SANCP Reports

SANCP reports

Last 30 minutes Top 20 source IP addresses/signature by total

no_events	hostname	src_ip	signature	signature_id
5	sensor02	10.134.52.27 (hph-dns-a.asdadada.net) [] [i]	DNS SPOOF query response with TTL of 1 min. and no authority	254
4	sensor02	172.16.40.42 (172.16.40.42) [] [i]	VIRUS OUTBOUND bad file attachment	721
2	sensor02	12.40.252.133 (mail.hhconsultants.com) [] [i]	SSN NOT ENCRYPTED in E-mail	2000370
2	sensor02	172.16.40.42 (172.16.40.42) [] [i]	SSN NOT ENCRYPTED in E-mail	2000370
2	sensor02	172.16.40.41 (172.16.40.41) [] [i]	VIRUS OUTBOUND bad file attachment	721
1	sensor02	172.16.40.45 (chatthatweb01.as123123dadada.net) [] [i]	SSN NOT ENCRYPTED in Telnet	2000372
1	sensor02	Y.Y.32.41 (win98-exch-01.asdadada.net) [] [i]	SSN NOT ENCRYPTED in E-mail	2000370

Last 30 minutes Top 20 unclassified source IP addresses/signature by total

no_events	hostname	src_ip	signature	signature_id
5	sensor02	10.134.52.27 (hph-dns-a.asdadada.net) [] [i]	DNS SPOOF query response with TTL of 1 min. and no authority	254
4	sensor02	172.16.40.42 (172.16.40.42) [] [i]	VIRUS OUTBOUND bad file attachment	721
2	sensor02	12.40.252.133 (mail.hhconsultants.com) [] [i]	SSN NOT ENCRYPTED in E-mail	2000370
2	sensor02	172.16.40.42 (172.16.40.42) [] [i]	SSN NOT ENCRYPTED in E-mail	2000370
2	sensor02	172.16.40.41 (172.16.40.41) [] [i]	VIRUS OUTBOUND bad file attachment	721
1	sensor02	172.16.40.45 (chatthatweb01.as123123dadada.net) [] [i]	SSN NOT ENCRYPTED in Telnet	2000372
1	sensor02	Y.Y.32.41 (win98-exch-01.asdadada.net) [] [i]	SSN NOT ENCRYPTED in E-mail	2000370

Last 30 minutes Top 20 signatures by total

no_events	hostname	signature	signature_id
6	sensor02	VIRUS OUTBOUND bad file attachment	721
5	sensor02	DNS SPOOF query response with TTL of 1 min. and no authority	254
5	sensor02	SSN NOT ENCRYPTED in E-mail	2000370
1	sensor02	SSN NOT ENCRYPTED in Telnet	2000372

Last 30 minutes Top 20 unclassified signatures by total

no_events	hostname	signature	signature_id
6	sensor02	VIRUS OUTBOUND bad file attachment	721
5	sensor02	DNS SPOOF query response with TTL of 1 min. and no authority	254
5	sensor02	SSN NOT ENCRYPTED in E-mail	2000370
1	sensor02	SSN NOT ENCRYPTED in Telnet	2000372

Last 10 minutes Top 40 proto/dst_port combinations ordered by total src_bytes

no_conns	hostname	dst_port	ip_proto	total_src_bytes	total_dst_bytes
1391	sensor02	25	tcp	21575709	522865
23475	sensor01	80	tcp	18712945	169941175
372	sensor01	25	tcp	5167388	161673
1591	sensor01	443	tcp	2661437	13907798
2	sensor01	3283	tcp	894680	696
77	sensor02	161	udp	872618	919460
1	sensor01	3707	tcp	768255	0
172	sensor02	443	tcp	582406	2985539
140	sensor02	1433	tcp	572207	7464938
1	sensor01	1573	tcp	403358	0
462	sensor02	80	tcp	403235	3516100
88	sensor01	161	udp	329393	346314
77	sensor01	1433	tcp	257905	3530370
1	sensor01	2294	tcp	177304	0
2	sensor02	1521	tcp	169400	460601
1	sensor01	4608	tcp	144087	0
4	sensor01	993	tcp	131453	7898
2	sensor01	1171	tcp	118682	0
152	sensor02	53	udp	103283	217751
1	sensor01	2227	tcp	91147	815
525	sensor01	53	udp	82724	227705
1	sensor01	2722	tcp	77023	0
1	sensor01	56743	tcp	74989	6180
1	sensor01	2456	tcp	70375	0
1	sensor01	4300	tcp	68052	0
1	sensor01	4169	tcp	65109	0
1	sensor01	3627	tcp	64912	0
1	sensor01	2455	tcp	63844	0
1	sensor01	3893	tcp	63651	852
1	sensor01	1711	tcp	55620	0
1	sensor01	2846	tcp	55049	1063
1	sensor01	4319	tcp	53858	907
535	sensor02	5005	tcp	52721	42800
1	sensor01	2519	tcp	49042	872
1	sensor01	4556	tcp	47529	448
1	sensor01	4275	tcp	45829	243
1	sensor01	2072	tcp	44349	298
2	sensor01	1714	tcp	43638	0
1	sensor01	22361	udp	43312	0
1	sensor01	1200	tcp	42909	0

