Info about Tribunal01

Please enable make sure that the ntop html/ directory is properly installed

Info about Tribunal01

IP Address 192.168.1.27 [unicast] [ Purge Asset ]

First/Last Seen Mon Jul 14 04:47:49 2025 - Wed Jul 16 15:49:15 2025 [Inactive since 1 sec]

MAC Address Network Interface Card (NIC) D8:43:AE:BB:DE:41

OS Name OS: Windows [Windows 2000 Professional SP4]

Host Location Local (inside specified/local subnet)

IP TTL (Time to Live) 1:128 [~0 hop(s)]

Total Data Sent 594.1 MBytes/3,122,689 Pkts/0 Retran. Pkts [0%]

Broadcast Pkts Sent 12,030 Pkts

Multicast Traffic Sent 2.4 MBytes/31,440 Pkts

Data Sent Stats
Local 0.7 %

Rem 99.3 %

IP vs. Non-IP Sent
IP 100 %

Non-IP 0 %

Total Data Rcvd 4.2 GBytes/4,735,182 Pkts/0 Retran. Pkts [0%]

Data Rcvd Stats
0 %

Rem 100 %

IP vs. Non-IP Rcvd
IP 100 %

Non-IP 0 %

Sent vs. Rcvd Pkts
Sent 39.7 %

Rcvd 60.3 %

Sent vs. Rcvd Data
Sent 12.2 %

Rcvd 87.8 %

Used Subnet Routers 00:24:8C:DE:84:31 Network Card
Host Type VoIP Host VoIP

Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
Wrong network mask or bridging enabled
Suspicious activities: too many host contacts
Unexpected packets (e.g. traffic to closed port or connection reset):
[Rcvd: rst] [Sent: closed-empty]

Host Traffic Stats

Time	Tot. Traffic Sent	% Traffic Sent	Tot. Traffic Rcvd	% Traffic Rcvd
3 PM	1.8 MBytes	0.6 %	1.2 MBytes	0.1 %
2 PM	2.2 MBytes	0.8 %	1.4 MBytes	0.1 %
1 PM	2.2 MBytes	0.8 %	3.3 MBytes	0.2 %
12 PM	9.9 MBytes	3.6 %	77.3 MBytes	3.7 %
11 AM	8.5 MBytes	3.1 %	94.3 MBytes	4.5 %
10 AM	32.4 MBytes	11.8 %	238.4 MBytes	11.3 %
9 AM	18.5 MBytes	6.8 %	215.7 MBytes	10.2 %
8 AM	38.8 MBytes	14.2 %	284.8 MBytes	13.4 %
7 AM	31.4 MBytes	11.5 %	289.6 MBytes	13.7 %
6 AM	36.1 MBytes	13.2 %	543.2 MBytes	25.7 %
5 AM	39.0 MBytes	14.3 %	222.8 MBytes	10.5 %
4 AM	22.8 MBytes	8.3 %	109.7 MBytes	5.2 %
3 AM	2.4 MBytes	0.9 %	1.3 MBytes	0.1 %
2 AM	2.4 MBytes	0.9 %	1.3 MBytes	0.1 %
1 AM	2.4 MBytes	0.9 %	3.4 MBytes	0.2 %
12 AM	2.5 MBytes	0.9 %	1.3 MBytes	0.1 %
11 PM	2.5 MBytes	0.9 %	1.5 MBytes	0.1 %
10 PM	2.4 MBytes	0.9 %	1.3 MBytes	0.1 %
9 PM	2.4 MBytes	0.9 %	3.4 MBytes	0.2 %
8 PM	2.5 MBytes	0.9 %	1.4 MBytes	0.1 %
7 PM	2.4 MBytes	0.9 %	1.4 MBytes	0.1 %
6 PM	2.3 MBytes	0.8 %	1.2 MBytes	0.1 %
5 PM	3.3 MBytes	1.2 %	15.9 MBytes	0.8 %
4 PM	2.5 MBytes	0.9 %	2.1 MBytes	0.1 %
Total

Packet Statistics

TCP Connections	Directed to		Rcvd From
Attempted	49,390	peoplestack-pa.clients6.google.com addons-pa.clients6.google.com accounts.google.com waa-pa.clients6.google.com google.com nf.smartscreen.microsoft.com clientservices.googleapis.com chat.google.com	0
Established	23,908 [48 %]	peoplestack-pa.clients6.google.com addons-pa.clients6.google.com accounts.google.com waa-pa.clients6.google.com google.com nf.smartscreen.microsoft.com clientservices.googleapis.com chat.google.com	48	sdk.mrf.io cdnjs.cloudflare.com static.cdn.adtarget.biz ssp-sync.criteo.com cm.adform.net ap.lijit.com ittpx.eskimi.com use3-sync.a-mo.net
Terminated	123	beacon-nf.rubiconproject.com sync.smartadserver.com ib.adnxs.com ib.adnxs.com secure.adnxs.com adx.adform.net secure.adnxs.com secure.adnxs.com	0

TCP Flags	Pkts Sent		Pkts Rcvd
SYN	49,390	peoplestack-pa.clients6.google.com addons-pa.clients6.google.com accounts.google.com waa-pa.clients6.google.com google.com nf.smartscreen.microsoft.com clientservices.googleapis.com chat.google.com	0
RST\|ACK	5,282	e2c73.gcp.gvt2.com outlook.office.com to-do.microsoft.com outlook.office.com v10.events.data.microsoft.com e2cs36.gcp.gvt2.com v10.events.data.microsoft.com windows.msn.com	367	ecs.office.com rr3---sn-ja5gv5g-x1xd.googlevideo.com rr5---sn-jup-x1xk.googlevideo.com rr1---sn-jup-x1xk.googlevideo.com px.ads.linkedin.com client.teamviewer.com rr2---sn-ja5gv5g-x1xl.googlevideo.com rr3---sn-jup-x1xk.googlevideo.com
RST	0		713	rr3---sn-ja5gv5g-x1xd.googlevideo.com us.ck-ie.com cs.pgammedia.com b1sync.outbrain.com server.smartytech.io rr3---sn-jup-x1xk.googlevideo.com rr2---sn-ja5gv5g-x1xs.googlevideo.com rr4---sn-ja5gv5g-x1xl.googlevideo.com

