Hello Joe,
thank you very much for your words about pmacct.
On Tue, Jul 05, 2005 at 04:42:59PM -0600, Joe Nelson wrote:
> I have seen a lot of traffic on 0.0.0.0 (about 400 GB since the
> beginning of this month!). As far as I know, that's not a valid IP
> address. When I do tcpdump on my main router, I don't see anything
> directly addressed to 0.0.0.0. Does anyone have any idea why I would
> see so much traffic being accounted on this address?
It's very likely that you have specified a Networks definition file
('networks_file'). When an host (that either transmits or receives a
packet) is not included in any of the defined networks, it is rewritten
as '0.0.0.0' (a shotcut to specify an unknown/foreign host). Moreover,
because it's usual to define the local networks into the 'networks_file',
the '0.0.0.0' helps in metering how much traffic the defined networks
exchange with the rest of the world.
Cheers,
Paolo