Last 10 minutes Top 40 proto/dst_port combinations ordered by total dst_bytes

no_conns	hostname	dst_port	ip_proto	total_src_bytes	total_dst_bytes
23432	sensor01	80	tcp	18688132	169746152
1587	sensor01	443	tcp	2656485	13893572
140	sensor02	1433	tcp	572207	7464938
77	sensor01	1433	tcp	257905	3530370
462	sensor02	80	tcp	403235	3516100
172	sensor02	443	tcp	582406	2985539
1	sensor01	1935	tcp	3939	1019519
77	sensor02	161	udp	872618	919460
1387	sensor02	25	tcp	21526493	521599
2	sensor02	1521	tcp	169400	460601
88	sensor01	161	udp	329393	346314
525	sensor01	53	udp	82724	227705
151	sensor02	53	udp	102674	216618
1	sensor01	4779	tcp	0	184012
368	sensor01	25	tcp	5134089	160049
13	sensor01	995	tcp	6851	117734
1	sensor02	1494	tcp	11993	93586
2	sensor01	10000	tcp	6976	82688
20	sensor02	23	tcp	12813	49771
24	sensor01	23	tcp	8640	47665
20	sensor01	22	tcp	34941	45277
535	sensor02	5005	tcp	52721	42800
17	sensor01	5190	tcp	14887	29096
255	sensor01	5005	tcp	24536	20112
17	sensor02	5031	tcp	11800	16960
1	sensor01	4032	udp	10542	8893
2	sensor01	21	tcp	8584	8892
1	sensor01	4445	tcp	3433	8189
7	sensor01	8080	tcp	2420	8114
4	sensor01	993	tcp	131453	7898
1	sensor01	56743	tcp	74989	6180
1	sensor01	8000	tcp	778	5213
1	sensor01	3601	tcp	2430	4108
37	sensor02	0	icmp	4424	3944
1	sensor01	2392	tcp	3158	3915
1	sensor01	4349	tcp	8359	3707
3	sensor01	110	tcp	672	3614
1	sensor01	3120	tcp	17431	3513
1	sensor01	2578	tcp	41483	3179
3	sensor01	5031	tcp	1812	2997

Last 10 minutes Top 40 proto/dst_port combinations ordered by connections

no_conns	hostname	dst_port	ip_proto	total_src_bytes	total_dst_bytes
23432	sensor01	80	tcp	18688132	169746152
1587	sensor01	443	tcp	2656485	13893572
1387	sensor02	25	tcp	21526493	521599
535	sensor02	5005	tcp	52721	42800
525	sensor01	53	udp	82724	227705
462	sensor02	80	tcp	403235	3516100
368	sensor01	25	tcp	5134089	160049
255	sensor01	5005	tcp	24536	20112
172	sensor02	443	tcp	582406	2985539
151	sensor02	53	udp	102674	216618
140	sensor02	1433	tcp	572207	7464938
109	sensor01	8585	tcp	0	0
88	sensor01	161	udp	329393	346314
77	sensor02	161	udp	872618	919460
77	sensor01	1433	tcp	257905	3530370
39	sensor01	0	icmp	20101	1040
37	sensor02	0	icmp	4424	3944
25	sensor01	138	udp	6308	0
24	sensor01	23	tcp	8640	47665
22	sensor01	4141	tcp	0	0
22	sensor01	1801	tcp	0	0
20	sensor01	22	tcp	34941	45277
20	sensor02	23	tcp	12813	49771
17	sensor01	5190	tcp	14887	29096
17	sensor02	5031	tcp	11800	16960
14	sensor02	137	udp	3132	0
13	sensor01	995	tcp	6851	117734
13	sensor01	123	udp	728	728
12	sensor01	9100	tcp	0	0
10	sensor01	1238	tcp	0	0
10	sensor01	1216	tcp	0	0
10	sensor01	1212	tcp	0	0
10	sensor01	1232	tcp	0	0
8	sensor01	26280	tcp	0	77
8	sensor01	5050	tcp	389	347
7	sensor01	8080	tcp	2420	8114
5	sensor01	137	udp	2083	0
4	sensor01	993	tcp	131453	7898
4	sensor01	631	tcp	0	0
3	sensor01	1118	udp	1302	251

