Info about CPA-FBRECCIA

Please enable make sure that the ntop html/ directory is properly installed

Info about CPA-FBRECCIA

IP Address 192.168.1.16 [unicast] [ Purge Asset ]

First/Last Seen Mon Jun 9 04:12:46 2025 - Fri Jun 13 23:22:49 2025 [Inactive since 0 sec]

MAC Address Network Interface Card (NIC) 04:D9:F5:32:79:12

OS Name OS: Windows [Windows XP Pro, Windows 2000 Pro]

Host Location Local (inside specified/local subnet)

IP TTL (Time to Live) 1:128 [~0 hop(s)]

Total Data Sent 1.5 GBytes/7,285,695 Pkts/0 Retran. Pkts [0%]

Broadcast Pkts Sent 4,647 Pkts

Multicast Traffic Sent 1.0 MBytes/6,514 Pkts

Data Sent Stats
0 %

Rem 100 %

IP vs. Non-IP Sent
IP 100 %

Non-IP 0 %

Total Data Rcvd 11.7 GBytes/11,247,505 Pkts/0 Retran. Pkts [0%]

Data Rcvd Stats
0 %

Rem 100 %

IP vs. Non-IP Rcvd
IP 100 %

Non-IP 0 %

Sent vs. Rcvd Pkts
Sent 39.3 %

Rcvd 60.7 %

Sent vs. Rcvd Data
Sent 11.2 %

Rcvd 88.8 %

Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host Type VoIP Host VoIP

Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
Wrong network mask or bridging enabled
Suspicious activities: too many host contacts
Unexpected packets (e.g. traffic to closed port or connection reset):

Unexpected packets (e.g. traffic to closed port or connection reset):
[Rcvd: rst] [Sent: closed-empty] [Rcvd: hostnet unreac]

Host Traffic Stats

Time	Tot. Traffic Sent	% Traffic Sent	Tot. Traffic Rcvd	% Traffic Rcvd
11 PM	1.6 MBytes	0.6 %	1.0 MBytes	0.1 %
10 PM	4.1 MBytes	1.4 %	2.8 MBytes	0.1 %
9 PM	4.4 MBytes	1.5 %	2.9 MBytes	0.1 %
8 PM	4.0 MBytes	1.4 %	2.7 MBytes	0.1 %
7 PM	4.1 MBytes	1.4 %	3.1 MBytes	0.1 %
6 PM	4.7 MBytes	1.6 %	3.1 MBytes	0.2 %
5 PM	4.3 MBytes	1.5 %	2.9 MBytes	0.1 %
4 PM	4.4 MBytes	1.5 %	2.8 MBytes	0.1 %
3 PM	6.0 MBytes	2.1 %	33.0 MBytes	1.6 %
2 PM	5.5 MBytes	1.9 %	7.3 MBytes	0.4 %
1 PM	7.2 MBytes	2.5 %	47.5 MBytes	2.3 %
12 PM	18.1 MBytes	6.1 %	261.5 MBytes	12.8 %
11 AM	11.4 MBytes	3.9 %	137.8 MBytes	6.7 %
10 AM	71.5 MBytes	24.3 %	274.5 MBytes	13.4 %
9 AM	15.6 MBytes	5.3 %	90.2 MBytes	4.4 %
8 AM	11.0 MBytes	3.7 %	46.9 MBytes	2.3 %
7 AM	25.6 MBytes	8.7 %	584.1 MBytes	28.6 %
6 AM	30.1 MBytes	10.2 %	322.9 MBytes	15.8 %
5 AM	30.3 MBytes	10.3 %	197.1 MBytes	9.6 %
4 AM	7.0 MBytes	2.4 %	3.3 MBytes	0.2 %
3 AM	5.9 MBytes	2.0 %	3.3 MBytes	0.2 %
2 AM	5.8 MBytes	2.0 %	3.1 MBytes	0.2 %
1 AM	5.8 MBytes	2.0 %	6.0 MBytes	0.3 %
12 AM	5.6 MBytes	1.9 %	3.1 MBytes	0.2 %
Total

