0 as a programming technique to monitor network traffic from any valid IP address. While connected computers do not use this address, messages carried over IP sometimes include 0.0.0.0 inside the header when the source of the message is unknown.
Citing also from this thread :
The IP address 0.0.0.0 can have very different meanings, depending on where it's used.
- It's not a valid address to be given to an actual network interface, along with any other address in the 10.0.0.0/8 subnet (i.e. any address starting with 0.).
- It can't be used as the source address on any IP packet, unless this happens when a computer still doesn't know its own IP address and it's trying to acquire one (classic example: DHCP).
- If used in a routing table, it identifies the default gateway; a route to 0.0.0.0 is the default one, i.e. the one used when there is not any more specific route available to a destination address.
- Lastly, when seen in the output of the netstat command (which is what you asked for), it means that a given socket is listening on all the available IP address the computer has; when a computer has more than one IP address, a socket can be bound only to a specific address and port pair, or to a port and all addresses; if you see an IP address there, it means that socket is listening only on that port and that specific address; if you see 0.0.0.0, it means it's listening on that port on all addresses of the machine, including the loopback one (127.0.0.1).
One possibility is a bug in the software on the iPod/PS3, forgetting to abandon the 0.0.0.0 address once a real address was granted by DHCP.
A more ominous possibility is that some software on these devices is listening to everything that passes on your local network. Even though a very tenuous possibility, I would not in your place logon to my bank website while these devices are on the network.
