Bug 213968
Summary: | tcpdump prints erroneously large port numbers | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Wolfgang Rupprecht <wolfgang.rupprecht> |
Component: | tcpdump | Assignee: | Miroslav Lichvar <mlichvar> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-11-07 08:21:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Wolfgang Rupprecht
2006-11-04 00:52:26 UTC
Can you send me a file created with tcpdump -w, which shows the large port number? (In reply to comment #1) > Can you send me a file created with tcpdump -w, which shows the large port number? I've only seen the large port numbers occur with nfs over udp packets. Unfortunately, tcpdumps of nfs traffic is the one thing I feel very uncomfortable posting. Looking at the code in /usr/src/redhat/BUILD/tcpdump-3.9.4/tcpdump-3.9.4/print-nfs.c nfsreply_print and nfsreq_print, it appears that the large numbers that are printed in the port-number position are not the port numbers at all but the XID (some 32-bit nfs transaction ID number). Just to make it more confusing, the "port" number printed for the server's side of the address.port is indeed the nfs port. It is only the client's side that gets the XID printed where tcpdump normally prints the port number. This is a highly confusing interface design, and will probably continue to be flagged as a bug until it is changed. It isn't a coding error though. Ok, thanks for the analysis. But I have to close it as NOTABUG since it's documented in the man page. Output of tcpdump is protocol dependent and for NFS requests and replies the transaction id is printed. |