(C) 1998-2007 - Luca Deri  
Please enable make sure that the ntop html/ directory is properly installed

 

 

Info about CPA-RMIRONIUK

IP Address192.168.1.32   [unicast] [ Purge Asset ]
First/Last SeenMon Jun 9 04:12:45 2025  -  Sat Jun 14 00:22:54 2025 [Inactive since 9 sec]
MAC Address Network Interface Card (NIC)70:71:BC:31:70:0B 
OS NameOS: Windows [Windows XP Professional, Build 2600] 
Host LocationLocal (inside specified/local subnet)
IP TTL (Time to Live)1:64 [~0 hop(s)]
Total Data Sent576.4 MBytes/1,983,896 Pkts/0 Retran. Pkts [0%]
Broadcast Pkts Sent3,142 Pkts
Multicast TrafficSent 1.9 MBytes/8,120 Pkts 
Data Sent Stats
Local 0.6 %
  
Rem 99.4 %
IP vs. Non-IP Sent
IP 100 %
 
Non-IP 0 %
Total Data Rcvd2.4 GBytes/2,719,659 Pkts/0 Retran. Pkts [0%]
Data Rcvd Stats
0 %
 
Rem 100 %
IP vs. Non-IP Rcvd
IP 100 %
 
Non-IP 0 %
Sent vs. Rcvd Pkts
Sent 42.2 %
  
Rcvd 57.8 %
Sent vs. Rcvd Data
Sent 18.9 %
  
Rcvd 81.1 %
Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host TypeVoIP Host VoIP
Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
  1. Medium RiskSuspicious activities: too many host contacts
  2. Low RiskUnexpected packets (e.g. traffic to closed port or connection reset):
    [Rcvd: rst] [Sent: closed-empty] [Rcvd: hostnet unreac] 

 

Host Traffic Stats

TimeTot. Traffic Sent% Traffic SentTot. Traffic Rcvd% Traffic Rcvd
12 AM 7.0 MBytes8.0 %271.4 MBytes65.2 %
11 PM 120.8 KBytes0.1 %200.3 KBytes0.0 %
10 PM 73.8 KBytes0.1 %94.1 KBytes0.0 %
9 PM 105.6 KBytes0.1 %179.7 KBytes0.0 %
8 PM 85.7 KBytes0.1 %137.8 KBytes0.0 %
7 PM 86.4 KBytes0.1 %112.9 KBytes0.0 %
6 PM 101.0 KBytes0.1 %220.5 KBytes0.1 %
5 PM 95.2 KBytes0.1 %154.4 KBytes0.0 %
4 PM 122.7 KBytes0.1 %189.0 KBytes0.0 %
3 PM 93.4 KBytes0.1 %147.1 KBytes0.0 %
2 PM 85.0 KBytes0.1 %115.5 KBytes0.0 %
1 PM 124.8 KBytes0.1 %183.6 KBytes0.0 %
12 PM 4.8 MBytes5.5 %5.8 MBytes1.4 %
11 AM 4.0 MBytes4.6 %3.1 MBytes0.8 %
10 AM 3.4 MBytes3.9 %2.8 MBytes0.7 %
9 AM 11.3 MBytes12.9 %12.5 MBytes3.0 %
8 AM 10.8 MBytes12.3 %14.4 MBytes3.5 %
7 AM 4.8 MBytes5.4 %12.4 MBytes3.0 %
6 AM 22.1 MBytes25.2 %37.6 MBytes9.0 %
5 AM 18.1 MBytes20.7 %54.0 MBytes13.0 %
4 AM 148.6 KBytes0.2 %277.6 KBytes0.1 %
3 AM 77.2 KBytes0.1 %130.0 KBytes0.0 %
2 AM 77.4 KBytes0.1 %115.4 KBytes0.0 %
1 AM 88.2 KBytes0.1 %135.2 KBytes0.0 %
Total

 

Packet Statistics

TCP ConnectionsDirected toRcvd From
Attempted75,187 0 
Established37,464 [50 %] 2
Terminated2 0 

TCP FlagsPkts SentPkts Rcvd
SYN75,187 0 
RST|ACK3,994 438
RST0  208

AnomalyPkts Sent toPkts Rcvd from
Closed Empty TCP Conn.2 0 
ICMP Net Unreachable0  8

ARPPacket
Request Sent138
Reply Rcvd30 (21.7 %)
Reply Sent8,579

 

