(C) 1998-2007 - Luca Deri  
Please enable make sure that the ntop html/ directory is properly installed

 

 

Info about CONS01

IP Address192.168.1.201   [unicast] [ Purge Asset ]
First/Last SeenFri Jun 13 08:03:03 2025  -  Sat Jun 14 08:28:20 2025 [Inactive since 5 sec]
MAC Address Network Interface Card (NIC)D8:43:AE:BB:DF:20 
OS NameOS: Windows [Windows 2000 Professional SP4] 
Host LocationLocal (inside specified/local subnet)
IP TTL (Time to Live)1:128 [~0 hop(s)]
Total Data Sent456.8 MBytes/5,163,994 Pkts/0 Retran. Pkts [0%]
Broadcast Pkts Sent644 Pkts
Multicast TrafficSent 1.6 MBytes/3,888 Pkts 
Data Sent Stats
0 %
 
Rem 100 %
IP vs. Non-IP Sent
IP 100 %
 
Non-IP 0 %
Total Data Rcvd12.9 GBytes/9,506,628 Pkts/0 Retran. Pkts [0%]
Data Rcvd Stats
0 %
 
Rem 100 %
IP vs. Non-IP Rcvd
IP 100 %
 
Non-IP 0 %
Sent vs. Rcvd Pkts
Sent 35.2 %
  
Rcvd 64.8 %
Sent vs. Rcvd Data
Sent 3.3 %
  
Rcvd 96.7 %
Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
  1. Medium RiskWrong network mask or bridging enabled
  2. Medium RiskSuspicious activities: too many host contacts
  3. Medium RiskUnexpected packets (e.g. traffic to closed port or connection reset):
  4. Low RiskUnexpected packets (e.g. traffic to closed port or connection reset):
    [Rcvd: rst] [Sent: closed-empty] 

 

Host Traffic Stats

TimeTot. Traffic Sent% Traffic SentTot. Traffic Rcvd% Traffic Rcvd
8 AM 74.3 KBytes0.0 %59.8 KBytes0.0 %
7 AM 170.6 KBytes0.0 %138.0 KBytes0.0 %
6 AM 1.4 MBytes0.3 %37.5 MBytes0.3 %
5 AM 1.1 MBytes0.3 %25.1 MBytes0.2 %
4 AM 176.5 KBytes0.0 %173.7 KBytes0.0 %
3 AM 197.1 KBytes0.0 %128.7 KBytes0.0 %
2 AM 147.0 KBytes0.0 %83.0 KBytes0.0 %
1 AM 240.2 KBytes0.1 %245.8 KBytes0.0 %
12 AM 154.9 KBytes0.0 %127.0 KBytes0.0 %
11 PM 181.6 KBytes0.0 %147.6 KBytes0.0 %
10 PM 159.8 KBytes0.0 %105.2 KBytes0.0 %
9 PM 252.7 KBytes0.1 %364.3 KBytes0.0 %
8 PM 172.1 KBytes0.0 %152.5 KBytes0.0 %
7 PM 202.8 KBytes0.0 %152.2 KBytes0.0 %
6 PM 9.9 MBytes2.4 %383.0 MBytes3.4 %
5 PM 11.0 MBytes2.7 %23.1 MBytes0.2 %
4 PM 185.2 MBytes45.8 %2.9 GBytes26.2 %
3 PM 27.1 MBytes6.7 %714.7 MBytes6.4 %
2 PM 73.6 KBytes0.0 %133.2 KBytes0.0 %
1 PM 79.1 KBytes0.0 %131.2 KBytes0.0 %
12 PM 77.7 KBytes0.0 %146.2 KBytes0.0 %
11 AM 899.3 KBytes0.2 %32.5 MBytes0.3 %
10 AM 50.7 MBytes12.5 %2.5 GBytes22.7 %
9 AM 114.6 MBytes28.4 %4.4 GBytes40.1 %
Total

 

Packet Statistics

TCP ConnectionsDirected toRcvd From
Attempted26,054 0 
Established13,000 [50 %] 0 
Terminated8 0 

