Rut Row - bad mojo Scooby!
 (C) 1998-2005 - Luca Deri  

 

 

Global Traffic Statistics

Network Interface(s)
NameDeviceTypeSpeedSampling RateMTUHeaderAddressIPv6 Addresses
eth0eth0Ethernet  015141474.94.88.241::/0
Local Domain Namewp.comcast.net 
Sampling SinceWed May 13 16:39:40 2009 [51 days 23:40:05]
Active End Nodes133
interface traffic chart

 

Traffic Report for 'eth0' [switch]

Packets
Dropped (libpcap)1.6%2,116,440
Dropped (ntop)0.0%0
Total Received (ntop)128,331,730
Total Packets Processed128,331,730
Unicast99.8%128,129,099
Broadcast0.2%202,561
Multicast0.0%70
pktCast distribution chart
Shortest36 bytes
Average Size521 bytes
Longest1,514 bytes
<= 64 bytes28.9%37,080,003
64 to 128 bytes23.1%29,611,057
129 to 256 bytes4.8%6,195,523
257 to 512 bytes4.4%5,698,853
513 to 1024 bytes3.9%4,963,277
1025 to 1518 bytes34.9%44,783,017
> 1518 bytes0.0%0
pktSize distribution chart
Packets too long [> 1514]0.0%0
Bad Packets (Checksum)0.0%0
Traffic
Total72.6 GB [128,331,730 Pkts]
IP Traffic72.5 GB [72.5 GB Pkts]
Fragmented IP Traffic4.8 MB [0.0%]
Non IP Traffic43.2 MB
ipTraffic chart
Average TTL75
TTL <= 320.0%27,859
32 < TTL <= 6453.9%69,177,525
64 < TTL <= 960.2%237,662
96 < TTL <= 12838.1%48,920,876
128 < TTL <= 1600.0%195
160 < TTL <= 1920.0%9,893
192 < TTL <= 2240.0%94
224 < TTL <= 2562.7%3,445,043
pktTTD distribution chart
Remote Hosts Distancehosts distance chart
Network Load
Actual384.3 Kbps48.8 Pkts/sec
Last Minute561.2 Kbps65.9 Pkts/sec
Last 5 Minutes231.8 Kbps32.1 Pkts/sec
Peak8.8 Mbps2032.2 Pkts/sec
Average138.8 Kbps28.6 Pkts/sec
Historical Data [ View rrd charts of historical data for this interface ]

 

Global Protocol Distribution

ProtocolDataPercentage
IP72.5 GB99.9%
TCP70.1 GB 96.6%
96.6%

 

UDP1.7 GB 2.3%
2.3%

 

ICMP60.4 MB 0% 
ICMPv63.7 KB 0% 
Other IP5.9 KB 0% 
(R)ARP31.4 MB 0% 
IPv65.2 KB 0% 
global protocol distribution chart

 

Global TCP/UDP Protocol Distribution

TCP/UDP ProtocolDataFlowsAccumulated Percentage / Historical Protocol View
FTP1.2 GB 2,3781.7%
1.7%

 

PROXY9.8 MB 1,6050% 

HTTP59.8 GB 2,019,24782.5%
82.5%

 

DNS446.8 MB 3,358,0390% 

Telnet135.5 KB 4900% 

NBios-IP7.2 MB 114,7120% 

Mail382.4 MB 2,4890% 

SNMP2.3 MB 19,7850% 

NEWS2.0 KB 130% 

DHCP-BOOTP6.5 KB 320% 

NFS6.1 MB 3,0030% 

X111002.7 KB 4,2510% 

SSH358.0 MB 18,5370% 

Gnutella1.3 MB 4,3500% 

Kazaa714.9 KB 1220% 

WinMX63.3 KB 580% 

eDonkey2.5 MB 6380% 

Messenger87.7 MB 70,5060% 

Other TCP/UDP-based Protocols10.2 GB 10,211,19714.1%
14.1%

 

Accumulated ViewGlobal ipProtocol distribution chart
Historical View

Note:
  • What is a flow?
    • TCP: a flows is a TCP connection.
    • UDP: a flow is a packet.
  • TCP flows are not accounted for fully (sender and recipient) remote peers.

 

TCP/UDP Traffic Port Distribution:
Last Minute View

TCP/UDP PortTotalSentRcvd
www802.7 MB2.6 MB92.8 KB
271827182.0 MB24.2 KB2.0 MB
27332733428.7 KB12.2 KB416.5 KB
2735273596.2 KB8.7 KB87.5 KB
2734273487.2 KB8.5 KB78.8 KB
pop3s99519.0 KB14.6 KB4.4 KB
https44315.9 KB12.8 KB3.1 KB
2729272910.3 KB1.4 KB8.9 KB
2736273610.3 KB9519.3 KB
56242562427.2 KB1.2 KB5.9 KB
47522475227.1 KB5.8 KB1.3 KB
37545375457.1 KB5.8 KB1.2 KB
56868568687.0 KB5.8 KB1.2 KB
42159421597.0 KB5.7 KB1.2 KB
51376513767.0 KB5.8 KB1.2 KB
10302103026.9 KB5.7 KB1.2 KB
47449474493.8 KB7103.1 KB
273027302.9 KB1.0 KB1.9 KB
273127312.9 KB10131.9 KB
273227322.9 KB1.0 KB1.9 KB
456545652.3 KB5061.9 KB
32859328592.1 KB5781.5 KB
62333623331.9 KB1.4 KB522
domain531.8 KB1.3 KB538
45570455701.7 KB6751.0 KB
462246221.5 KB931649
206620661.2 KB612587
45928459281.1 KB713461
300030001.1 KB461713
562195621962678548
10681068561336225
8585561225336
Notes:
  • sum(total traffic per port) = 2*(total IP traffic)
    because the traffic per port is counted twice (sent and received)
  • This report includes broadcast packets

This extract is just a sample of the packets ntop has seen.

Report created on Sat Jul 4 16:19:45 2009 [ntop uptime: 51 days 23:40:05]
Generated by ntop v.3.2 SourceForge .tgz [i686-pc-linux-gnu]
© 1998-2005 by Luca Deri, built: May 21 2007 17:35:55.
Listening on [eth0] for all packets (i.e. without a filtering expression)
Web reports include only interface "eth0"