Packet Statistics

TCP Connections	Directed to		Rcvd From
Attempted	114,814	hbrt.adobe.com mail.google.com addons-pa.clients6.google.com polka.typekit.com v10.events.data.microsoft.com business.facebook.com accounts.google.com array816.prod.do.dsp.mp.microsoft.com	0
Established	55,415 [48 %]	config.teams.microsoft.com business.facebook.com mail.google.com addons-pa.clients6.google.com polka.typekit.com v10.events.data.microsoft.com accounts.google.com array816.prod.do.dsp.mp.microsoft.com	47	2.22.149.144 dz7188oz6lnyb.cloudfront.net p77-sign-sg.tiktokcdn.com cm.g.doubleclick.net b1sync.outbrain.com ms-cookie-sync.presage.io www.temu.com visitor.omnitagjs.com
Terminated	197	lax1-ib.adnxs.com 200.69.128.1 fastlane.rubiconproject.com analytics.300624.com analytics.300624.com hbrt.adobe.com ms-cookie-sync.presage.io secure.adnxs.com	0

TCP Flags	Pkts Sent		Pkts Rcvd
SYN	114,814	hbrt.adobe.com mail.google.com addons-pa.clients6.google.com polka.typekit.com v10.events.data.microsoft.com business.facebook.com accounts.google.com array816.prod.do.dsp.mp.microsoft.com	0
RST\|ACK	9,646	polka.typekit.com polka.typekit.com settings-win.data.microsoft.com settings-win.data.microsoft.com config.edge.skype.com polka.typekit.com www.bing.com polka.typekit.com	910	nexus.officeapps.live.com config.teams.microsoft.com hbrt.adobe.com array816.prod.do.dsp.mp.microsoft.com nexus.officeapps.live.com config.teams.microsoft.com config.teams.microsoft.com nexusrules.officeapps.live.com
RST	0		3,683	luna.avcdn.net utut-service.adobe.com ss-prod-ue1-ns.aws.adobess.com ss-prod-ue1-ns.aws.adobess.com ss-prod-ue1-ns.aws.adobess.com notify.adobe.io ss-prod-ue1-ns.aws.adobess.com ss-prod-ue1-ns.aws.adobess.com
NULL	762	stun.l.google.com 177.71.206.206	0

Anomaly	Pkts Sent to		Pkts Rcvd from
Closed Empty TCP Conn.	197	lax1-ib.adnxs.com 200.69.128.1 fastlane.rubiconproject.com analytics.300624.com analytics.300624.com hbrt.adobe.com ms-cookie-sync.presage.io secure.adnxs.com	0
ICMP Net Unreachable	0		17	200.80.220.74 00:24:8C:DE:84:31

ARP	Packet
Request Sent	376
Reply Rcvd	78 (20.7 %)
Reply Sent	11,396

Protocol Distribution

Protocol

Data Sent

Data Rcvd

TCP

1.4 GBytes

11.7 GBytes

UDP

91.7 MBytes

12.3 MBytes

ICMP

80.1 KBytes

40.5 KBytes

ICMPv6

0.1 KBytes

0.0 KBytes

IPv6

0.1 KBytes

0.0 KBytes

(R)ARP

528.8 KBytes

313.7 KBytes

IGMP

0.4 KBytes

0.0 KBytes

Protocol Distribution

IP Distribution

ICMP Traffic

Type	Pkt Sent	Pkt Rcvd
Echo Request	774	0
Echo Reply	0	113
Unreach	0	17
Time Exceeded	0	273

Last Contacted Peers

Sent To	IP Address
waa-pa.clients6.google.com	142.251.129.106
play.google.com	216.58.202.78
peoplestack-pa.clients6.google.com	142.251.129.170
ssl.gstatic.com	142.251.128.131
00:24:8C:DE:84:31
business.facebook.com	31.13.94.19
ss-prod-ue1-ns.aws.adobess.com	52.87.25.189
mtalk.google.com	172.217.192.188
Total Contacts	400760

Received From	IP Address
waa-pa.clients6.google.com	142.251.129.106
play.google.com	216.58.202.78
ss-prod-ue1-ns.aws.adobess.com	52.87.25.189
peoplestack-pa.clients6.google.com	142.251.129.170
ssl.gstatic.com	142.251.128.131
00:24:8C:DE:84:31
business.facebook.com	31.13.94.19
mtalk.google.com	172.217.192.188
Total Contacts	356624

IP Service Stats: Client Role

	# Loc. Req. Sent		# Rem. Req. Sent		# Pos. Reply Rcvd		# Neg. Reply Rcvd		Local RndTrip	Rem RndTrip
DNS	27,189	40.0%	39,234	59.0%	62,350	99.0%	477	0.0%	0.0 ms - 366986.4 sec	2.7 ms - 196910.0 sec
HTTP	0	0.0%	0	0.0%	18	100.0%	0	0.0%	0.0 ms - 0.0 ms	0.0 ms - 0.0 ms

