Re: RE: Discovering network subnets

[nobody () nowhere com]

Nope. According to your example, you have defined two networks:

10.0.0.0/23
10.0.1.0/23

10.0.{0,1}.255 would be the broadcast address for each one
10.0.{0,1}.0 would <still> be the network address itself - not a host address

There's only one valid application/use of .0 as a host address - check http://www.ietf.org/rfc/rfc3021.txt?number=3021 
- which also includes a lot if interesting pointers to other RFCs and addressing rules for IPv4.

Considering the answers Hannibal got, I tend to think the packet to .0 got translated by a route connected to that 
network to an L2 broadcast - and more than one host received it and replied to it. So actually those open ports could 
come from one, two, or three different hosts.

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------