Info about CPA-GAROFALO

Please enable make sure that the ntop html/ directory is properly installed

Info about CPA-GAROFALO

IP Address 192.168.1.15 [unicast] [ Purge Asset ]

First/Last Seen Mon Jun 9 05:18:33 2025 - Sat Jun 14 00:16:15 2025 [Inactive since 1 sec]

MAC Address Network Interface Card (NIC) 2C:F0:5D:99:7A:79

OS Name OS: Windows [Windows XP Pro, Windows 2000 Pro]

Host Location Local (inside specified/local subnet)

IP TTL (Time to Live) 1:128 [~0 hop(s)]

Total Data Sent 1.4 GBytes/8,184,834 Pkts/0 Retran. Pkts [0%]

Broadcast Pkts Sent 10,887 Pkts

Multicast Traffic Sent 1.1 MBytes/11,127 Pkts

Data Sent Stats
Local 0.6 %

Rem 99.4 %

IP vs. Non-IP Sent
IP 100 %

Non-IP 0 %

Total Data Rcvd 14.2 GBytes/13,643,543 Pkts/0 Retran. Pkts [0%]

Data Rcvd Stats
0 %

Rem 100 %

IP vs. Non-IP Rcvd
IP 100 %

Non-IP 0 %

Sent vs. Rcvd Pkts
Sent 37.5 %

Rcvd 62.5 %

Sent vs. Rcvd Data
Sent 9.2 %

Rcvd 90.8 %

Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host Type VoIP Host VoIP

Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
Wrong network mask or bridging enabled
Suspicious activities: too many host contacts
Unexpected packets (e.g. traffic to closed port or connection reset):

Unexpected packets (e.g. traffic to closed port or connection reset):
[Rcvd: rejected] [Sent: udp to closed] [Rcvd: rst] [Sent: closed-empty] [Rcvd: port unreac] [Rcvd: hostnet unreac]

Host Traffic Stats

Time	Tot. Traffic Sent	% Traffic Sent	Tot. Traffic Rcvd	% Traffic Rcvd
12 AM	1.5 MBytes	0.7 %	1.5 MBytes	0.1 %
11 PM	4.4 MBytes	2.0 %	5.6 MBytes	0.5 %
10 PM	5.0 MBytes	2.3 %	16.4 MBytes	1.4 %
9 PM	4.6 MBytes	2.1 %	7.5 MBytes	0.7 %
8 PM	5.0 MBytes	2.3 %	17.6 MBytes	1.5 %
7 PM	4.5 MBytes	2.1 %	16.3 MBytes	1.4 %
6 PM	4.7 MBytes	2.2 %	5.9 MBytes	0.5 %
5 PM	4.7 MBytes	2.2 %	5.3 MBytes	0.5 %
4 PM	4.8 MBytes	2.2 %	6.8 MBytes	0.6 %
3 PM	4.9 MBytes	2.2 %	17.7 MBytes	1.5 %
2 PM	5.0 MBytes	2.3 %	5.7 MBytes	0.5 %
1 PM	5.3 MBytes	2.5 %	19.1 MBytes	1.7 %
12 PM	43.2 MBytes	19.9 %	344.3 MBytes	30.1 %
11 AM	15.9 MBytes	7.3 %	83.4 MBytes	7.3 %
10 AM	16.0 MBytes	7.4 %	109.3 MBytes	9.5 %
9 AM	20.0 MBytes	9.2 %	129.7 MBytes	11.3 %
8 AM	8.8 MBytes	4.0 %	27.2 MBytes	2.4 %
7 AM	14.2 MBytes	6.6 %	106.6 MBytes	9.3 %
6 AM	17.7 MBytes	8.1 %	144.8 MBytes	12.6 %
5 AM	7.9 MBytes	3.7 %	36.5 MBytes	3.2 %
4 AM	4.7 MBytes	2.2 %	4.9 MBytes	0.4 %
3 AM	4.8 MBytes	2.2 %	4.8 MBytes	0.4 %
2 AM	4.8 MBytes	2.2 %	8.9 MBytes	0.8 %
1 AM	4.8 MBytes	2.2 %	19.4 MBytes	1.7 %
Total

