Bug 9546 - tcpdump -n prints port names
Summary: tcpdump -n prints port names
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tcpdump   
(Show other bugs)
Version: 6.1
Hardware: i386 Linux
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
Depends On: 10739
TreeView+ depends on / blocked
Reported: 2000-02-18 13:05 UTC by Sarantis Paskalis
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-03-28 15:00:55 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Sarantis Paskalis 2000-02-18 13:05:05 UTC
tcpdump -n prints numerical IP addresses, but the name of the port.

From man tcpdump:
       -n     Don't convert addresses (i.e., host addresses, port
              numbers, etc.) to names.

tcpdump -n sample:
15:13:03.018987 eth0 < > P
2996:3072(76) ack 1 win 17520 (DF)

instead of 80, www is printed. I have seen this behavior in 6.1 and in
6.2beta, maybe it exists in previous versions too. Is this intentional?

Comment 1 Jeff Johnson 2000-05-15 12:26:59 UTC
Yes. In order to avoid unnecessary network lookup traffic (the underlying
reason for adding -n), ANK's tcpdump looks up common values for portnames
internally. Possibly the behavior of -n should be preserved even in the internal
lookup in order to produce similar output as before, but that can be achieved
with a shell wrapper if absolutely necessary.

Comment 2 Jeff Johnson 2000-07-11 18:39:46 UTC
FIxed (by updating man page) in tcpdump-3.4-22.

Comment 3 JP Vossen 2001-03-24 09:34:00 UTC
This breaks nstreams (ftp://cvs.nessus.org/pub/nstreams/) a tcpdump file
parser that requires that -n actually work.  I understand the "spirit" of -n
in reducing traffic, but personally, I'd rather something work one way, or the
other, but not mixed -- as is the present case with -n.

I'd STRONGLY prefer that -n work correctly, but absent that you mention a
shell wrapper -- can you elaborate on that?  I understand what you mean, but
have no idea how to implement it.

BTW, the reason I want to use tcpdump -n rather than the built-in nstreams
capture is to capture ALL the RAW data.  I can then use nstreams and/or other
tools to analyze the data.  If I capture with nstreams, well...

I also installed tcpdump-3.4-29.i386.rpm (my system is RH6.2) in an attempt to
get a fix.  Needless to say, it did not work, but I also did not see any
changes in the man page, per "FIxed (by updating man page) in tcpdump-3.4-22."

Comment 4 Harald Hoyer 2001-03-28 15:00:51 UTC
tcpdump -nn does it's job without printing port names .. 

Note You need to log in before you can comment on or make changes to this bug.