Last 10 minutes Top 40 destination IP addresses ordered by connections

no_conns	hostname	dst_ip	total_src_bytes	total_dst_bytes
1365	sensor01	205.161.4.143 (205.161.4.143) [] [i]	1621001	3729292
897	sensor01	205.161.4.137 (205.161.4.137) [] [i]	347752	2464198
533	sensor02	10.4.7.63 (10.4.7.63) [] [i]	52530	42640
364	sensor01	159.53.0.16 (159.53.0.16) [] [i]	263638	2266713
347	sensor02	172.16.30.39 (172.16.30.39) [] [i]	6350705	62537
343	sensor01	216.148.226.74 (mailcenter.comcast.net) [] [i]	536029	298959
342	sensor01	205.161.4.129 (205.161.4.129) [] [i]	135524	1203443
330	sensor02	Y.Y.6.64 (Y.Y.6.64) [] [i]	6118117	191867
326	sensor01	205.205.16.182 (205.205.16.182) [] [i]	1623627	6267151
294	sensor01	205.161.4.134 (205.161.4.134) [] [i]	146512	2421778
290	sensor02	63.71.8.41 (prod-www.zixcorp.com) [] [i]	210895	696284
289	sensor01	205.161.4.128 (205.161.4.128) [] [i]	194089	1751452
253	sensor01	10.4.7.63 (10.4.7.63) [] [i]	24327	19952
239	sensor01	205.161.4.145 (205.161.4.145) [] [i]	120142	445397
231	sensor01	209.8.104.199 (209-8-104-199.btnaccess.net) [] [i]	208782	456978
229	sensor01	128.121.224.109 (bassvs2.firstipp.com) [] [i]	84244	852102
228	sensor01	205.161.4.144 (205.161.4.144) [] [i]	184967	2128343
227	sensor01	64.4.55.109 (origin.gfx2.hotmail.com) [] [i]	103375	110881
226	sensor01	194.129.79.7 (194.129.79.7) [] [i]	136647	512440
222	sensor01	63.111.24.21 (image1.weather.com) [] [i]	96284	138166
216	sensor01	205.161.4.135 (205.161.4.135) [] [i]	135233	937610
215	sensor01	66.230.239.174 (66.230.239.174) [] [i]	106036	827792
200	sensor02	Y.Y.32.44 (exchange02.asdadada.net) [] [i]	6800	84600
200	sensor02	Y.Y.32.43 (exchange01.as123123dadada.net) [] [i]	6800	84600
194	sensor01	199.181.132.244 (espn.go.com) [] [i]	219407	1353091
191	sensor01	206.24.222.155 (206.24.222.155) [] [i]	98995	718289
185	sensor01	170.131.137.64 (www.eway.com) [] [i]	97439	1079878
174	sensor01	204.127.195.15 (www.comcast.net) [] [i]	175147	249685
169	sensor01	64.152.73.207 (d-content-vip01.colo.gator.com) [] [i]	42378	272310
169	sensor01	64.94.137.51 (ads.180solutions.com) [] [i]	431137	950
165	sensor01	12.181.161.29 (12.181.161.29) [] [i]	65057	712487
157	sensor01	66.218.87.254 (p1.ymdb.vip.scd.yahoo.com) [] [i]	77743	370313
148	sensor01	69.63.131.190 (69.63.131.190) [] [i]	127907	1410025
145	sensor01	205.161.4.136 (205.161.4.136) [] [i]	180320	779529
145	sensor01	64.236.42.47 (64.236.42.47) [] [i]	58453	103975
144	sensor01	204.127.205.10 (mailcenter.comcast.net) [] [i]	240593	226579
140	sensor02	Y.Y.32.52 (sql2kbink12data.asdadada.net) [] [i]	572207	7464938
139	sensor01	64.209.168.40 (bor-clust02.ofoto.com) [] [i]	73334	1136710
138	sensor01	64.233.167.147 (64.233.167.147) [] [i]	80119	855466
132	sensor02	172.16.40.36 (ddsps06.asdadada.net) [] [i]	407530	2345979