Packet Statistics

TCP Connections	Directed to		Rcvd From
Attempted	190,552	mail-ads.google.com edge.microsoft.com addons-pa.clients6.google.com signaler-pa.clients6.google.com waa-pa.clients6.google.com v3.envialosimple.com accounts.google.com ssl.gstatic.com	0
Established	93,375 [49 %]	mail-ads.google.com edge.microsoft.com addons-pa.clients6.google.com signaler-pa.clients6.google.com waa-pa.clients6.google.com v3.envialosimple.com accounts.google.com ssl.gstatic.com	76	secure.adnxs.com stream-production.avcdn.net notify.adobe.io cs.minutemedia-prebid.com hbopenbid.pubmatic.com csi.gstatic.com rtb.ex.co gum.criteo.com
Terminated	1,816	vid-io-cle.springserve.com vid-io-iad.springserve.com vid-io-iad.springserve.com compassingest-0.staging.cl15.k8s.mrf.io events.newsroom.bi csi.gstatic.com statics.creativecdn.com www.youtube.com	0
Rejected	0 [0 %]		26	v3.envialosimple.com

TCP Flags	Pkts Sent		Pkts Rcvd
SYN	190,552	mail-ads.google.com edge.microsoft.com addons-pa.clients6.google.com signaler-pa.clients6.google.com waa-pa.clients6.google.com v3.envialosimple.com accounts.google.com ssl.gstatic.com	0
RST\|ACK	31,408	stream-production.avcdn.net static.edge.microsoftapp.net stream-production.avcdn.net v3.envialosimple.com www.instagram.com ncc.avast.com settings-win.data.microsoft.com v10.events.data.microsoft.com	4,133	stream-production.avcdn.net stream-production.avcdn.net stream-production.avcdn.net nexus.officeapps.live.com stream-production.avcdn.net functional.events.data.microsoft.com edge.microsoft.com edge.microsoft.com
RST	29,743	stream-production.avcdn.net stream-production.avcdn.net stream-production.avcdn.net stream-production.avcdn.net stream-production.avcdn.net static.edge.microsoftapp.net stream-production.avcdn.net ncc.avast.com	6,153	ss-prod-ue1-ns.aws.adobess.com notify.adobe.io acrobat.adobe.com ss-prod-ue1-ns.aws.adobess.com acrobat.adobe.com ss-prod-ue1-ns.aws.adobess.com acrobat.adobe.com ss-prod-ue1-ns.aws.adobess.com
NULL	350	00:24:8C:DE:84:31 aa.online-metrix.net stun.l.google.com	0

Anomaly	Pkts Sent to		Pkts Rcvd from
UDP Pkt to Closed Port	104	00:24:8C:DE:84:31	10,364	00:24:8C:DE:84:31 200.69.128.1
Closed Empty TCP Conn.	1,816	vid-io-cle.springserve.com vid-io-iad.springserve.com vid-io-iad.springserve.com compassingest-0.staging.cl15.k8s.mrf.io events.newsroom.bi csi.gstatic.com statics.creativecdn.com www.youtube.com	0
ICMP Port Unreachable	10,364	00:24:8C:DE:84:31 200.69.128.1	130	00:24:8C:DE:84:31 v3.envialosimple.com
ICMP Net Unreachable	0		11	200.80.220.74

ARP	Packet
Request Sent	206
Reply Rcvd	98 (47.6 %)
Reply Sent	11,029

Protocol Distribution

Protocol

Data Sent

Data Rcvd

TCP

1.3 GBytes

14.1 GBytes

UDP

139.2 MBytes

26.4 MBytes

ICMP

2.8 MBytes

45.9 KBytes

ICMPv6

0.3 KBytes

0.0 KBytes

IPv6

0.3 KBytes

0.0 KBytes

(R)ARP

504.7 KBytes

304.3 KBytes

IGMP

1.7 KBytes

0.0 KBytes

Protocol Distribution

IP Distribution

ICMP Traffic

Type	Pkt Sent	Pkt Rcvd
Echo Request	713	0
Echo Reply	0	105
Unreach	10,364	141
Time Exceeded	0	245

Last Contacted Peers

Sent To	IP Address
play.google.com	142.251.129.46
200.69.128.1	200.69.128.1
espresso-pa.clients6.google.com	142.250.79.138
mtalk.google.com	142.250.0.188
mail-ads.google.com	142.251.129.165
prod-dynamite-prod-02-us-signaler-pa.clients6.google.com	172.217.173.234
media-eze1-1.cdn.whatsapp.net	31.13.94.52
signaler-pa.clients6.google.com	216.58.202.74
Total Contacts	762717