Protocol Distribution

ProtocolData SentData Rcvd
TCP565.9 MBytes
98%

 

 2.4 GBytes100
UDP10.1 MBytes
1%

 

 7.4 MBytes 
ICMP3.4 KBytes  4.2 KBytes 
ICMPv60.2 KBytes  0.0 KBytes 
IPv60.2 KBytes  0.0 KBytes 
(R)ARP391.6 KBytes  235.3 KBytes 
IGMP2.0 KBytes  0.0 KBytes 
Protocol Distribution
IP Distribution

 

ICMP Traffic

TypePkt SentPkt Rcvd
Echo Request330
Echo Reply010
Unreach012
Time Exceeded023

 

Last Contacted Peers

Sent ToIP Address
login.microsoftonline.com 20.190.173.65 
settings-win.data.microsoft.com 20.106.86.13 
00:24:8C:DE:84:31 Network Card  
static.edge.microsoftapp.net 13.107.246.33 
edge.microsoft.com 150.171.28.11 
router6.teamviewer.com 188.172.244.149 
46.151.194.96 46.151.194.96 
edge.microsoft.com 150.171.27.11 
Total Contacts83428
Received FromIP Address
nustal05.advance.com.ar 200.0.243.10 
00:24:8C:DE:84:31 Network Card  
login.microsoftonline.com 20.190.173.65 
settings-win.data.microsoft.com 20.106.86.13 
edge.microsoft.com 150.171.28.11 
edge.microsoft.com 150.171.27.11 
46.151.194.96 46.151.194.96 
router6.teamviewer.com 188.172.244.149 
Total Contacts75015

 

IP Service Stats: Client Role

 # Loc. Req. Sent# Rem. Req. Sent# Pos. Reply Rcvd# Neg. Reply RcvdLocal RndTripRem RndTrip
DNS32,30586.0%5,11113.0%27,31182.0%5,79717.0%0.0 ms - 23.9 sec3.1 ms - 566.4 ms
HTTP00.0%00.0%1789.0%210.0%0.0 ms - 0.0 ms0.0 ms - 0.0 ms

 

TCP/UDP Service/Port Usage

IP ServicePort# Client Sess.Last Client Peer# Server Sess.Last Server Peer
domain532977/7.6 MBytes00:24:8C:DE:84:31 Network Card   
www8038261/1.3 GBytes9.au.download.windowsupdate.com   
pop311030/1.7 KBytesmail.cpaba.com.ar   
snmp16124/1.8 KBytes192.168.1.150   
https44321989/1.4 GBytes46.151.194.96   

 

TCP/UDP - Traffic on Other Ports

Client PortServer Port
     

 

TCP/UDP Recently Used Ports

Client PortServer Port

 

157 Active TCP/UDP Sessions

ClientServerData SentData RcvdActive SinceLast SeenDurationInactiveLatencyL7 ProtoNote
CPA-RMIRONIUK  VoIP Medium Risk :49768relay-8470001d.net.anydesk.com  HTTP Server :https413.4 KBytes506.6 KBytesFri Jun 13 00:19:41 2025Sat Jun 14 00:22:54 20251 day 0:03:139 sec   SYN ACK PUSH 
CPA-RMIRONIUK  VoIP Medium Risk :49765router6.teamviewer.com  HTTP Server :https457.7 KBytes483.5 KBytesFri Jun 13 00:19:40 2025Sat Jun 14 00:22:42 20251 day 0:03:0221 sec   SYN ACK PUSH 
CPA-RMIRONIUK  VoIP Medium Risk :52359client.wns.windows.com  HTTP Server Low Risk :https16.8 KBytes22.1 KBytesFri Jun 13 09:36:09 2025Sat Jun 14 00:19:30 202514:43:213:33   SYN ACK PUSH 
CPA-RMIRONIUK  VoIP Medium Risk :55411edge.microsoft.com  HTTP Server :https3.1 KBytes1.3 KBytesSat Jun 14 00:21:41 2025Sat Jun 14 00:22:26 202545 sec37 sec   SYN ACK PUSH 

The color of the host link indicates how recently the host was FIRST seen
  0 to 5 minutes     5 to 15 minutes     15 to 30 minutes     30 to 60 minutes     60+ minutes  
Report created on Sat Jun 14 00:23:03 2025 [ntop uptime: 4 days 20:10:17]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)