Last 10 minutes Top 40 destination IP addresses ordered by total src_bytes

no_conns	hostname	dst_ip	total_src_bytes	total_dst_bytes
327	sensor02	172.16.30.39 (172.16.30.39) [] [i]	6195500	58541
319	sensor02	Y.Y.6.64 (Y.Y.6.64) [] [i]	5981501	185439
142	sensor01	Y.Y.6.64 (Y.Y.6.64) [] [i]	3592281	93339
78	sensor02	172.16.40.41 (172.16.40.41) [] [i]	2396123	15384
94	sensor01	Y.Y.6.66 (sec010101.asdadada.net) [] [i]	2192809	30127
351	sensor01	205.205.16.182 (205.205.16.182) [] [i]	1560300	5322274
1250	sensor01	205.161.4.143 (205.161.4.143) [] [i]	1466113	3471062
49	sensor01	Y.Y.8.25 (sec010102.asdadada.net) [] [i]	1393965	17431
121	sensor01	Y.Y.8.75 (sec010104.asdadada.net) [] [i]	1246019	28375
52	sensor01	Y.Y.6.55 (sec010103.asdadada.net) [] [i]	1183484	16603
2	sensor02	63.240.76.26 (gateway-s.comcast.net) [] [i]	1078896	635
37	sensor01	172.16.40.41 (172.16.40.41) [] [i]	1070424	7434
53	sensor02	172.16.40.42 (172.16.40.42) [] [i]	971148	10287
4	sensor01	64.68.125.47 (epcb12.webex.com) [] [i]	698149	870
27	sensor01	172.16.40.42 (172.16.40.42) [] [i]	643840	5337
137	sensor02	Y.Y.32.52 (sql2kbink12data.asdadada.net) [] [i]	571802	7463747
214	sensor01	64.94.137.51 (ads.180solutions.com) [] [i]	558915	950
57	sensor01	64.94.40.201 (cmsupgrade.as123123dadada.net) [] [i]	528843	193372
1	sensor02	216.125.146.126 (winntmail1.cityofchicago.net) [] [i]	454744	268
8	sensor02	172.16.30.7 (172.16.30.7) [] [i]	434827	456843
8	sensor02	172.16.30.6 (172.16.30.6) [] [i]	433936	455952
11	sensor02	129.105.16.48 (drjimmy.it.northwestern.edu) [] [i]	392636	3213
139	sensor02	172.16.40.36 (ddsps06.asdadada.net) [] [i]	388796	2378292
938	sensor01	205.161.4.137 (205.161.4.137) [] [i]	350575	2766564
195	sensor01	216.148.226.74 (mailcenter.comcast.net) [] [i]	308589	179292
7	sensor02	129.105.16.56 (northwestern.edu) [] [i]	294623	2029
177	sensor01	204.127.205.10 (mailcenter.comcast.net) [] [i]	294134	275285
94	sensor01	209.237.248.138 (3janehosting-138.3jane.com) [] [i]	291388	234043
11	sensor01	129.105.16.57 (merle.it.northwestern.edu) [] [i]	265221	44479
363	sensor01	159.53.0.16 (159.53.0.16) [] [i]	262366	2232936
75	sensor02	172.16.40.50 (webbink12.as123123dadada.net) [] [i]	260973	591072
250	sensor01	216.154.251.118 (216.154.251.118) [] [i]	257954	1134128
64	sensor01	Y.Y.32.52 (sql2kbink12data.asdadada.net) [] [i]	249698	3028139
1	sensor02	65.246.254.237 (mailgw.us.maynepharma.com) [] [i]	248254	442
300	sensor02	63.71.8.41 (prod-www.zixcorp.com) [] [i]	221009	717248
4	sensor02	67.28.113.10 (mta-v4.level3.mail.yahoo.com) [] [i]	211487	1081
231	sensor01	209.8.104.199 (209-8-104-199.btnaccess.net) [] [i]	208782	456978
283	sensor01	205.161.4.128 (205.161.4.128) [] [i]	203803	1724529
1	sensor02	68.79.213.100 (neuromail.neurosource.com) [] [i]	202576	187
155	sensor01	205.161.4.136 (205.161.4.136) [] [i]	200219	822730

