Info about CPA-GAROFALO

Please enable make sure that the ntop html/ directory is properly installed

Info about CPA-GAROFALO

IP Address 192.168.1.15 [unicast] [ Purge Asset ]

First/Last Seen Mon Jun 9 05:18:33 2025 - Fri Jun 13 22:45:00 2025 [Inactive since 0 sec]

MAC Address Network Interface Card (NIC) 2C:F0:5D:99:7A:79

OS Name OS: Windows [Windows XP Pro, Windows 2000 Pro]

Host Location Local (inside specified/local subnet)

IP TTL (Time to Live) 1:128 [~0 hop(s)]

Total Data Sent 1.4 GBytes/8,156,376 Pkts/0 Retran. Pkts [0%]

Broadcast Pkts Sent 10,816 Pkts

Multicast Traffic Sent 1.1 MBytes/11,013 Pkts

Data Sent Stats
Local 0.6 %

Rem 99.4 %

IP vs. Non-IP Sent
IP 100 %

Non-IP 0 %

Total Data Rcvd 14.1 GBytes/13,605,579 Pkts/0 Retran. Pkts [0%]

Data Rcvd Stats
0 %

Rem 100 %

IP vs. Non-IP Rcvd
IP 100 %

Non-IP 0 %

Sent vs. Rcvd Pkts
Sent 37.5 %

Rcvd 62.5 %

Sent vs. Rcvd Data
Sent 9.2 %

Rcvd 90.8 %

Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host Type VoIP Host VoIP

Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
Wrong network mask or bridging enabled
Suspicious activities: too many host contacts
Unexpected packets (e.g. traffic to closed port or connection reset):

Unexpected packets (e.g. traffic to closed port or connection reset):
[Rcvd: rejected] [Sent: udp to closed] [Rcvd: rst] [Sent: closed-empty] [Rcvd: port unreac] [Rcvd: hostnet unreac]

Host Traffic Stats

Time	Tot. Traffic Sent	% Traffic Sent	Tot. Traffic Rcvd	% Traffic Rcvd
10 PM	3.5 MBytes	1.6 %	3.5 MBytes	0.3 %
9 PM	4.6 MBytes	2.1 %	7.5 MBytes	0.7 %
8 PM	5.0 MBytes	2.3 %	17.6 MBytes	1.5 %
7 PM	4.5 MBytes	2.1 %	16.3 MBytes	1.4 %
6 PM	4.7 MBytes	2.1 %	5.9 MBytes	0.5 %
5 PM	4.7 MBytes	2.1 %	5.3 MBytes	0.5 %
4 PM	4.8 MBytes	2.2 %	6.8 MBytes	0.6 %
3 PM	4.9 MBytes	2.2 %	17.7 MBytes	1.5 %
2 PM	5.0 MBytes	2.3 %	5.7 MBytes	0.5 %
1 PM	5.3 MBytes	2.4 %	19.1 MBytes	1.7 %
12 PM	43.2 MBytes	19.6 %	344.3 MBytes	29.9 %
11 AM	15.9 MBytes	7.2 %	83.4 MBytes	7.2 %
10 AM	16.0 MBytes	7.3 %	109.3 MBytes	9.5 %
9 AM	20.0 MBytes	9.1 %	129.7 MBytes	11.3 %
8 AM	8.8 MBytes	4.0 %	27.2 MBytes	2.4 %
7 AM	14.2 MBytes	6.5 %	106.6 MBytes	9.3 %
6 AM	17.7 MBytes	8.0 %	144.8 MBytes	12.6 %
5 AM	7.9 MBytes	3.6 %	36.5 MBytes	3.2 %
4 AM	4.7 MBytes	2.2 %	4.9 MBytes	0.4 %
3 AM	4.8 MBytes	2.2 %	4.8 MBytes	0.4 %
2 AM	4.8 MBytes	2.2 %	8.9 MBytes	0.8 %
1 AM	4.8 MBytes	2.2 %	19.4 MBytes	1.7 %
12 AM	5.0 MBytes	2.3 %	8.3 MBytes	0.7 %
11 PM	4.9 MBytes	2.2 %	16.8 MBytes	1.5 %
Total

