Info about CONSULTORIA

Please enable make sure that the ntop html/ directory is properly installed

Info about CONSULTORIA

IP Address 192.168.1.91 [unicast] [ Purge Asset ]

First/Last Seen Wed Jul 16 05:58:38 2025 - Wed Jul 16 13:29:34 2025 [Inactive since 12 sec]

MAC Address Network Interface Card (NIC) D8:43:AE:BB:DB:6C

OS Name OS: Windows [Windows 2000 Professional SP4]

Host Location Local (inside specified/local subnet)

IP TTL (Time to Live) 1:128 [~0 hop(s)]

Total Data Sent 19.5 MBytes/196,778 Pkts/0 Retran. Pkts [0%]

Broadcast Pkts Sent 33 Pkts

Multicast Traffic Sent 222.9 KBytes/1,381 Pkts

Data Sent Stats
0 %

Rem 100 %

IP vs. Non-IP Sent
IP 100 %

Non-IP 0 %

Total Data Rcvd 476.4 MBytes/350,443 Pkts/0 Retran. Pkts [0%]

Data Rcvd Stats
0 %

Rem 100 %

IP vs. Non-IP Rcvd
IP 100 %

Non-IP 0 %

Sent vs. Rcvd Pkts
Sent 36.0 %

Rcvd 64.0 %

Sent vs. Rcvd Data
Sent 3.9 %

Rcvd 96.1 %

Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
Suspicious activities: too many host contacts
Unexpected packets (e.g. traffic to closed port or connection reset):
[Rcvd: rst] [Rcvd: hostnet unreac]

Host Traffic Stats

Time	Tot. Traffic Sent	% Traffic Sent	Tot. Traffic Rcvd	% Traffic Rcvd
1 PM	48.2 KBytes	0.2 %	58.9 KBytes	0.0 %
12 PM	176.9 KBytes	0.9 %	356.9 KBytes	0.1 %
11 AM	156.6 KBytes	0.8 %	267.7 KBytes	0.1 %
10 AM	294.9 KBytes	1.5 %	7.1 MBytes	1.5 %
9 AM	186.4 KBytes	0.9 %	2.3 MBytes	0.5 %
8 AM	126.3 KBytes	0.6 %	281.3 KBytes	0.1 %
7 AM	248.7 KBytes	1.2 %	320.0 KBytes	0.1 %
6 AM	17.1 MBytes	88.0 %	448.6 MBytes	94.2 %
5 AM	1.1 MBytes	5.8 %	17.2 MBytes	3.6 %
4 AM	0	0.0 %	0	0.0 %
3 AM	0	0.0 %	0	0.0 %
2 AM	0	0.0 %	0	0.0 %
1 AM	0	0.0 %	0	0.0 %
12 AM	0	0.0 %	0	0.0 %
11 PM	0	0.0 %	0	0.0 %
10 PM	0	0.0 %	0	0.0 %
9 PM	0	0.0 %	0	0.0 %
8 PM	0	0.0 %	0	0.0 %
7 PM	0	0.0 %	0	0.0 %
6 PM	0	0.0 %	0	0.0 %
5 PM	0	0.0 %	0	0.0 %
4 PM	0	0.0 %	0	0.0 %
3 PM	0	0.0 %	0	0.0 %
2 PM	0	0.0 %	0	0.0 %
Total

Packet Statistics

TCP Connections	Directed to		Rcvd From
Attempted	3,133	stream-production.avcdn.net c.pki.goog clients4.google.com settings-win.data.microsoft.com v10.events.data.microsoft.com ecs.office.com download.windowsupdate.com nf.smartscreen.microsoft.com	0
Established	1,549 [49 %]	stream-production.avcdn.net c.pki.goog clients4.google.com settings-win.data.microsoft.com v10.events.data.microsoft.com ecs.office.com download.windowsupdate.com nf.smartscreen.microsoft.com	0

