Info about CPA-CFUCHILA

Please enable make sure that the ntop html/ directory is properly installed

Info about CPA-CFUCHILA

IP Address 192.168.1.190 [unicast] [ Purge Asset ]

First/Last Seen Mon Jun 9 04:12:45 2025 - Fri Jun 13 23:22:33 2025 [Inactive since 17 sec]

MAC Address Network Interface Card (NIC) 2C:F0:5D:75:5E:DC

OS Name OS: Windows [Windows 98 Second Edition]

Host Location Local (inside specified/local subnet)

IP TTL (Time to Live) 1:64 [~0 hop(s)]

Total Data Sent 13.1 GBytes/17,515,513 Pkts/0 Retran. Pkts [0%]

Broadcast Pkts Sent 1,883 Pkts

Multicast Traffic Sent 460.5 KBytes/2,928 Pkts

Data Sent Stats
Local 1.4 %

Rem 98.6 %

IP vs. Non-IP Sent
IP 100 %

Non-IP 0 %

Total Data Rcvd 19.1 GBytes/19,393,973 Pkts/0 Retran. Pkts [0%]

Data Rcvd Stats
0 %

Rem 100 %

IP vs. Non-IP Rcvd
IP 100 %

Non-IP 0 %

Sent vs. Rcvd Pkts
Sent 47.5 %

Rcvd 52.5 %

Sent vs. Rcvd Data
Sent 40.6 %

Rcvd 59.4 %

Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host Type VoIP Host VoIP

Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
Wrong network mask or bridging enabled
Suspicious activities: too many host contacts
Unexpected packets (e.g. traffic to closed port or connection reset):

Unexpected packets (e.g. traffic to closed port or connection reset):
[Rcvd: rst] [Sent: closed-empty] [Rcvd: port unreac] [Rcvd: hostnet unreac]

Host Traffic Stats

Time	Tot. Traffic Sent	% Traffic Sent	Tot. Traffic Rcvd	% Traffic Rcvd
11 PM	42.1 KBytes	0.0 %	44.1 KBytes	0.0 %
10 PM	174.1 KBytes	0.1 %	361.0 KBytes	0.0 %
9 PM	163.8 KBytes	0.1 %	219.4 KBytes	0.0 %
8 PM	278.4 KBytes	0.2 %	538.6 KBytes	0.0 %
7 PM	151.8 KBytes	0.1 %	309.9 KBytes	0.0 %
6 PM	219.3 KBytes	0.1 %	390.9 KBytes	0.0 %
5 PM	10.6 MBytes	6.2 %	34.0 MBytes	0.7 %
4 PM	2.4 MBytes	1.4 %	5.2 MBytes	0.1 %
3 PM	1.6 MBytes	0.9 %	1.2 MBytes	0.0 %
2 PM	440.5 KBytes	0.3 %	629.0 KBytes	0.0 %
1 PM	408.5 KBytes	0.2 %	465.4 KBytes	0.0 %
12 PM	483.3 KBytes	0.3 %	609.5 KBytes	0.0 %
11 AM	427.1 KBytes	0.2 %	1.0 MBytes	0.0 %
10 AM	5.7 MBytes	3.3 %	16.3 MBytes	0.3 %
9 AM	200.0 KBytes	0.1 %	310.6 KBytes	0.0 %
8 AM	7.1 MBytes	4.2 %	42.7 MBytes	0.9 %
7 AM	89.4 MBytes	52.4 %	4.0 GBytes	84.7 %
6 AM	16.1 MBytes	9.4 %	329.2 MBytes	6.9 %
5 AM	27.0 MBytes	15.8 %	241.9 MBytes	5.0 %
4 AM	6.9 MBytes	4.0 %	58.0 MBytes	1.2 %
3 AM	196.9 KBytes	0.1 %	1.0 MBytes	0.0 %
2 AM	478.6 KBytes	0.3 %	308.9 KBytes	0.0 %
1 AM	167.0 KBytes	0.1 %	281.2 KBytes	0.0 %
12 AM	211.7 KBytes	0.1 %	796.2 KBytes	0.0 %
Total