Last 10 minutes Top 40 destination IP addresses ordered by total dst_bytes

no_conns	hostname	dst_ip	total_src_bytes	total_dst_bytes
1	sensor01	66.250.131.190 (66.250.131.190) [] [i]	639	9136015
148	sensor02	Y.Y.32.52 (sql2kbink12data.asdadada.net) [] [i]	748642	8276143
350	sensor01	205.205.16.182 (205.205.16.182) [] [i]	1557664	5286319
4	sensor01	66.179.5.143 (66.179.5.143) [] [i]	1778	4705294
120	sensor01	63.240.11.70 (www.utdol.com) [] [i]	106211	4310296
3	sensor01	66.218.66.163 (attach10.grp.vip.scd.yahoo.com) [] [i]	1300	3652725
1238	sensor01	205.161.4.143 (205.161.4.143) [] [i]	1437469	3382808
51	sensor01	66.235.193.132 (st06.startlogic.com) [] [i]	17441	3319508
64	sensor01	Y.Y.32.52 (sql2kbink12data.asdadada.net) [] [i]	249698	3028139
1	sensor01	12.120.45.20 (12.120.45.20) [] [i]	729	2815926
938	sensor01	205.161.4.137 (205.161.4.137) [] [i]	350575	2766564
12	sensor01	4.79.142.6 (4.79.142.6) [] [i]	9171	2503270
363	sensor01	159.53.0.16 (159.53.0.16) [] [i]	262366	2232936
140	sensor02	172.16.40.36 (ddsps06.asdadada.net) [] [i]	335566	2090495
196	sensor01	205.161.4.144 (205.161.4.144) [] [i]	160813	2015365
291	sensor01	205.161.4.134 (205.161.4.134) [] [i]	133987	1977411
47	sensor01	128.30.52.25 (web5.w3.net) [] [i]	11728	1970082
56	sensor01	169.207.177.133 (169.207.177.133) [] [i]	20481	1958436
283	sensor01	205.161.4.128 (205.161.4.128) [] [i]	203803	1724529
69	sensor01	194.103.63.75 (www.hm.com) [] [i]	26785	1681034
108	sensor01	209.62.176.188 (eqnjmdvip1.doubleclick.net) [] [i]	58314	1589105
148	sensor01	69.63.131.190 (69.63.131.190) [] [i]	127907	1410025
41	sensor01	206.190.35.122 (story1.news.vip.re2.yahoo.com) [] [i]	40717	1366467
5	sensor01	68.142.72.8 (cdn-68-142-72-8.ord.llnw.net) [] [i]	1417	1338343
14	sensor01	66.163.168.145 (f800.mail.yahoo.com) [] [i]	50574	1246548
64	sensor02	172.16.30.30 (172.16.30.30) [] [i]	83475	1230045
351	sensor01	205.161.4.129 (205.161.4.129) [] [i]	135983	1209093
42	sensor01	208.178.1.42 (208.178.1.42) [] [i]	12751	1207208
2	sensor01	10.132.34.28 (10.132.34.28) [] [i]	24	1187893
52	sensor01	209.100.85.31 (209.100.85.31) [] [i]	16097	1183521
250	sensor01	216.154.251.118 (216.154.251.118) [] [i]	257954	1134128
191	sensor01	170.131.137.64 (www.eway.com) [] [i]	102220	1105950
138	sensor01	64.209.168.40 (bor-clust02.ofoto.com) [] [i]	72893	1105625
42	sensor01	204.0.181.222 (www.neimanmarcus.com) [] [i]	32055	1067644
64	sensor01	128.114.50.181 (hgw1.cse.ucsc.edu) [] [i]	30711	1048567
118	sensor01	205.161.4.142 (205.161.4.142) [] [i]	77245	1028884
21	sensor01	68.142.225.198 (f546.mail.yahoo.com) [] [i]	93468	967357
153	sensor01	64.233.167.147 (64.233.167.147) [] [i]	84802	930953
150	sensor01	199.181.132.244 (espn.go.com) [] [i]	187109	917107
210	sensor01	205.161.4.135 (205.161.4.135) [] [i]	132208	908512

