(C) 1998-2007 - Luca Deri  
Please enable make sure that the ntop html/ directory is properly installed

 

 

Info about CPA-GSAULO

IP Address192.168.1.192   [unicast] [ Purge Asset ]
First/Last SeenMon Jun 9 04:12:46 2025  -  Sat Jun 14 00:17:26 2025 [Inactive since 46 sec]
MAC Address Network Interface Card (NIC)3C:7C:3F:15:CB:D6 
OS NameOS: Windows [Windows XP Pro, Windows 2000 Pro] 
Host LocationLocal (inside specified/local subnet)
IP TTL (Time to Live)1:128 [~0 hop(s)]
Total Data Sent1012.8 MBytes/5,169,718 Pkts/0 Retran. Pkts [0%]
Broadcast Pkts Sent4,739 Pkts
Multicast TrafficSent 2.3 MBytes/8,699 Pkts 
Data Sent Stats
0 %
 
Rem 100 %
IP vs. Non-IP Sent
IP 100 %
 
Non-IP 0 %
Total Data Rcvd7.0 GBytes/7,621,803 Pkts/0 Retran. Pkts [0%]
Data Rcvd Stats
0 %
 
Rem 100 %
IP vs. Non-IP Rcvd
IP 100 %
 
Non-IP 0 %
Sent vs. Rcvd Pkts
Sent 40.4 %
  
Rcvd 59.6 %
Sent vs. Rcvd Data
Sent 12.3 %
  
Rcvd 87.7 %
Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host TypeVoIP Host VoIP
Known Users Users cpainformatica@cpaba.com.ar [ SMTP ]
Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
  1. Medium RiskWrong network mask or bridging enabled
  2. Medium RiskSuspicious activities: too many host contacts
  3. Medium RiskUnexpected packets (e.g. traffic to closed port or connection reset):
  4. Low RiskUnexpected packets (e.g. traffic to closed port or connection reset):
    [Rcvd: rst] [Sent: closed-empty] [Rcvd: hostnet unreac] 

 

Host Traffic Stats

TimeTot. Traffic Sent% Traffic SentTot. Traffic Rcvd% Traffic Rcvd
12 AM 29.5 KBytes0.0 %68.9 KBytes0.0 %
11 PM 83.3 KBytes0.1 %175.5 KBytes0.0 %
10 PM 1.8 MBytes1.4 %78.1 MBytes14.7 %
9 PM 318.3 KBytes0.2 %2.7 MBytes0.5 %
8 PM 88.0 KBytes0.1 %170.1 KBytes0.0 %
7 PM 92.1 KBytes0.1 %182.7 KBytes0.0 %
6 PM 99.5 KBytes0.1 %197.0 KBytes0.0 %
5 PM 80.2 KBytes0.1 %143.0 KBytes0.0 %
4 PM 124.7 KBytes0.1 %207.4 KBytes0.0 %
3 PM 1.8 MBytes1.4 %78.1 MBytes14.7 %
2 PM 90.3 KBytes0.1 %197.0 KBytes0.0 %
1 PM 112.4 KBytes0.1 %237.5 KBytes0.0 %
12 PM 2.6 MBytes2.0 %2.1 MBytes0.4 %
11 AM 12.6 MBytes9.9 %98.9 MBytes18.6 %
10 AM 13.5 MBytes10.6 %4.0 MBytes0.7 %
9 AM 6.4 MBytes5.0 %4.7 MBytes0.9 %
8 AM 5.5 MBytes4.3 %81.6 MBytes15.4 %
7 AM 5.2 MBytes4.1 %4.2 MBytes0.8 %
6 AM 5.7 MBytes4.5 %21.5 MBytes4.1 %
5 AM 61.2 MBytes48.3 %60.2 MBytes11.3 %
4 AM 6.9 MBytes5.4 %13.3 MBytes2.5 %
3 AM 257.8 KBytes0.2 %1.3 MBytes0.3 %
2 AM 104.9 KBytes0.1 %228.3 KBytes0.0 %
1 AM 2.3 MBytes1.8 %78.1 MBytes14.7 %
Total

 

Packet Statistics

TCP ConnectionsDirected toRcvd From
Attempted53,677 19
Established26,432 [49 %] 46 [100 %]
Terminated138 0 

