(C) 1998-2007 - Luca Deri  
Please enable make sure that the ntop html/ directory is properly installed

 

 

Info about client.wns.windows.com

IP Address172.172.255.217 Flag for ISO 3166 code us (from p2c file) [unicast] [ Purge Asset ]
First/Last SeenMon Jun 9 04:16:05 2025  -  Sat Jun 14 00:45:48 2025 [Inactive since 11 sec]
Autonomous System1668
Domainwns.windows.com
Last MAC Address/Router Network Interface Card (NIC)/Router00:24:8C:DE:84:31 
Origin AS1668
Host LocationRemote (outside specified/local subnet)
IP TTL (Time to Live)106:114 [~22 hop(s)]
Total Data Sent9.8 MBytes/40,746 Pkts/0 Retran. Pkts [0%]
Broadcast Pkts Sent0 Pkts
Data Sent Stats
Local 100 %
 
Rem 0 %
IP vs. Non-IP Sent
IP 100 %
 
Non-IP 0 %
Total Data Rcvd7.9 MBytes/65,489 Pkts/0 Retran. Pkts [0%]
Data Rcvd Stats
Local 100 %
 
Rem 0 %
IP vs. Non-IP Rcvd
IP 100 %
 
Non-IP 0 %
Sent vs. Rcvd Pkts
Sent 38.4 %
  
Rcvd 61.6 %
Sent vs. Rcvd Data
Sent 55.3 %
  
Rcvd 44.7 %
Host TypeHTTP Server HTTP Server
Further Host Information[ Whois ] [ ]
Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
  1. Medium RiskSuspicious activities: too many host contacts
  2. Low RiskUnexpected packets (e.g. traffic to closed port or connection reset):
    [Rcvd: rst] 

 

Host Traffic Stats

TimeTot. Traffic Sent% Traffic SentTot. Traffic Rcvd% Traffic Rcvd
12 AM 21.7 KBytes1.8 %20.6 KBytes2.0 %
11 PM 28.3 KBytes2.3 %27.0 KBytes2.6 %
10 PM 28.3 KBytes2.3 %26.8 KBytes2.6 %
9 PM 27.9 KBytes2.3 %26.6 KBytes2.6 %
8 PM 27.9 KBytes2.3 %26.6 KBytes2.6 %
7 PM 27.9 KBytes2.3 %26.6 KBytes2.6 %
6 PM 27.9 KBytes2.3 %26.6 KBytes2.6 %
5 PM 27.9 KBytes2.3 %26.6 KBytes2.6 %
4 PM 28.3 KBytes2.3 %26.7 KBytes2.6 %
3 PM 28.2 KBytes2.3 %26.7 KBytes2.6 %
2 PM 34.5 KBytes2.8 %29.3 KBytes2.9 %
1 PM 15.0 KBytes1.2 %14.1 KBytes1.4 %
12 PM 20.0 KBytes1.7 %19.3 KBytes1.9 %
11 AM 20.8 KBytes1.7 %19.5 KBytes1.9 %
10 AM 26.4 KBytes2.2 %22.1 KBytes2.2 %
9 AM 70.8 KBytes5.9 %47.6 KBytes4.7 %
8 AM 114.4 KBytes9.5 %85.3 KBytes8.4 %
7 AM 87.0 KBytes7.2 %78.6 KBytes7.7 %
6 AM 138.0 KBytes11.4 %98.9 KBytes9.7 %
5 AM 115.4 KBytes9.5 %87.3 KBytes8.5 %
4 AM 106.6 KBytes8.8 %87.3 KBytes8.5 %
3 AM 68.4 KBytes5.7 %61.6 KBytes6.0 %
2 AM 62.7 KBytes5.2 %57.1 KBytes5.6 %
1 AM 55.1 KBytes4.6 %52.6 KBytes5.1 %
Total

 

Packet Statistics

TCP ConnectionsDirected toRcvd From
Attempted0  1,514
Established0  755 [50 %]

TCP FlagsPkts SentPkts Rcvd
SYN0  1,514
RST|ACK52 46
RST3 24

 

Protocol Distribution

ProtocolData SentData Rcvd
TCP9.8 MBytes100% 7.9 MBytes100
Protocol Distribution
IP Distribution

 

Last Contacted Peers

Sent ToIP Address
192.168.1.11 192.168.1.11 
70:71:BC:31:70:0B Network Card  
0.0.0.0 :: 
3C:7C:3F:15:CB:D6 Network Card  
18:66:DA:06:EB:53 Network Card  
1C:6F:65:47:D9:D6 Network Card  
192.168.1.13 192.168.1.13 
70:71:BC:3B:ED:51 Network Card  
Total Contacts7229
Received FromIP Address
3C:7C:3F:15:CB:D6 Network Card  
18:66:DA:06:EB:53 Network Card  
192.168.1.14 192.168.1.14 
192.168.1.11 192.168.1.11 
192.168.1.13 192.168.1.13 
1C:6F:65:47:D9:D6 Network Card  
70:71:BC:3B:ED:51 Network Card  
70:71:BC:31:70:0B Network Card  
Total Contacts7218

 

TCP/UDP Service/Port Usage

IP ServicePort# Client Sess.Last Client Peer# Server Sess.Last Server Peer
https443  1560/12.0 MBytes70:71:BC:3B:ED:51 Network Card

 

TCP/UDP Recently Used Ports

Client PortServer Port
     

 

179 Active TCP/UDP Sessions

ClientServerData SentData RcvdActive SinceLast SeenDurationInactiveLatencyL7 ProtoNote
CPA-RMIRONIUK  VoIP Medium Risk :52359client.wns.windows.com  HTTP Server Low Risk :https17.4 KBytes22.7 KBytesFri Jun 13 09:36:09 2025Sat Jun 14 00:43:57 202515:07:482:02   SYN ACK PUSH 
CPA-GSAULO  VoIP Medium Risk Users P2P Server :56063client.wns.windows.com  HTTP Server Low Risk :https165.4 KBytes195.0 KBytesFri Jun 13 09:41:10 2025Sat Jun 14 00:45:15 202515:04:0544 sec   SYN ACK PUSH 
CPA-Envios Medium Risk Users :56170client.wns.windows.com  HTTP Server Low Risk :https115.2 KBytes136.0 KBytesFri Jun 13 14:18:42 2025Sat Jun 14 00:45:48 202510:27:0611 sec   SYN ACK PUSH 

The color of the host link indicates how recently the host was FIRST seen
  0 to 5 minutes     5 to 15 minutes     15 to 30 minutes     30 to 60 minutes     60+ minutes  
Report created on Sat Jun 14 00:45:59 2025 [ntop uptime: 4 days 20:33:13]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)