Packet Statistics

TCP Connections	Directed to		Rcvd From
Attempted	65,627	easylist-downloads.adblockplus.org api.prd.glb.doorman.fsapi.com client.teamviewer.com g.static.mega.co.nz v10.events.data.microsoft.com easylist-downloads.adblockplus.org config.teams.microsoft.com ctldl.windowsupdate.com	0
Established	32,246 [49 %]	easylist-downloads.adblockplus.org api.prd.glb.doorman.fsapi.com client.teamviewer.com g.static.mega.co.nz v10.events.data.microsoft.com easylist-downloads.adblockplus.org config.teams.microsoft.com ctldl.windowsupdate.com	22	94.24.36.67 69.30.89.14 udc.yahoo.com settings-win.data.microsoft.com 104.26.9.117 app.partnerboost.com www.youtube.com normandy.tombstone.experimenter.prod.webservices.mozgcp.net
Terminated	14	fastlane.rubiconproject.com secure.adnxs.com secure.adnxs.com match.sharethrough.com ib.adnxs.com ib.adnxs.com ib.adnxs.com www.bing.com	0

TCP Flags	Pkts Sent		Pkts Rcvd
SYN	65,627	easylist-downloads.adblockplus.org api.prd.glb.doorman.fsapi.com client.teamviewer.com g.static.mega.co.nz v10.events.data.microsoft.com easylist-downloads.adblockplus.org config.teams.microsoft.com ctldl.windowsupdate.com	0
RST\|ACK	6,092	v10.events.data.microsoft.com settings-win.data.microsoft.com settings-win.data.microsoft.com v10.events.data.microsoft.com v10.events.data.microsoft.com easylist-downloads.adblockplus.org easylist-downloads.adblockplus.org api.prd.glb.doorman.fsapi.com	2,294	client.teamviewer.com substrate.office.com substrate.office.com edge.microsoft.com functional.events.data.microsoft.com config.teams.microsoft.com functional.events.data.microsoft.com config.teams.microsoft.com
RST	1	api.github.com	1,761	edge.microsoft.com mtalk.google.com easylist-downloads.adblockplus.org easylist-downloads.adblockplus.org easylist-downloads.adblockplus.org easylist-downloads.adblockplus.org easylist-downloads.adblockplus.org easylist-downloads.adblockplus.org
NULL	406	udp.ping.teamviewer.com udp.ping.teamviewer.com 181.116.57.35 udp.ping.teamviewer.com udp.ping.teamviewer.com udp.ping.teamviewer.com udp.ping.teamviewer.com cpe-186-22-19-64.telecentro-reversos.com.ar	0

Anomaly	Pkts Sent to		Pkts Rcvd from
UDP Pkt to Closed Port	75	00:24:8C:DE:84:31	0
Closed Empty TCP Conn.	14	fastlane.rubiconproject.com secure.adnxs.com secure.adnxs.com match.sharethrough.com ib.adnxs.com ib.adnxs.com ib.adnxs.com www.bing.com	0
ICMP Port Unreachable	0		75	00:24:8C:DE:84:31
ICMP Net Unreachable	0		5	200.80.220.74

ARP	Packet
Request Sent	2,238
Reply Rcvd	2,062 (92.1 %)
Reply Sent	7,356

Protocol Distribution

Protocol	Data Sent	Data Rcvd
TCP	13.1 GBytes	19.1 GBytes
UDP	29.8 MBytes	11.8 MBytes
ICMP	0.9 KBytes	12.0 KBytes
ICMPv6	0.8 KBytes	0.0 KBytes
IPv6	0.8 KBytes	0.0 KBytes
(R)ARP	431.0 KBytes	257.7 KBytes
IGMP	5.4 KBytes	0.0 KBytes
Protocol Distribution
IP Distribution