Received From	IP Address
200.69.128.1	200.69.128.1
espresso-pa.clients6.google.com	142.250.79.138
mtalk.google.com	142.250.0.188
mail-ads.google.com	142.251.129.165
prod-dynamite-prod-02-us-signaler-pa.clients6.google.com	172.217.173.234
media-eze1-1.cdn.whatsapp.net	31.13.94.52
edge.microsoft.com	150.171.28.11
signaler-pa.clients6.google.com	216.58.202.74
Total Contacts	679994

IP Service Stats: Client Role

	# Loc. Req. Sent		# Rem. Req. Sent		# Pos. Reply Rcvd		# Neg. Reply Rcvd		Local RndTrip	Rem RndTrip
DNS	67,732	54.0%	56,260	45.0%	116,008	98.0%	1,260	1.0%	0.0 ms - 234212.7 sec	2.6 ms - 138456.9 sec
HTTP	0	0.0%	0	0.0%	795	100.0%	0	0.0%	0.0 ms - 0.0 ms	5396.6 sec - 349861.1 sec

TCP/UDP Service/Port Usage

IP Service	Port	# Client Sess.	Last Client Peer	# Server Sess.	Last Server Peer
ftp	21	69/1.1 KBytes	00:24:8C:DE:84:31
domain	53	39879/26.3 MBytes	200.69.128.1
bootps	67	5/0	00:24:8C:DE:84:31
bootpc	68	5/0	00:24:8C:DE:84:31
tftp	69	5/130	00:24:8C:DE:84:31
www	80	64137/871.0 MBytes	ncc.avast.com
ntp	123	76/3.6 KBytes	time.windows.com	12/576	time.windows.com
netbios-ns	137	5/0	00:24:8C:DE:84:31
netbios-dgm	138	5/0	00:24:8C:DE:84:31
snmp	161	5/0	00:24:8C:DE:84:31
https	443	37253/13.6 GBytes	signaler-pa.clients6.google.com
isakmp	500	5/0	00:24:8C:DE:84:31

