By default include private IP addresses?

[jbremer]

Up for discussion: right now we ignore private IP addresses during our reporting process. I'm considering adding them anyway - or, at least, interesting private IP addresses, not broadcast addresses etc.
There have been some samples, e.g., metasploit payloads, that connect to local IP addresses and it would also be useful to see if samples are connecting to the gateway (i.e., 192.168.56.1 with default vboxnet0).
As part of this inclusion we should also add a "private": true/false field for each IP address mentioned in the report and by default not display private IP addresses in the web interface.

[Popsiclestick]

I think this would be a useful feature. One of the first payloads I tested was some of the metasploit reverse payloads and the analysis component couldn't make heads or tails of it. It wouldn't be unreasonable to think a piece of malware detects IP space and starts looking for things on its local subnet to scan/attack/whatever. The feature could definitely be toggleable.