ICMP Traffic

Type	Pkt Sent	Pkt Rcvd
Echo Request	9	0
Echo Reply	0	3
Unreach	0	107
Time Exceeded	0	6

Last Contacted Peers

Sent To	IP Address
wns2-bl2p.wns.windows.com	172.172.255.216
v10.events.data.microsoft.com	20.42.73.26
router14.teamviewer.com	188.172.252.70
easylist-downloads.adblockplus.org	88.221.0.42
config.teams.microsoft.com	52.123.129.14
00:24:8C:DE:84:31
ctldl.windowsupdate.com	151.101.218.172
Total Contacts	159477

Received From	IP Address
wns2-bl2p.wns.windows.com	172.172.255.216
00:24:8C:DE:84:31
v10.events.data.microsoft.com	20.42.73.26
easylist-downloads.adblockplus.org	23.50.112.225
router14.teamviewer.com	188.172.252.70
easylist-downloads.adblockplus.org	88.221.0.42
config.teams.microsoft.com	52.123.129.14
ctldl.windowsupdate.com	151.101.218.172
Total Contacts	144896

IP Service Stats: Client Role

	# Loc. Req. Sent		# Rem. Req. Sent		# Pos. Reply Rcvd		# Neg. Reply Rcvd		Local RndTrip	Rem RndTrip
DNS	43,454	93.0%	2,839	6.0%	42,795	98.0%	694	1.0%	0.0 ms - 30.0 sec	3.2 ms - 392.4 ms
HTTP	0	0.0%	0	0.0%	13	54.0%	11	45.0%	0.0 ms - 0.0 ms	0.0 ms - 0.0 ms

TCP/UDP Service/Port Usage

IP Service	Port	# Client Sess.	Last Client Peer	# Server Sess.	Last Server Peer
domain	53	23771/11.9 MBytes	00:24:8C:DE:84:31
www	80	5557/13.9 GBytes	ctldl.windowsupdate.com
ntp	123	20/960	time.windows.com	20/960	time.windows.com
netbios-ns	137	75/3.7 KBytes	00:24:8C:DE:84:31	75/3.7 KBytes	00:24:8C:DE:84:31
https	443	36881/16.0 GBytes	wns2-bl2p.wns.windows.com

TCP/UDP - Traffic on Other Ports

Client Port	Server Port
62890

TCP/UDP Recently Used Ports

Client Port	Server Port
62890	ntp

136 Active TCP/UDP Sessions

Client	Server	Data Sent	Data Rcvd	Active Since	Last Seen	Duration	Inactive	Note
CPA-CFUCHILA :49638	ecs.office.com :https	1.5 KBytes	7.7 KBytes	Fri Jun 13 23:22:16 2025	Fri Jun 13 23:22:17 2025	1 sec	33 sec	SYN ACK PUSH
CPA-CFUCHILA :49681	router14.teamviewer.com :https	868.4 KBytes	910.9 KBytes	Fri Jun 13 06:57:26 2025	Fri Jun 13 23:22:07 2025	16:24:41	43 sec	SYN ACK PUSH
CPA-CFUCHILA :49632	easylist-downloads.adblockplus.org :https	3.6 KBytes	1.8 KBytes	Fri Jun 13 23:15:31 2025	Fri Jun 13 23:22:18 2025	6:47	32 sec	SYN ACK PUSH
CPA-CFUCHILA :62890	client.wns.windows.com :https	15.9 KBytes	21.0 KBytes	Fri Jun 13 08:55:00 2025	Fri Jun 13 23:22:28 2025	14:27:28	22 sec	SYN ACK PUSH

The color of the host link indicates how recently the host was FIRST seen
0 to 5 minutes	5 to 15 minutes	15 to 30 minutes	30 to 60 minutes	60+ minutes

Report created on Fri Jun 13 23:22:50 2025 [ntop uptime: 4 days 19:10:04]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)