Last 10 minutes Top 40 source IP addresses ordered by connections

no_conns	hostname	src_ip	total_src_bytes	total_dst_bytes
7595	sensor01	Y.Y.6.66 (sec010101.asdadada.net) [] [i]	5998047	50367817
6954	sensor01	Y.Y.8.75 (sec010104.asdadada.net) [] [i]	4603944	45373257
6288	sensor01	Y.Y.6.55 (sec010103.asdadada.net) [] [i]	4660067	41386912
4981	sensor01	Y.Y.8.25 (sec010102.asdadada.net) [] [i]	3657933	38454672
528	sensor02	172.16.40.42 (172.16.40.42) [] [i]	17470975	660309
454	sensor02	172.16.40.41 (172.16.40.41) [] [i]	6785087	619205
346	sensor01	X.X.17.2 (ns.as123123dadada.net) [] [i]	34935	119158
207	sensor01	X.X.17.9 (ns1.as123123dadada.net) [] [i]	15275	53468
205	sensor02	172.16.30.6 (172.16.30.6) [] [i]	6970	86715
204	sensor02	172.16.30.7 (172.16.30.7) [] [i]	6936	86292
150	sensor01	10.138.4.109 (r1603-pc-5th-cd.asdadada.net) [] [i]	32769	26970
137	sensor02	172.16.40.31 (ddspf02.asdadada.net) [] [i]	336080	5058661
112	sensor01	Y.Y.37.13 (Y.Y.37.13) [] [i]	606351	1927495
102	sensor01	10.144.4.110 (10.144.4.110) [] [i]	291565	1310
102	sensor02	172.16.40.30 (ddspf01.asdadada.net) [] [i]	380995	3007769
101	sensor01	X.X..24.156 (X.X..24.156) [] [i]	367	490
100	sensor02	Y.Y.6.55 (sec010103.asdadada.net) [] [i]	123381	916298
99	sensor01	172.16.30.7 (172.16.30.7) [] [i]	3366	41877
98	sensor01	172.16.30.6 (172.16.30.6) [] [i]	3258	40661
97	sensor01	10.144.6.60 (10.144.6.60) [] [i]	467302	1641153
95	sensor01	172.16.40.42 (172.16.40.42) [] [i]	2290800	52002
81	sensor01	Y.Y.18.201 (Y.Y.18.201) [] [i]	502674	1101579
79	sensor01	10.4.7.88 (r1603-pc-6-dl1.asdadada.net) [] [i]	562107	980668
76	sensor02	172.16.30.39 (172.16.30.39) [] [i]	0	0
76	sensor01	10.132.24.83 (10.132.24.83) [] [i]	211974	0
73	sensor01	172.16.40.41 (172.16.40.41) [] [i]	1542443	41959
66	sensor02	67.38.111.245 (adsl-67-38-111-245.dsl.chcgil.ameritech.net) [] [i]	17648	60776
65	sensor01	10.144.2.10 (10.144.2.10) [] [i]	0	0
64	sensor01	10.4.7.159 (r1603-pc-5th-cb.asdadada.net) [] [i]	105058	245276
63	sensor02	172.16.40.45 (chatthatweb01.as123123dadada.net) [] [i]	14307	47927
61	sensor01	172.16.40.31 (ddspf02.asdadada.net) [] [i]	84839	1951799
60	sensor02	172.16.30.100 (ecweb100.as123123dadada.net) [] [i]	9848	12019
60	sensor02	172.16.40.46 (chatthatweb02.as123123dadada.net) [] [i]	10102	15509
59	sensor01	X.X..24.135 (X.X..24.135) [] [i]	41550	87001
57	sensor01	172.16.40.30 (ddspf01.asdadada.net) [] [i]	172214	1409755
57	sensor02	172.16.30.29 (as123123dadadaftp01.as123123dadada.net) [] [i]	6422	4549
56	sensor02	172.16.30.200 (as123123dadadapathweb.as123123dadada.net) [] [i]	13871	4097
53	sensor02	172.16.40.20 (csg01.asdadada.net) [] [i]	6562	4432
52	sensor02	172.16.40.21 (csg02.asdadada.net) [] [i]	5378	4844
51	sensor02	172.16.40.56 (erooms.as123123dadada.net) [] [i]	4851	4038