TCP/UDP Service/Port Usage

IP Service	Port	# Client Sess.	Last Client Peer	# Server Sess.	Last Server Peer
domain	53	61440/12.2 MBytes	00:24:8C:DE:84:31
www	80	6175/1.7 GBytes	ctldl.windowsupdate.com
ntp	123	6/288	time.windows.com	6/288	time.windows.com
https	443	7015/10.5 GBytes	ss-prod-ue1-ns.aws.adobess.com

TCP/UDP - Traffic on Other Ports

Client Port	Server Port
56281

TCP/UDP Recently Used Ports

Client Port	Server Port
56281	mdns

P2P Recently Exchanged Files

File Name
<unknown file>

135 Active TCP/UDP Sessions

Client	Server	Data Sent	Data Rcvd	Active Since	Last Seen	Duration	Inactive	Note
business.facebook.com :https	CPA-FBRECCIA :56279	40	40	Fri Jun 13 23:11:41 2025	Fri Jun 13 23:11:41 2025	0 sec	11:08	ACK
business.facebook.com :https	CPA-FBRECCIA :56280	40	40	Fri Jun 13 23:11:42 2025	Fri Jun 13 23:11:42 2025	0 sec	11:07	ACK
business.facebook.com :https	CPA-FBRECCIA :56285	40	40	Fri Jun 13 23:12:52 2025	Fri Jun 13 23:12:52 2025	0 sec	9:57	ACK
business.facebook.com :https	CPA-FBRECCIA :56286	40	40	Fri Jun 13 23:12:53 2025	Fri Jun 13 23:12:53 2025	0 sec	9:56	ACK
business.facebook.com :https	CPA-FBRECCIA :56290	40	40	Fri Jun 13 23:14:41 2025	Fri Jun 13 23:14:41 2025	0 sec	8:08	ACK
business.facebook.com :https	CPA-FBRECCIA :56292	40	40	Fri Jun 13 23:14:41 2025	Fri Jun 13 23:14:41 2025	0 sec	8:08	ACK
business.facebook.com :https	CPA-FBRECCIA :56293	40	40	Fri Jun 13 23:15:46 2025	Fri Jun 13 23:15:46 2025	0 sec	7:03	ACK
business.facebook.com :https	CPA-FBRECCIA :56295	40	40	Fri Jun 13 23:15:57 2025	Fri Jun 13 23:15:57 2025	0 sec	6:52	ACK
business.facebook.com :https	CPA-FBRECCIA :56298	40	40	Fri Jun 13 23:17:02 2025	Fri Jun 13 23:17:02 2025	0 sec	5:47	ACK
business.facebook.com :https	CPA-FBRECCIA :56299	40	40	Fri Jun 13 23:17:09 2025	Fri Jun 13 23:17:09 2025	0 sec	5:40	ACK
business.facebook.com :https	CPA-FBRECCIA :56302	40	40	Fri Jun 13 23:18:12 2025	Fri Jun 13 23:18:12 2025	0 sec	4:37	ACK
business.facebook.com :https	CPA-FBRECCIA :56303	40	40	Fri Jun 13 23:18:41 2025	Fri Jun 13 23:18:41 2025	0 sec	4:08	ACK
business.facebook.com :https	CPA-FBRECCIA :56306	40	40	Fri Jun 13 23:19:41 2025	Fri Jun 13 23:19:41 2025	0 sec	3:08	ACK
business.facebook.com :https	CPA-FBRECCIA :56308	40	40	Fri Jun 13 23:19:51 2025	Fri Jun 13 23:19:51 2025	0 sec	2:58	ACK
business.facebook.com :https	CPA-FBRECCIA :56313	40	40	Fri Jun 13 23:20:56 2025	Fri Jun 13 23:20:56 2025	0 sec	1:53	ACK
business.facebook.com :https	CPA-FBRECCIA :56314	40	40	Fri Jun 13 23:20:58 2025	Fri Jun 13 23:20:58 2025	0 sec	1:51	ACK
business.facebook.com :https	CPA-FBRECCIA :56316	40	40	Fri Jun 13 23:22:41 2025	Fri Jun 13 23:22:41 2025	0 sec	8 sec	ACK