TCP FlagsPkts SentPkts Rcvd
SYN26,054 0 
RST|ACK2,037 379
RST8 148
NULL186 0 

AnomalyPkts Sent toPkts Rcvd from
Closed Empty TCP Conn.8 0 

ARPPacket
Request Sent1,335
Reply Rcvd1,156 (86.6 %)
Reply Sent1,648

 

Protocol Distribution

ProtocolData SentData Rcvd
TCP453.1 MBytes
99%

 

 12.9 GBytes100
UDP3.5 MBytes  1.3 MBytes 
ICMP6.0 KBytes  3.5 KBytes 
ICMPv60.7 KBytes  0.0 KBytes 
IPv60.7 KBytes  0.0 KBytes 
(R)ARP134.0 KBytes  75.9 KBytes 
IGMP3.0 KBytes  0.0 KBytes 
Protocol Distribution
IP Distribution

 

ICMP Traffic

TypePkt SentPkt Rcvd
Echo Request580
Echo Reply010
Time Exceeded027

 

Last Contacted Peers

Sent ToIP Address
edge.microsoft.com 150.171.28.11 
224.0.0.251 224.0.0.251 
200.0.243.10 200.0.243.10 
fd.api.iris.microsoft.com 23.96.180.189 
settings-win.data.microsoft.com 52.167.17.97 
router6.teamviewer.com 34.151.192.24 
wns2-bl2p.wns.windows.com 172.172.255.218 
Total Contacts9547
Received FromIP Address
router6.teamviewer.com 34.151.192.24 
settings-win.data.microsoft.com 52.183.220.149 
00:24:8C:DE:84:31 Network Card  
v10.events.data.microsoft.com 52.182.143.214 
edge.microsoft.com 150.171.28.11 
fd.api.iris.microsoft.com 23.96.180.189 
settings-win.data.microsoft.com 52.167.17.97 
wns2-bl2p.wns.windows.com 172.172.255.218 
Total Contacts7721

 

IP Service Stats: Client Role

 # Loc. Req. Sent# Rem. Req. Sent# Pos. Reply Rcvd# Neg. Reply RcvdLocal RndTripRem RndTrip
DNS4,57867.0%2,16032.0%4,21090.0%4209.0%0.0 ms - 23.9 sec3.3 ms - 174.5 ms
HTTP00.0%00.0%4100.0%00.0%0.0 ms - 0.0 ms0.0 ms - 0.0 ms

 

TCP/UDP Service/Port Usage

IP ServicePort# Client Sess.Last Client Peer# Server Sess.Last Server Peer
domain539549/1.3 MBytes00:24:8C:DE:84:31 Network Card   
www8032202/5.0 GBytes192.168.1.79   
ntp1238/384time.windows.com 8/384time.windows.com
https4438056/7.5 GByteswns2-bl2p.wns.windows.com   

 

TCP/UDP - Traffic on Other Ports

Client PortServer Port
     

 

TCP/UDP Recently Used Ports

Client PortServer Port

 

132 Active TCP/UDP Sessions

ClientServerData SentData RcvdActive SinceLast SeenDurationInactiveLatencyL7 ProtoNote
CONS01 Medium Risk :49742router6.teamviewer.com  HTTP Server :https337.8 KBytes357.9 KBytesFri Jun 13 16:37:22 2025Sat Jun 14 08:27:42 202515:50:2043 sec   SYN ACK PUSH 
CONS01 Medium Risk :49760client.wns.windows.com  HTTP Server Low Risk :https17.9 KBytes23.2 KBytesFri Jun 13 16:38:24 2025Sat Jun 14 08:28:20 202515:49:565 sec   SYN ACK PUSH 

The color of the host link indicates how recently the host was FIRST seen
  0 to 5 minutes     5 to 15 minutes     15 to 30 minutes     30 to 60 minutes     60+ minutes  
Report created on Sat Jun 14 08:28:25 2025 [ntop uptime: 5 days 4:15:39]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)