Last 10 minutes Top 40 source IP addresses ordered by total src_bytes

no_conns	hostname	src_ip	total_src_bytes	total_dst_bytes
528	sensor02	172.16.40.42 (172.16.40.42) [] [i]	17470975	660309
454	sensor02	172.16.40.41 (172.16.40.41) [] [i]	6785087	619205
7595	sensor01	Y.Y.6.66 (sec010101.asdadada.net) [] [i]	5998047	50367817
6288	sensor01	Y.Y.6.55 (sec010103.asdadada.net) [] [i]	4660067	41386912
6954	sensor01	Y.Y.8.75 (sec010104.asdadada.net) [] [i]	4603944	45373257
4981	sensor01	Y.Y.8.25 (sec010102.asdadada.net) [] [i]	3657933	38454672
48	sensor02	Y.Y.32.41 (win98-exch-01.asdadada.net) [] [i]	2937090	10430
95	sensor01	172.16.40.42 (172.16.40.42) [] [i]	2290800	52002
73	sensor01	172.16.40.41 (172.16.40.41) [] [i]	1542443	41959
1	sensor01	66.179.5.143 (66.179.5.143) [] [i]	1527187	0
1	sensor02	216.203.33.147 (exchowa02.imcglobal.com) [] [i]	1524177	201
1	sensor02	64.232.129.146 (146.129.232.64.transedge.com) [] [i]	992494	201
21	sensor01	Y.Y.32.41 (win98-exch-01.asdadada.net) [] [i]	899001	4492
1	sensor01	61.213.147.82 (a61-213-147-82.deploy.akamaitechnologies.com) [] [i]	885436	0
16	sensor02	Y.Y.18.201 (Y.Y.18.201) [] [i]	868763	912795
1	sensor01	66.235.214.96 (ds214-96.ipowerweb.com) [] [i]	768255	0
4	sensor01	Y.Y.6.44 (eskerfax2.asdadada.net) [] [i]	698149	870
112	sensor01	Y.Y.37.13 (Y.Y.37.13) [] [i]	606351	1927495
33	sensor02	Y.Y.32.42 (win98-exch-02.asdadada.net) [] [i]	585091	7279
79	sensor01	10.4.7.88 (r1603-pc-6-dl1.asdadada.net) [] [i]	562107	980668
81	sensor01	Y.Y.18.201 (Y.Y.18.201) [] [i]	502674	1101579
18	sensor02	Y.Y.32.45 (win98-exch-03.asdadada.net) [] [i]	476881	3816
97	sensor01	10.144.6.60 (10.144.6.60) [] [i]	467302	1641153
1	sensor02	64.12.137.3 (imo-m22.mx.aol.com) [] [i]	465596	201
24	sensor01	Y.Y.32.42 (win98-exch-02.asdadada.net) [] [i]	462893	5332
1	sensor02	69.54.78.61 (69.54.78.61) [] [i]	441830	201
102	sensor02	172.16.40.30 (ddspf01.asdadada.net) [] [i]	380995	3007769
1	sensor02	216.207.221.131 (ns1.quintiles.com) [] [i]	376533	125
27	sensor02	Y.Y.32.46 (win98-exch-04.asdadada.net) [] [i]	365925	5740
137	sensor02	172.16.40.31 (ddspf02.asdadada.net) [] [i]	336080	5058661
1	sensor02	128.135.134.156 (obg-server07.bsd.uchicago.edu) [] [i]	305304	201
102	sensor01	10.144.4.110 (10.144.4.110) [] [i]	291565	1310
2	sensor01	10.132.96.106 (10.132.96.106) [] [i]	259296	457
16	sensor01	Y.Y.32.46 (win98-exch-04.asdadada.net) [] [i]	247278	3491
51	sensor01	10.134.24.87 (10.134.24.87) [] [i]	227915	895914
76	sensor01	10.132.24.83 (10.132.24.83) [] [i]	211974	0
2	sensor02	129.105.16.57 (merle.it.northwestern.edu) [] [i]	190699	402
1	sensor01	4.79.142.6 (4.79.142.6) [] [i]	177304	0
57	sensor01	172.16.40.30 (ddspf01.asdadada.net) [] [i]	172214	1409755
3	sensor01	10.144.6.138 (10.144.6.138) [] [i]	157795	566