CPA-FBRECCIA :56317	business.facebook.com :https	5.0 KBytes	5.3 KBytes	Fri Jun 13 23:22:41 2025	Fri Jun 13 23:22:41 2025	0 sec	8 sec	SYN ACK PUSH
business.facebook.com :https	CPA-FBRECCIA :56318	40	40	Fri Jun 13 23:22:41 2025	Fri Jun 13 23:22:41 2025	0 sec	8 sec	ACK
CPA-FBRECCIA :56315	array816.prod.do.dsp.mp.microsoft.com :https	1.8 KBytes	3.4 KBytes	Fri Jun 13 23:21:37 2025	Fri Jun 13 23:21:38 2025	1 sec	1:11	SYN ACK PUSH
CPA-FBRECCIA :56251	ssl.gstatic.com :https	28.4 KBytes	36.7 KBytes	Fri Jun 13 23:05:28 2025	Fri Jun 13 23:22:37 2025	17:09	12 sec	SYN ACK PUSH
CPA-FBRECCIA :56262	ssl.gstatic.com :https	14.2 KBytes	17.3 KBytes	Fri Jun 13 23:06:39 2025	Fri Jun 13 23:22:47 2025	16:08	2 sec	SYN ACK PUSH
CPA-FBRECCIA :56266	prod-dynamite-prod-02-us-signaler-pa.clients6.google.com :https	35.4 KBytes	17.4 KBytes	Fri Jun 13 23:07:41 2025	Fri Jun 13 23:22:26 2025	14:45	23 sec	SYN ACK PUSH
CPA-FBRECCIA :56259	www.googleapis.com :https	11.0 KBytes	10.5 KBytes	Fri Jun 13 23:06:22 2025	Fri Jun 13 23:22:11 2025	15:49	38 sec	SYN ACK PUSH
CPA-FBRECCIA :56260	www.googleapis.com :https	64.9 KBytes	64.6 KBytes	Fri Jun 13 23:06:22 2025	Fri Jun 13 23:22:44 2025	16:22	5 sec	SYN ACK PUSH
CPA-FBRECCIA :56310	hbrt.adobe.com :https	208	0	Fri Jun 13 23:19:59 2025	Fri Jun 13 23:20:13 2025	14 sec	2:36	SYN
CPA-FBRECCIA :56307	polka.typekit.com :https	2.9 KBytes	5.3 KBytes	Fri Jun 13 23:19:48 2025	Fri Jun 13 23:22:36 2025	2:48	13 sec	SYN ACK PUSH
CPA-FBRECCIA :56312	accounts.google.com :https	6.5 KBytes	5.3 KBytes	Fri Jun 13 23:20:52 2025	Fri Jun 13 23:22:22 2025	1:30	27 sec	SYN ACK PUSH
CPA-FBRECCIA :56252	chat.google.com :https	455.4 KBytes	168.3 KBytes	Fri Jun 13 23:05:29 2025	Fri Jun 13 23:22:42 2025	17:13	7 sec	SYN ACK PUSH
CPA-FBRECCIA :56253	chat.google.com :https	304.1 KBytes	93.5 KBytes	Fri Jun 13 23:05:29 2025	Fri Jun 13 23:22:41 2025	17:12	8 sec	SYN ACK PUSH
CPA-FBRECCIA :62274	mtalk.google.com :https	82.9 KBytes	228.5 KBytes	Fri Jun 13 02:56:59 2025	Fri Jun 13 23:22:47 2025	20:25:48	2 sec	SYN ACK PUSH
CPA-FBRECCIA :50870	client.wns.windows.com :https	146.1 KBytes	172.6 KBytes	Fri Jun 13 10:06:09 2025	Fri Jun 13 23:22:10 2025	13:16:01	39 sec	SYN ACK PUSH
CPA-FBRECCIA :56281	ss-prod-ue1-ns.aws.adobess.com :https	23.0 KBytes	27.9 KBytes	Fri Jun 13 23:12:31 2025	Fri Jun 13 23:22:49 2025	10:18	0 sec	SYN ACK PUSH

The color of the host link indicates how recently the host was FIRST seen
0 to 5 minutes	5 to 15 minutes	15 to 30 minutes	30 to 60 minutes	60+ minutes

Report created on Fri Jun 13 23:22:49 2025 [ntop uptime: 4 days 19:10:03]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)