(C) 1998-2007 - Luca Deri  
Please enable make sure that the ntop html/ directory is properly installed

 

 

Info about CPA-Envios

IP Address192.168.1.191   [unicast] [ Purge Asset ]
First/Last SeenWed Jun 11 10:57:28 2025  -  Sat Jun 14 00:39:48 2025 [Inactive since 24 sec]
MAC Address Network Interface Card (NIC)70:71:BC:3B:ED:51 
OS NameOS: Windows [Windows 98 Second Edition] 
Host LocationLocal (inside specified/local subnet)
IP TTL (Time to Live)1:64 [~0 hop(s)]
Total Data Sent377.4 MBytes/5,937,540 Pkts/0 Retran. Pkts [0%]
Broadcast Pkts Sent423 Pkts
Multicast TrafficSent 165.9 KBytes/655 Pkts 
Data Sent Stats
Local 13.2 %
  
Rem 86.8 %
IP vs. Non-IP Sent
IP 100 %
 
Non-IP 0 %
Total Data Rcvd13.4 GBytes/9,787,197 Pkts/0 Retran. Pkts [0%]
Data Rcvd Stats
Local 23.7 %
  
Rem 76.3 %
IP vs. Non-IP Rcvd
IP 100 %
 
Non-IP 0 %
Sent vs. Rcvd Pkts
Sent 37.8 %
  
Rcvd 62.2 %
Sent vs. Rcvd Data
Sent 2.7 %
  
Rcvd 97.3 %
Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Known Users Users cpainformatica@cpaba.com.ar [ SMTP ]
ah68ker32s [ FTP ]
Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
  1. Medium RiskSuspicious activities: too many host contacts
  2. Medium RiskUnexpected packets (e.g. traffic to closed port or connection reset):
  3. Low RiskUnexpected packets (e.g. traffic to closed port or connection reset):
    [Rcvd: rst] [Sent: closed-empty] 

 

Host Traffic Stats

TimeTot. Traffic Sent% Traffic SentTot. Traffic Rcvd% Traffic Rcvd
12 AM 92.1 KBytes0.1 %130.2 KBytes0.0 %
11 PM 185.8 KBytes0.2 %306.5 KBytes0.0 %
10 PM 153.8 KBytes0.2 %259.7 KBytes0.0 %
9 PM 107.1 KBytes0.1 %198.3 KBytes0.0 %
8 PM 107.9 KBytes0.1 %174.9 KBytes0.0 %
7 PM 378.7 KBytes0.4 %822.1 KBytes0.0 %
6 PM 275.2 KBytes0.3 %251.8 KBytes0.0 %
5 PM 280.0 KBytes0.3 %1.4 MBytes0.1 %
4 PM 133.3 KBytes0.2 %197.1 KBytes0.0 %
3 PM 119.0 KBytes0.1 %174.4 KBytes0.0 %
2 PM 16.2 MBytes19.0 %1.1 GBytes41.2 %
1 PM 139.4 KBytes0.2 %220.2 KBytes0.0 %
12 PM 376.3 KBytes0.4 %9.1 MBytes0.3 %
11 AM 191.8 KBytes0.2 %1.9 MBytes0.1 %
10 AM 142.3 KBytes0.2 %231.8 KBytes0.0 %
9 AM 183.0 KBytes0.2 %476.1 KBytes0.0 %
8 AM 220.3 KBytes0.3 %336.1 KBytes0.0 %
7 AM 380.9 KBytes0.4 %840.9 KBytes0.0 %
6 AM 552.6 KBytes0.6 %474.6 KBytes0.0 %
5 AM 64.6 MBytes75.6 %1.5 GBytes58.1 %
4 AM 402.6 KBytes0.5 %357.4 KBytes0.0 %
3 AM 117.0 KBytes0.1 %195.9 KBytes0.0 %
2 AM 118.1 KBytes0.1 %183.0 KBytes0.0 %
1 AM 128.3 KBytes0.1 %193.6 KBytes0.0 %
Total

 