Packet Statistics

TCP Connections	Directed to		Rcvd From
Attempted	189,462	espresso-pa.clients6.google.com ncc.avast.com googleads.g.doubleclick.net prod-dynamite-prod-02-us-signaler-pa.clients6.google.com prod.balrog.prod.cloudops.mozgcp.net e3913.cd.akamaiedge.net firefox.settings.services.mozilla.com incoming.telemetry.mozilla.org	0
Established	92,830 [49 %]	espresso-pa.clients6.google.com ncc.avast.com googleads.g.doubleclick.net prod-dynamite-prod-02-us-signaler-pa.clients6.google.com prod.balrog.prod.cloudops.mozgcp.net e3913.cd.akamaiedge.net firefox.settings.services.mozilla.com incoming.telemetry.mozilla.org	76	secure.adnxs.com stream-production.avcdn.net acp-ss-ue1.adobe.io cs.minutemedia-prebid.com hbopenbid.pubmatic.com csi.gstatic.com rtb.ex.co gum.criteo.com
Terminated	1,816	vid-io-cle.springserve.com vid-io-iad.springserve.com vid-io-iad.springserve.com compassingest-0.staging.cl15.k8s.mrf.io events.newsroom.bi csi.gstatic.com statics.creativecdn.com www.youtube.com	0
Rejected	0 [0 %]		26	v3.envialosimple.com

TCP Flags	Pkts Sent		Pkts Rcvd
SYN	189,462	espresso-pa.clients6.google.com ncc.avast.com googleads.g.doubleclick.net prod-dynamite-prod-02-us-signaler-pa.clients6.google.com prod.balrog.prod.cloudops.mozgcp.net e3913.cd.akamaiedge.net firefox.settings.services.mozilla.com incoming.telemetry.mozilla.org	0
RST\|ACK	31,172	signaler-pa.clients6.google.com config.edge.skype.com settings-win.data.microsoft.com stream-production.avcdn.net www.instagram.com v3.envialosimple.com stream-production.avcdn.net stream-production.avcdn.net	4,114	nexus.officeapps.live.com stream-production.avcdn.net stream-production.avcdn.net stream-production.avcdn.net stream-production.avcdn.net edge.microsoft.com edge.microsoft.com stream-production.avcdn.net
RST	29,708	stream-production.avcdn.net honzik.avcdn.net stream-production.avcdn.net firefox.settings.services.mozilla.com honzik.avcdn.net stream-production.avcdn.net stream-production.avcdn.net stream-production.avcdn.net	6,145	ss-prod-ue1-ns.aws.adobess.com ss-prod-ue1-ns.aws.adobess.com ss-prod-ue1-ns.aws.adobess.com acp-ss-ue1.adobe.io www.bing.com ss-prod-ue1-ns.aws.adobess.com acrobat.adobe.com ss-prod-ue1-ns.aws.adobess.com
NULL	350	00:24:8C:DE:84:31 aa.online-metrix.net stun.l.google.com	0

Anomaly	Pkts Sent to		Pkts Rcvd from
UDP Pkt to Closed Port	104	00:24:8C:DE:84:31	10,258	00:24:8C:DE:84:31 200.69.128.1
Closed Empty TCP Conn.	1,816	vid-io-cle.springserve.com vid-io-iad.springserve.com vid-io-iad.springserve.com compassingest-0.staging.cl15.k8s.mrf.io events.newsroom.bi csi.gstatic.com statics.creativecdn.com www.youtube.com	0
ICMP Port Unreachable	10,258	00:24:8C:DE:84:31 200.69.128.1	130	00:24:8C:DE:84:31 v3.envialosimple.com
ICMP Net Unreachable	0		11	200.80.220.74

ARP	Packet
Request Sent	206
Reply Rcvd	98 (47.6 %)
Reply Sent	10,878

Protocol Distribution

Protocol

Data Sent

Data Rcvd

TCP

1.3 GBytes

14.1 GBytes

UDP

139.1 MBytes

26.3 MBytes

ICMP

2.7 MBytes

45.9 KBytes

ICMPv6

0.3 KBytes

0.0 KBytes

IPv6

0.3 KBytes

0.0 KBytes

(R)ARP

497.9 KBytes

300.2 KBytes

IGMP

1.7 KBytes

0.0 KBytes

Protocol Distribution

IP Distribution

ICMP Traffic

Type	Pkt Sent	Pkt Rcvd
Echo Request	713	0
Echo Reply	0	105
Unreach	10,258	141
Time Exceeded	0	245