Last 10 minutes Top 40 source IP addresses ordered by total dst_bytes

no_conns	hostname	src_ip	total_src_bytes	total_dst_bytes
7595	sensor01	Y.Y.6.66 (sec010101.asdadada.net) [] [i]	5998047	50367817
6954	sensor01	Y.Y.8.75 (sec010104.asdadada.net) [] [i]	4603944	45373257
6288	sensor01	Y.Y.6.55 (sec010103.asdadada.net) [] [i]	4660067	41386912
4981	sensor01	Y.Y.8.25 (sec010102.asdadada.net) [] [i]	3657933	38454672
136	sensor02	172.16.40.31 (ddspf02.asdadada.net) [] [i]	335985	5058581
102	sensor02	172.16.40.30 (ddspf01.asdadada.net) [] [i]	380995	3007769
3	sensor01	Y.Y.15.53 (Y.Y.15.53) [] [i]	1457	2816546
61	sensor01	172.16.40.31 (ddspf02.asdadada.net) [] [i]	84839	1951799
112	sensor01	Y.Y.37.13 (Y.Y.37.13) [] [i]	606351	1927495
97	sensor01	10.144.6.60 (10.144.6.60) [] [i]	467302	1641153
57	sensor01	172.16.40.30 (ddspf01.asdadada.net) [] [i]	172214	1409755
2	sensor01	129.73.116.92 (129.73.116.92) [] [i]	24	1187893
81	sensor01	Y.Y.18.201 (Y.Y.18.201) [] [i]	502674	1101579
79	sensor01	10.4.7.88 (r1603-pc-6-dl1.asdadada.net) [] [i]	562107	980668
37	sensor01	Y.Y.16.254 (np0007e9f37020.asdadada.net) [] [i]	131686	928070
100	sensor02	Y.Y.6.55 (sec010103.asdadada.net) [] [i]	123381	916298
16	sensor02	Y.Y.18.201 (Y.Y.18.201) [] [i]	868763	912795
51	sensor01	10.134.24.87 (10.134.24.87) [] [i]	227915	895914
16	sensor02	172.16.40.51 (wbink1201.as123123dadada.net) [] [i]	20926	818460
526	sensor02	172.16.40.42 (172.16.40.42) [] [i]	17459434	657649
452	sensor02	172.16.40.41 (172.16.40.41) [] [i]	6781701	616220
39	sensor01	Y.Y.16.121 (r1301-pc-133-i.asdadada.net) [] [i]	56043	516213
9	sensor02	67.174.18.35 (c-67-174-18-35.hsd1.il.comcast.net) [] [i]	26033	473316
7	sensor01	10.132.82.87 (10.132.82.87) [] [i]	51999	472136
28	sensor02	Y.Y.8.75 (sec010104.asdadada.net) [] [i]	31940	369863
4	sensor02	65.173.228.59 (65.173.228.59) [] [i]	34802	365532
2	sensor02	160.79.193.7 (160.79.193.7) [] [i]	51205	347907
24	sensor02	Y.Y.8.25 (sec010102.asdadada.net) [] [i]	35709	331928
20	sensor02	66.54.251.2 (ex1.imginc.com) [] [i]	153755	256685
64	sensor01	10.4.7.159 (r1603-pc-5th-cb.asdadada.net) [] [i]	105058	245276
41	sensor01	Y.Y.16.176 (as123123dadada-1301-que10-a.asdadada.net) [] [i]	37438	232825
7	sensor01	10.140.8.67 (10.140.8.67) [] [i]	49990	226302
13	sensor02	66.238.135.226 (66.238.135.226.ptr.us.xo.net) [] [i]	21018	209418
13	sensor02	Y.Y.6.66 (sec010101.asdadada.net) [] [i]	14059	196028
16	sensor01	10.134.248.51 (10.134.248.51) [] [i]	35887	168129
16	sensor02	172.16.40.52 (wbink1202.as123123dadada.net) [] [i]	20741	130296
26	sensor01	Y.Y.17.29 (warcraft.asdadada.net) [] [i]	28843	121235
346	sensor01	X.X.17.2 (ns.as123123dadada.net) [] [i]	34935	119158
2	sensor02	65.38.251.102 (client102.achi.hawkcommunications.com) [] [i]	7793	92440
5	sensor02	24.12.189.139 (c-24-12-189-139.hsd1.il.comcast.net) [] [i]	21214	87013

top destination ports for conversations that had some traffic

dst_port

sessions_count

src_count

dst_count

src2dst_traffic

dst2src_traffic