TCP FlagsPkts SentPkts Rcvd
SYN53,677 19
RST|ACK5,270 1,781
RST0  892
NULL203 1

AnomalyPkts Sent toPkts Rcvd from
Closed Empty TCP Conn.138 0 
ICMP Net Unreachable0  26

ARPPacket
Request Sent3,318
Reply Rcvd2,231 (67.2 %)
Reply Sent9,703

 

Protocol Distribution

ProtocolData SentData Rcvd
TCP968.3 MBytes
95%

 

 7.0 GBytes100
UDP43.8 MBytes
4%

 

 9.7 MBytes 
ICMP82.6 KBytes  42.2 KBytes 
ICMPv60.2 KBytes  0.0 KBytes 
IPv60.2 KBytes  0.0 KBytes 
(R)ARP584.9 KBytes  325.2 KBytes 
IGMP1.4 KBytes  0.0 KBytes 
Protocol Distribution
IP Distribution

 

ICMP Traffic

TypePkt SentPkt Rcvd
Echo Request7980
Echo Reply0118
Unreach026
Time Exceeded0275

 

Last Contacted Peers

Sent ToIP Address
00:24:8C:DE:84:31 Network Card  
x1.c.lencr.org 23.197.241.56 
win10-trt.msedge.net 204.79.197.200 
array806.prod.do.dsp.mp.microsoft.com 40.65.127.46 
cp801.prod.do.dsp.mp.microsoft.com 92.123.85.188 
router12.teamviewer.com 188.172.252.69 
client.wns.windows.com 172.172.255.217 
Total Contacts183265
Received FromIP Address
router12.teamviewer.com 188.172.252.69 
00:24:8C:DE:84:31 Network Card  
client.wns.windows.com 172.172.255.217 
win10-trt.msedge.net 204.79.197.200 
200.69.128.1 200.69.128.1 
array806.prod.do.dsp.mp.microsoft.com 40.65.127.46 
cp801.prod.do.dsp.mp.microsoft.com 92.123.85.188 
v10.events.data.microsoft.com 51.104.15.252 
Total Contacts158618

 

IP Service Stats: Client Role

 # Loc. Req. Sent# Rem. Req. Sent# Pos. Reply Rcvd# Neg. Reply RcvdLocal RndTripRem RndTrip
DNS27,35262.0%16,10337.0%39,46698.0%7561.0%0.0 ms - 105867.1 sec1.0 ms - 52344.0 sec
HTTP00.0%00.0%2284.0%415.0%0.0 ms - 0.0 ms0.0 ms - 0.0 ms

 

TCP/UDP Service/Port Usage

IP ServicePort# Client Sess.Last Client Peer# Server Sess.Last Server Peer
smtp25128/103.9 KBytesmail.cpaba.com.ar   
domain5316240/9.7 MBytes00:24:8C:DE:84:31 Network Card   
www8060020/797.5 MBytesx1.c.lencr.org   
pop3110406/236.3 KBytesmail.cpaba.com.ar   
ntp12312/576time.windows.com 12/576time.windows.com
https44358744/6.0 GBytesrouter12.teamviewer.com   

 

TCP/UDP - Traffic on Other Ports

Client PortServer Port

 

TCP/UDP Recently Used Ports

Client PortServer Port

 

P2P Recently Exchanged Files

File Name
  1. <unknown file> Download 

 

248 Active TCP/UDP Sessions

ClientServerData SentData RcvdActive SinceLast SeenDurationInactiveLatencyL7 ProtoNote
CPA-GSAULO  VoIP Medium Risk Users P2P Server :53360router12.teamviewer.com  HTTP Server :https3.0 MBytes3.0 MBytesWed Jun 11 06:52:59 2025Sat Jun 14 00:17:26 20252 days 17:24:2746 sec   SYN ACK PUSH 
CPA-GSAULO  VoIP Medium Risk Users P2P Server :56063client.wns.windows.com  HTTP Server Low Risk :https160.4 KBytes189.2 KBytesFri Jun 13 09:41:10 2025Sat Jun 14 00:17:15 202514:36:0557 sec   SYN ACK PUSH 

The color of the host link indicates how recently the host was FIRST seen
  0 to 5 minutes     5 to 15 minutes     15 to 30 minutes     30 to 60 minutes     60+ minutes  
Report created on Sat Jun 14 00:18:12 2025 [ntop uptime: 4 days 20:05:26]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)