TCP/UDP - Traffic on Other Ports

Client Port	Server Port
65302

TCP/UDP Recently Used Ports

Client Port	Server Port
65302	mdns

P2P Recently Exchanged Files

File Name
<unknown file>

436 Active TCP/UDP Sessions

Client	Server	Data Sent	Data Rcvd	Active Since	Last Seen	Duration	Inactive	Note
CPA-GAROFALO :65232	polka.typekit.com :https	4.8 KBytes	7.2 KBytes	Sat Jun 14 00:00:38 2025	Sat Jun 14 00:16:06 2025	15:28	10 sec	SYN ACK PUSH
CPA-GAROFALO :50320	web.whatsapp.com :https	349.0 KBytes	715.5 KBytes	Fri Jun 13 13:25:20 2025	Sat Jun 14 00:16:13 2025	10:50:53	3 sec	SYN ACK PUSH
CPA-GAROFALO :53303	web.whatsapp.com :https	284.2 KBytes	365.2 KBytes	Fri Jun 13 13:27:25 2025	Sat Jun 14 00:16:01 2025	10:48:36	15 sec	SYN ACK PUSH
CPA-GAROFALO :53710	static.cdninstagram.com :https	240.6 KBytes	233.0 KBytes	Fri Jun 13 14:20:31 2025	Sat Jun 14 00:16:05 2025	9:55:34	11 sec	SYN ACK PUSH
CPA-GAROFALO :54018	static.cdninstagram.com :https	226.1 KBytes	220.6 KBytes	Fri Jun 13 15:07:17 2025	Sat Jun 14 00:16:05 2025	9:08:48	11 sec	SYN ACK PUSH
CPA-GAROFALO :65352	prod-dynamite-prod-02-us-signaler-pa.clients6.google.com :https	1.9 KBytes	9.9 KBytes	Sat Jun 14 00:14:09 2025	Sat Jun 14 00:15:40 2025	1:31	36 sec	SYN ACK PUSH
CPA-GAROFALO :65327	mail.google.com :https	21.0 KBytes	12.0 KBytes	Sat Jun 14 00:10:24 2025	Sat Jun 14 00:15:42 2025	5:18	34 sec	SYN ACK PUSH
CPA-GAROFALO :65346	prod-dynamite-prod-02-us-signaler-pa.clients6.google.com :https	1.9 KBytes	10.1 KBytes	Sat Jun 14 00:13:57 2025	Sat Jun 14 00:16:12 2025	2:15	4 sec	SYN ACK PUSH
CPA-GAROFALO :65348	prod-dynamite-prod-02-us-signaler-pa.clients6.google.com :https	4.1 KBytes	11.1 KBytes	Sat Jun 14 00:13:57 2025	Sat Jun 14 00:16:12 2025	2:15	4 sec	SYN ACK PUSH
CPA-GAROFALO :65358	accounts.google.com :https	6.5 KBytes	4.9 KBytes	Sat Jun 14 00:15:37 2025	Sat Jun 14 00:15:37 2025	0 sec	39 sec	SYN ACK PUSH
CPA-GAROFALO :49708	mtalk.google.com :https	82.5 KBytes	193.9 KBytes	Fri Jun 13 02:02:03 2025	Sat Jun 14 00:16:05 2025	22:14:02	11 sec	SYN ACK PUSH
CPA-GAROFALO :65266	ssl.gstatic.com :https	10.7 KBytes	13.2 KBytes	Sat Jun 14 00:04:06 2025	Sat Jun 14 00:16:12 2025	12:06	4 sec	SYN ACK PUSH
CPA-GAROFALO :65278	ssl.gstatic.com :https	12.1 KBytes	15.2 KBytes	Sat Jun 14 00:04:18 2025	Sat Jun 14 00:16:11 2025	11:53	5 sec	SYN ACK PUSH
CPA-GAROFALO :65295	ssl.gstatic.com :https	6.0 KBytes	6.7 KBytes	Sat Jun 14 00:05:37 2025	Sat Jun 14 00:15:42 2025	10:05	34 sec	SYN ACK PUSH
CPA-GAROFALO :65340	ssl.gstatic.com :https	4.3 KBytes	4.7 KBytes	Sat Jun 14 00:12:42 2025	Sat Jun 14 00:15:53 2025	3:11	23 sec	SYN ACK PUSH
CPA-GAROFALO :65360	ssl.gstatic.com :https	3.4 KBytes	3.5 KBytes	Sat Jun 14 00:16:12 2025	Sat Jun 14 00:16:12 2025	0 sec	4 sec	SYN ACK PUSH
CPA-GAROFALO :65305	play.google.com :https	95.8 KBytes	33.9 KBytes	Sat Jun 14 00:06:57 2025	Sat Jun 14 00:15:57 2025	9:00	19 sec	SYN ACK PUSH
CPA-GAROFALO :65345	googleads.g.doubleclick.net :https	2.4 KBytes	5.1 KBytes	Sat Jun 14 00:13:51 2025	Sat Jun 14 00:16:06 2025	2:15	10 sec	SYN ACK PUSH
CPA-GAROFALO :65337	play.google.com :https	6.4 KBytes	9.7 KBytes	Sat Jun 14 00:12:27 2025	Sat Jun 14 00:16:12 2025	3:45	4 sec	SYN ACK PUSH