Last Contacted Peers

Sent To	IP Address
239.255.255.250	239.255.255.250
firefox.settings.services.mozilla.com	34.149.100.209
peoplestack-pa.clients6.google.com	142.250.79.138
incoming.telemetry.mozilla.org	34.120.208.123
00:24:8C:DE:84:31
200.69.128.1	200.69.128.1
edge-chat.instagram.com	31.13.94.51
e3913.cd.akamaiedge.net	23.54.251.198
Total Contacts	757052

Received From	IP Address
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201
e3913.cd.akamaiedge.net	23.54.251.198
00:24:8C:DE:84:31
mail.google.com	142.250.79.133
firefox.settings.services.mozilla.com	34.149.100.209
peoplestack-pa.clients6.google.com	142.250.79.138
incoming.telemetry.mozilla.org	34.120.208.123
edge-chat.instagram.com	31.13.94.51
Total Contacts	674439

IP Service Stats: Client Role

	# Loc. Req. Sent		# Rem. Req. Sent		# Pos. Reply Rcvd		# Neg. Reply Rcvd		Local RndTrip	Rem RndTrip
DNS	67,467	54.0%	55,786	45.0%	115,325	98.0%	1,260	1.0%	0.0 ms - 234212.7 sec	2.6 ms - 138456.9 sec
HTTP	0	0.0%	0	0.0%	786	100.0%	0	0.0%	0.0 ms - 0.0 ms	5396.6 sec - 349861.1 sec

TCP/UDP Service/Port Usage

IP Service	Port	# Client Sess.	Last Client Peer	# Server Sess.	Last Server Peer
ftp	21	69/1.1 KBytes	00:24:8C:DE:84:31
domain	53	38513/26.2 MBytes	200.69.128.1
bootps	67	5/0	00:24:8C:DE:84:31
bootpc	68	5/0	00:24:8C:DE:84:31
tftp	69	5/130	00:24:8C:DE:84:31
www	80	63962/870.9 MBytes	e3913.cd.akamaiedge.net
ntp	123	76/3.6 KBytes	time.windows.com	12/576	time.windows.com
netbios-ns	137	5/0	00:24:8C:DE:84:31
netbios-dgm	138	5/0	00:24:8C:DE:84:31
snmp	161	5/0	00:24:8C:DE:84:31
https	443	64162/13.6 GBytes	incoming.telemetry.mozilla.org
isakmp	500	5/0	00:24:8C:DE:84:31