Packet Statistics

TCP ConnectionsDirected toRcvd From
Attempted6,114 2
Established3,057 [50 %] 2 [100 %]
Terminated1 0 

TCP FlagsPkts SentPkts Rcvd
SYN6,114 2
RST|ACK1,242 350
RST1 7
NULL33 0 

AnomalyPkts Sent toPkts Rcvd from
Closed Empty TCP Conn.1 0 

ARPPacket
Request Sent1,969
Reply Rcvd1,909 (97.0 %)
Reply Sent4,426

 

Protocol Distribution

ProtocolData SentData Rcvd
TCP376.5 MBytes100% 13.4 GBytes100
UDP609.6 KBytes  837.9 KBytes 
ICMPv60.2 KBytes  0.0 KBytes 
IPv60.2 KBytes  0.0 KBytes 
(R)ARP287.3 KBytes  172.9 KBytes 
IGMP1.3 KBytes  0.0 KBytes 
Protocol Distribution
IP Distribution

 

ICMP Traffic

TypePkt SentPkt Rcvd

 

Last Contacted Peers

Sent ToIP Address
router12.teamviewer.com 188.172.216.77 
client.wns.windows.com 172.172.255.217 
00:24:8C:DE:84:31 Network Card  
nustal05.advance.com.ar 200.0.243.10 
dsadata.intel.com 170.51.241.176 
dsadata.intel.com 170.51.241.155 
v10.events.data.microsoft.com 104.208.16.88 
Total Contacts3790
Received FromIP Address
functional.events.data.microsoft.com 52.182.143.208 
router12.teamviewer.com 188.172.216.77 
00:24:8C:DE:84:31 Network Card  
nustal05.advance.com.ar 200.0.243.10 
dsadata.intel.com 170.51.241.176 
dsadata.intel.com 170.51.241.155 
client.wns.windows.com 172.172.255.217 
v10.events.data.microsoft.com 104.208.16.88 
Total Contacts3142

 

IP Service Stats: Client Role

 # Loc. Req. Sent# Rem. Req. Sent# Pos. Reply Rcvd# Neg. Reply RcvdLocal RndTripRem RndTrip
DNS2,73880.0%65019.0%2,77599.0%40.0%0.1 ms - 1.4 sec3.2 ms - 260.9 ms

 

TCP/UDP Service/Port Usage

IP ServicePort# Client Sess.Last Client Peer# Server Sess.Last Server Peer
ftp211177/26.2 KBytes00:24:8C:DE:84:31 Network Card   
smtp25258/200.1 KBytesmail.cpaba.com.ar   
domain536057/852.8 KBytes00:24:8C:DE:84:31 Network Card   
www8011001/194.2 MBytesctldl.windowsupdate.com   
ntp1238/384time.windows.com 8/384time.windows.com
https44332985/6.8 GBytesclient.wns.windows.com   

 

TCP/UDP - Traffic on Other Ports

Client PortServer Port

 

TCP/UDP Recently Used Ports

Client PortServer Port

 

141 Active TCP/UDP Sessions

ClientServerData SentData RcvdActive SinceLast SeenDurationInactiveLatencyL7 ProtoNote
CPA-Envios Medium Risk Users :49720router11.teamviewer.com  HTTP Server :https2.1 MBytes2.2 MBytesWed Jun 11 17:45:25 2025Sat Jun 14 00:39:34 20252 days 6:54:0938 sec   SYN ACK PUSH 
CPA-Envios Medium Risk Users :56170client.wns.windows.com  HTTP Server Low Risk :https114.1 KBytes134.8 KBytesFri Jun 13 14:18:42 2025Sat Jun 14 00:39:48 202510:21:0624 sec   SYN ACK PUSH 

The color of the host link indicates how recently the host was FIRST seen
  0 to 5 minutes     5 to 15 minutes     15 to 30 minutes     30 to 60 minutes     60+ minutes  
Report created on Sat Jun 14 00:40:12 2025 [ntop uptime: 4 days 20:27:26]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include all interfaces (merged)