TCP Flags	Pkts Sent		Pkts Rcvd
SYN	3,133	stream-production.avcdn.net c.pki.goog clients4.google.com settings-win.data.microsoft.com v10.events.data.microsoft.com ecs.office.com download.windowsupdate.com nf.smartscreen.microsoft.com	0
RST\|ACK	314	v10.events.data.microsoft.com clientservices.googleapis.com settings-win.data.microsoft.com v10.events.data.microsoft.com displaycatalog.mp.microsoft.com mobile.events.data.microsoft.com windows.msn.com v10.events.data.microsoft.com	27	wdcp.microsoft.com ecs.office.com sharecad.org mc.yandex.ru mc.yandex.ru client.teamviewer.com ecs.office.com www.msn.com
RST	0		27	www.google.com www.bing.com mtalk.google.com code.jivosite.com node-ya-3.jivosite.com telemetry.jivosite.com counter.yadro.ru ulogin.ru

Anomaly	Pkts Sent to		Pkts Rcvd from
ICMP Net Unreachable	0		131	bigben-gi-1-1-10-3736-13-acr02.vta.embratel.net.br

ARP	Packet
Request Sent	103
Reply Rcvd	84 (81.6 %)
Reply Sent	574

Protocol Distribution

Protocol

Data Sent

Data Rcvd

TCP

17.6 MBytes

476.1 MBytes

UDP

1.8 MBytes

251.7 KBytes

ICMP

0.0 KBytes

13.8 KBytes

(R)ARP

30.4 KBytes

18.0 KBytes

IGMP

0.4 KBytes

0.0 KBytes

Protocol Distribution

IP Distribution

ICMP Traffic

Type	Pkt Sent	Pkt Rcvd
Unreach	0	131

Last Contacted Peers

Sent To	IP Address
ecs.office.com	52.123.128.14
224.0.0.251	224.0.0.251
router16.teamviewer.com	34.151.192.21
mtalk.google.com	142.251.0.188
download.windowsupdate.com	109.61.38.38
00:24:8C:DE:84:31
client.wns.windows.com	4.207.247.137
nf.smartscreen.microsoft.com	20.201.52.37
Total Contacts	1941

Received From	IP Address
bigben-gi-1-1-10-3736-13-acr02.vta.embratel.net.br	200.241.211.30
00:24:8C:DE:84:31
ecs.office.com	52.123.128.14
download.windowsupdate.com	109.61.38.38
mtalk.google.com	142.251.0.188
client.wns.windows.com	4.207.247.137
router16.teamviewer.com	34.151.192.21
nf.smartscreen.microsoft.com	20.201.52.37
Total Contacts	1510

IP Service Stats: Client Role

	# Loc. Req. Sent		# Rem. Req. Sent		# Pos. Reply Rcvd		# Neg. Reply Rcvd		Local RndTrip	Rem RndTrip
DNS	845	51.0%	808	48.0%	811	95.0%	36	4.0%	0.0 ms - 1.6 sec	3.7 ms - 3.7 ms

TCP/UDP Service/Port Usage

IP Service	Port	# Client Sess.	Last Client Peer	# Server Sess.	Last Server Peer
domain	53	1825/253.8 KBytes	00:24:8C:DE:84:31
www	80	22039/298.2 MBytes	download.windowsupdate.com
ntp	123	4/192	time.windows.com	4/192	time.windows.com
https	443	875/165.0 MBytes	mtalk.google.com

TCP/UDP - Traffic on Other Ports

Client Port	Server Port
61426

TCP/UDP Recently Used Ports

Client Port	Server Port
61426	mdns

346 Active TCP/UDP Sessions

Client	Server	Data Sent	Data Rcvd	Active Since	Last Seen	Duration	Inactive	Note
CONSULTORIA :59874	router16.teamviewer.com :https	188.6 KBytes	208.7 KBytes	Wed Jul 16 05:58:44 2025	Wed Jul 16 13:28:57 2025	7:30:13	49 sec	SYN ACK PUSH
CONSULTORIA :59857	client.wns.windows.com :https	10.7 KBytes	14.5 KBytes	Wed Jul 16 05:58:40 2025	Wed Jul 16 13:28:29 2025	7:29:49	1:17	SYN ACK PUSH
CONSULTORIA :61426	mtalk.google.com :https	26.4 KBytes	38.3 KBytes	Wed Jul 16 06:33:08 2025	Wed Jul 16 13:29:29 2025	6:56:21	17 sec	SYN ACK PUSH

The color of the host link indicates how recently the host was FIRST seen
0 to 5 minutes	5 to 15 minutes	15 to 30 minutes	30 to 60 minutes	60+ minutes

Report created on Wed Jul 16 13:29:46 2025 [ntop uptime: 2 days 9:17:10]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include only interface "eth0"