TCP/UDP - Traffic on Other Ports

Client Port	Server Port
64771

TCP/UDP Recently Used Ports

Client Port	Server Port
64771	mdns

P2P Recently Exchanged Files

File Name
<unknown file>

182 Active TCP/UDP Sessions

Client	Server	Data Sent	Data Rcvd	Active Since	Last Seen	Duration	Inactive	Note
CPA-GAROFALO :64704	polka.typekit.com :https	3.9 KBytes	6.3 KBytes	Fri Jun 13 22:35:18 2025	Fri Jun 13 22:44:56 2025	9:38	4 sec	SYN ACK PUSH
CPA-GAROFALO :50320	web.whatsapp.com :https	312.0 KBytes	671.7 KBytes	Fri Jun 13 13:25:20 2025	Fri Jun 13 22:44:52 2025	9:19:32	8 sec	SYN ACK PUSH
CPA-GAROFALO :53303	web.whatsapp.com :https	247.7 KBytes	325.3 KBytes	Fri Jun 13 13:27:25 2025	Fri Jun 13 22:44:53 2025	9:17:28	7 sec	SYN ACK PUSH
CPA-GAROFALO :53710	static.cdninstagram.com :https	204.5 KBytes	198.1 KBytes	Fri Jun 13 14:20:31 2025	Fri Jun 13 22:45:00 2025	8:24:29	0 sec	SYN ACK PUSH
CPA-GAROFALO :54018	static.cdninstagram.com :https	189.6 KBytes	185.2 KBytes	Fri Jun 13 15:07:17 2025	Fri Jun 13 22:45:00 2025	7:37:43	0 sec	SYN ACK PUSH
CPA-GAROFALO :64707	waa-pa.clients6.google.com :https	5.9 KBytes	13.8 KBytes	Fri Jun 13 22:35:48 2025	Fri Jun 13 22:44:42 2025	8:54	18 sec	SYN ACK PUSH
CPA-GAROFALO :64708	waa-pa.clients6.google.com :https	46.5 KBytes	30.9 KBytes	Fri Jun 13 22:35:48 2025	Fri Jun 13 22:45:00 2025	9:12	0 sec	SYN ACK PUSH
CPA-GAROFALO :64736	mail.google.com :https	10.3 KBytes	7.8 KBytes	Fri Jun 13 22:40:14 2025	Fri Jun 13 22:45:00 2025	4:46	0 sec	SYN ACK PUSH
CPA-GAROFALO :64768	firefox.settings.services.mozilla.com :https	1.5 KBytes	5.2 KBytes	Fri Jun 13 22:45:00 2025	Fri Jun 13 22:45:00 2025	0 sec	0 sec	SYN ACK PUSH
CPA-GAROFALO :49708	mtalk.google.com :https	77.2 KBytes	187.4 KBytes	Fri Jun 13 02:02:03 2025	Fri Jun 13 22:44:33 2025	20:42:30	27 sec	SYN ACK PUSH
CPA-GAROFALO :64713	safebrowsing.googleapis.com :https	18.2 KBytes	18.1 KBytes	Fri Jun 13 22:36:01 2025	Fri Jun 13 22:44:51 2025	8:50	9 sec	SYN ACK PUSH
CPA-GAROFALO :64705	ssl.gstatic.com :https	9.0 KBytes	11.1 KBytes	Fri Jun 13 22:35:21 2025	Fri Jun 13 22:44:47 2025	9:26	13 sec	SYN ACK PUSH
CPA-GAROFALO :64696	ssl.gstatic.com :https	11.0 KBytes	13.4 KBytes	Fri Jun 13 22:34:23 2025	Fri Jun 13 22:44:43 2025	10:20	17 sec	SYN ACK PUSH
CPA-GAROFALO :64698	ssl.gstatic.com :https	6.0 KBytes	6.7 KBytes	Fri Jun 13 22:34:51 2025	Fri Jun 13 22:44:56 2025	10:05	4 sec	SYN ACK PUSH
CPA-GAROFALO :64744	ssl.gstatic.com :https	4.2 KBytes	4.7 KBytes	Fri Jun 13 22:41:12 2025	Fri Jun 13 22:44:22 2025	3:10	38 sec	SYN ACK PUSH
CPA-GAROFALO :64737	signaler-pa.clients6.google.com :https	2.9 KBytes	10.9 KBytes	Fri Jun 13 22:40:16 2025	Fri Jun 13 22:44:36 2025	4:20	24 sec	SYN ACK PUSH
CPA-GAROFALO :64750	ssl.gstatic.com :https	4.2 KBytes	4.7 KBytes	Fri Jun 13 22:42:42 2025	Fri Jun 13 22:44:22 2025	1:40	38 sec	SYN ACK PUSH
CPA-GAROFALO :64757	googleads.g.doubleclick.net :https	2.4 KBytes	5.2 KBytes	Fri Jun 13 22:43:47 2025	Fri Jun 13 22:44:33 2025	46 sec	27 sec	SYN ACK PUSH
CPA-GAROFALO :64699	play.google.com :https	84.8 KBytes	34.1 KBytes	Fri Jun 13 22:34:56 2025	Fri Jun 13 22:44:56 2025	10:00	4 sec	SYN ACK PUSH