CPA-GAROFALO :65354	signaler-pa.clients6.google.com :https	1.9 KBytes	9.9 KBytes	Sat Jun 14 00:14:33 2025	Sat Jun 14 00:16:03 2025	1:30	13 sec	SYN ACK PUSH
CPA-GAROFALO :65307	waa-pa.clients6.google.com :https	28.7 KBytes	19.6 KBytes	Sat Jun 14 00:06:57 2025	Sat Jun 14 00:15:42 2025	8:45	34 sec	SYN ACK PUSH
CPA-GAROFALO :65279	addons-pa.clients6.google.com :https	6.6 KBytes	14.5 KBytes	Sat Jun 14 00:04:22 2025	Sat Jun 14 00:15:42 2025	11:20	34 sec	SYN ACK PUSH
CPA-GAROFALO :65280	addons-pa.clients6.google.com :https	50.5 KBytes	33.8 KBytes	Sat Jun 14 00:04:22 2025	Sat Jun 14 00:16:04 2025	11:42	12 sec	SYN ACK PUSH
CPA-GAROFALO :65355	waa-pa.clients6.google.com :https	5.8 KBytes	11.1 KBytes	Sat Jun 14 00:14:57 2025	Sat Jun 14 00:15:42 2025	45 sec	34 sec	SYN ACK PUSH
CPA-GAROFALO :65347	mail-ads.google.com :https	1.8 KBytes	7.0 KBytes	Sat Jun 14 00:13:57 2025	Sat Jun 14 00:16:12 2025	2:15	4 sec	SYN ACK PUSH
CPA-GAROFALO :65349	mail-ads.google.com :https	5.6 KBytes	69.2 KBytes	Sat Jun 14 00:13:57 2025	Sat Jun 14 00:16:13 2025	2:16	3 sec	SYN ACK PUSH
CPA-GAROFALO :49880	mtalk.google.com :https	76.3 KBytes	100.7 KBytes	Fri Jun 13 02:26:37 2025	Sat Jun 14 00:15:40 2025	21:49:03	36 sec	SYN ACK PUSH
CPA-GAROFALO :52311	nos.ns1.ff.avast.com :https	101.9 KBytes	148.0 KBytes	Wed Jun 11 06:53:12 2025	Sat Jun 14 00:14:22 2025	2 days 17:21:10	1:54	SYN ACK PUSH
CPA-GAROFALO :65335	ss-prod-ue1-ns.aws.adobess.com :https	4.3 KBytes	5.2 KBytes	Sat Jun 14 00:12:06 2025	Sat Jun 14 00:14:47 2025	2:41	1:29	SYN ACK PUSH
CPA-GAROFALO :50411	router3.teamviewer.com :https	965.9 KBytes	933.2 KBytes	Wed Jun 11 10:27:48 2025	Sat Jun 14 00:15:31 2025	2 days 13:47:43	45 sec	SYN ACK PUSH
CPA-GAROFALO :65298	prod-dynamite-prod-02-us-signaler-pa.clients6.google.com :https	18.5 KBytes	18.5 KBytes	Sat Jun 14 00:06:01 2025	Sat Jun 14 00:16:12 2025	10:11	4 sec	SYN ACK PUSH
CPA-GAROFALO :49856	mtalk.google.com :https	76.4 KBytes	102.9 KBytes	Fri Jun 13 02:23:40 2025	Sat Jun 14 00:16:12 2025	21:52:32	4 sec	SYN ACK PUSH
CPA-GAROFALO :65268	chat.google.com :https	170.1 KBytes	65.6 KBytes	Sat Jun 14 00:04:08 2025	Sat Jun 14 00:16:11 2025	12:03	5 sec	SYN ACK PUSH
CPA-GAROFALO :65269	chat.google.com :https	156.3 KBytes	41.3 KBytes	Sat Jun 14 00:04:08 2025	Sat Jun 14 00:16:08 2025	12:00	8 sec	SYN ACK PUSH
CPA-GAROFALO :65302	signaler-pa.clients6.google.com :https	18.3 KBytes	20.7 KBytes	Sat Jun 14 00:06:23 2025	Sat Jun 14 00:16:15 2025	9:52	1 sec	SYN ACK PUSH
CPA-GAROFALO :57338	client.wns.windows.com :https	160.1 KBytes	188.6 KBytes	Fri Jun 13 09:36:20 2025	Sat Jun 14 00:15:28 2025	14:39:08	48 sec	SYN ACK PUSH
CPA-GAROFALO :59413	mtalk.google.com :https	78.7 KBytes	104.1 KBytes	Fri Jun 13 01:43:59 2025	Sat Jun 14 00:15:34 2025	22:31:35	42 sec	SYN ACK PUSH
CPA-GAROFALO :65338	stream-production.avcdn.net :https	968	10.4 KBytes	Sat Jun 14 00:12:41 2025	Sat Jun 14 00:14:22 2025	1:41	1:54	SYN ACK PUSH

The color of the host link indicates how recently the host was FIRST seen
0 to 5 minutes	5 to 15 minutes	15 to 30 minutes	30 to 60 minutes	60+ minutes

Report created on Sat Jun 14 00:16:16 2025 [ntop uptime: 4 days 20:03:30]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)