Anomaly	Pkts Sent to		Pkts Rcvd from
Closed Empty TCP Conn.	123	beacon-nf.rubiconproject.com sync.smartadserver.com ib.adnxs.com ib.adnxs.com secure.adnxs.com adx.adform.net secure.adnxs.com secure.adnxs.com	0

ARP	Packet
Request Sent	200
Reply Rcvd	4 (2.0 %)
Reply Sent	5,886

Protocol Distribution

Protocol

Data Sent

Data Rcvd

TCP

562.1 MBytes

4.2 GBytes

UDP

31.8 MBytes

9.7 MBytes

ICMP

1.3 KBytes

0.7 KBytes

ICMPv6

0.1 KBytes

0.0 KBytes

IPv6

0.1 KBytes

0.0 KBytes

(R)ARP

273.4 KBytes

161.1 KBytes

IGMP

0.4 KBytes

0.0 KBytes

Protocol Distribution

IP Distribution

ICMP Traffic

Type	Pkt Sent	Pkt Rcvd
Echo Request	13	0
Echo Reply	0	2
Time Exceeded	0	5

Last Contacted Peers

Sent To	IP Address
google.com	172.217.28.14
play.google.com	142.251.128.142
jnn-pa.googleapis.com	142.251.134.202
mtalk.google.com	64.233.190.188
client.wns.windows.com	172.211.123.249
router6.teamviewer.com	34.151.192.17
chat.google.com	142.251.128.78
00:24:8C:DE:84:31
Total Contacts	265038

Received From	IP Address
google.com	172.217.28.14
jnn-pa.googleapis.com	142.251.134.202
clientservices.googleapis.com	142.251.128.99
00:24:8C:DE:84:31
mtalk.google.com	64.233.190.188
client.wns.windows.com	172.211.123.249
router6.teamviewer.com	34.151.192.17
chat.google.com	142.251.128.78
Total Contacts	229705

IP Service Stats: Client Role

	# Loc. Req. Sent		# Rem. Req. Sent		# Pos. Reply Rcvd		# Neg. Reply Rcvd		Local RndTrip	Rem RndTrip
DNS	34,550	66.0%	17,108	33.0%	34,727	99.0%	73	0.0%	0.0 ms - 1.6 sec	3.4 ms - 219.7 ms

TCP/UDP Service/Port Usage

IP Service	Port	# Client Sess.	Last Client Peer	# Server Sess.	Last Server Peer
domain	53	5064/9.8 MBytes	00:24:8C:DE:84:31
www	80	52441/249.5 MBytes	ocsp.digicert.com
ntp	123	14/672	time.windows.com	14/672	time.windows.com
snmp	161	1/78	192.168.1.75
https	443	56442/4.1 GBytes	chat.google.com

TCP/UDP - Traffic on Other Ports

Client Port	Server Port
54530

TCP/UDP Recently Used Ports

Client Port	Server Port
54531	mdns

P2P Recently Exchanged Files

File Name
<unknown file>

335 Active TCP/UDP Sessions

Client	Server	Data Sent	Data Rcvd	Active Since	Last Seen	Duration	Inactive	Note
Tribunal01 :52700	client.wns.windows.com :https	8.4 KBytes	11.7 KBytes	Wed Jul 16 10:05:32 2025	Wed Jul 16 15:49:11 2025	5:43:39	5 sec	SYN ACK PUSH
Tribunal01 :54531	chat.google.com :https	6.3 KBytes	3.2 KBytes	Wed Jul 16 15:49:15 2025	Wed Jul 16 15:49:15 2025	0 sec	1 sec	SYN ACK PUSH
Tribunal01 :54475	peoplestack-pa.clients6.google.com :https	115.6 KBytes	64.1 KBytes	Wed Jul 16 15:19:19 2025	Wed Jul 16 15:49:13 2025	29:54	3 sec	SYN ACK PUSH
Tribunal01 :54397	mtalk.google.com :https	206.5 KBytes	260.8 KBytes	Mon Jul 14 04:50:01 2025	Wed Jul 16 15:49:09 2025	2 days 10:59:08	7 sec	SYN ACK PUSH
Tribunal01 :54162	router6.teamviewer.com :https	1.1 MBytes	1.1 MBytes	Mon Jul 14 04:48:06 2025	Wed Jul 16 15:49:15 2025	2 days 11:01:09	1 sec	SYN ACK PUSH
Tribunal01 :54530	google.com :https	3.8 KBytes	3.6 KBytes	Wed Jul 16 15:49:15 2025	Wed Jul 16 15:49:15 2025	0 sec	1 sec	SYN ACK PUSH

The color of the host link indicates how recently the host was FIRST seen
0 to 5 minutes	5 to 15 minutes	15 to 30 minutes	30 to 60 minutes	60+ minutes

Report created on Wed Jul 16 15:49:16 2025 [ntop uptime: 2 days 11:36:40]
Generated by ntop v.3.3 [x86_64-unknown-linux-gnu]
© 1998-2007 by Luca Deri, built: Aug 6 2008 09:54:10.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include only interface "eth0"