CPA-GAROFALO :64748	play.google.com :https	6.4 KBytes	9.9 KBytes	Fri Jun 13 22:42:08 2025	Fri Jun 13 22:44:41 2025	2:33	19 sec	SYN ACK PUSH
CPA-GAROFALO :64701	prod-dynamite-prod-02-us-signaler-pa.clients6.google.com :https	24.4 KBytes	18.2 KBytes	Fri Jun 13 22:34:56 2025	Fri Jun 13 22:44:41 2025	9:45	19 sec	SYN ACK PUSH
mail.google.com :https	CPA-GAROFALO :64728	80	0	Fri Jun 13 22:42:33 2025	Fri Jun 13 22:42:33 2025	0 sec	2:27	ACK
CPA-GAROFALO :64715	www.googleapis.com :https	24.4 KBytes	22.1 KBytes	Fri Jun 13 22:36:10 2025	Fri Jun 13 22:44:47 2025	8:37	13 sec	SYN ACK PUSH
CPA-GAROFALO :49880	mtalk.google.com :https	71.1 KBytes	94.3 KBytes	Fri Jun 13 02:26:37 2025	Fri Jun 13 22:44:54 2025	20:18:17	6 sec	SYN ACK PUSH
CPA-GAROFALO :52311	nos.ns1.ff.avast.com :https	99.6 KBytes	144.6 KBytes	Wed Jun 11 06:53:12 2025	Fri Jun 13 22:44:37 2025	2 days 15:51:25	23 sec	SYN ACK PUSH
CPA-GAROFALO :50411	router3.teamviewer.com :https	941.2 KBytes	909.6 KBytes	Wed Jun 11 10:27:48 2025	Fri Jun 13 22:44:36 2025	2 days 12:16:48	24 sec	SYN ACK PUSH
CPA-GAROFALO :64759	prod-dynamite-prod-02-us-signaler-pa.clients6.google.com :https	1.9 KBytes	9.9 KBytes	Fri Jun 13 22:44:10 2025	Fri Jun 13 22:44:55 2025	45 sec	5 sec	SYN ACK PUSH
CPA-GAROFALO :64766	aus5.mozilla.org :https	1.3 KBytes	5.1 KBytes	Fri Jun 13 22:44:59 2025	Fri Jun 13 22:45:00 2025	1 sec	0 sec	SYN ACK PUSH
CPA-GAROFALO :49856	mtalk.google.com :https	71.1 KBytes	96.4 KBytes	Fri Jun 13 02:23:40 2025	Fri Jun 13 22:44:41 2025	20:21:01	19 sec	SYN ACK PUSH
CPA-GAROFALO :64669	ss-prod-ue1-ns.aws.adobess.com :https	11.8 KBytes	7.8 KBytes	Fri Jun 13 22:30:35 2025	Fri Jun 13 22:43:57 2025	13:22	1:03	SYN ACK PUSH
CPA-GAROFALO :64694	chat.google.com :https	283.5 KBytes	88.9 KBytes	Fri Jun 13 22:34:07 2025	Fri Jun 13 22:45:00 2025	10:53	0 sec	SYN ACK PUSH
CPA-GAROFALO :64751	espresso-pa.clients6.google.com :https	1.8 KBytes	10.1 KBytes	Fri Jun 13 22:42:56 2025	Fri Jun 13 22:44:27 2025	1:31	33 sec	SYN ACK PUSH
CPA-GAROFALO :64752	espresso-pa.clients6.google.com :https	4.2 KBytes	11.2 KBytes	Fri Jun 13 22:42:56 2025	Fri Jun 13 22:44:27 2025	1:31	33 sec	SYN ACK PUSH
CPA-GAROFALO :64771	incoming.telemetry.mozilla.org :https	8.8 KBytes	4.5 KBytes	Fri Jun 13 22:45:00 2025	Fri Jun 13 22:45:00 2025	0 sec	0 sec	SYN ACK PUSH
CPA-GAROFALO :57338	client.wns.windows.com :https	143.8 KBytes	169.6 KBytes	Fri Jun 13 09:36:20 2025	Fri Jun 13 22:44:28 2025	13:08:08	32 sec	SYN ACK PUSH
CPA-GAROFALO :59413	mtalk.google.com :https	73.5 KBytes	97.6 KBytes	Fri Jun 13 01:43:59 2025	Fri Jun 13 22:44:48 2025	21:00:49	12 sec	SYN ACK PUSH
CPA-GAROFALO :64761	stream-production.avcdn.net :https	781	8.9 KBytes	Fri Jun 13 22:44:37 2025	Fri Jun 13 22:44:37 2025	0 sec	23 sec	SYN ACK PUSH
CPA-GAROFALO :64767	ocsp.digicert.com :www	1.1 KBytes	2.3 KBytes	Fri Jun 13 22:44:59 2025	Fri Jun 13 22:45:00 2025	1 sec	0 sec	SYN ACK PUSH

The color of the host link indicates how recently the host was FIRST seen
0 to 5 minutes	5 to 15 minutes	15 to 30 minutes	30 to 60 minutes	60+ minutes

Report created on Fri Jun 13 22:45:00 2025 [ntop uptime: 4 days 18:32:15]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)