Bug 9546
| Summary: | tcpdump -n prints port names | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Sarantis Paskalis <paskalis> |
| Component: | tcpdump | Assignee: | Harald Hoyer <harald> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.1 | CC: | jbj |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-03-28 15:00:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 10739 | ||
| Bug Blocks: | |||
Yes. In order to avoid unnecessary network lookup traffic (the underlying reason for adding -n), ANK's tcpdump looks up common values for portnames internally. Possibly the behavior of -n should be preserved even in the internal lookup in order to produce similar output as before, but that can be achieved with a shell wrapper if absolutely necessary. FIxed (by updating man page) in tcpdump-3.4-22. This breaks nstreams (ftp://cvs.nessus.org/pub/nstreams/) a tcpdump file parser that requires that -n actually work. I understand the "spirit" of -n in reducing traffic, but personally, I'd rather something work one way, or the other, but not mixed -- as is the present case with -n. I'd STRONGLY prefer that -n work correctly, but absent that you mention a shell wrapper -- can you elaborate on that? I understand what you mean, but have no idea how to implement it. BTW, the reason I want to use tcpdump -n rather than the built-in nstreams capture is to capture ALL the RAW data. I can then use nstreams and/or other tools to analyze the data. If I capture with nstreams, well... I also installed tcpdump-3.4-29.i386.rpm (my system is RH6.2) in an attempt to get a fix. Needless to say, it did not work, but I also did not see any changes in the man page, per "FIxed (by updating man page) in tcpdump-3.4-22." tcpdump -nn does it's job without printing port names .. |
tcpdump -n prints numerical IP addresses, but the name of the port. From man tcpdump: -n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. tcpdump -n sample: 15:13:03.018987 eth0 < 207.25.253.24.www > 195.134.67.52.1988: P 2996:3072(76) ack 1 win 17520 (DF) instead of 80, www is printed. I have seen this behavior in 6.1 and in 6.2beta, maybe it exists in previous versions too. Is this intentional?