Bug 9546 - tcpdump -n prints port names
tcpdump -n prints port names
Product: Red Hat Linux
Classification: Retired
Component: tcpdump (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
Depends On: 10739
  Show dependency treegraph
Reported: 2000-02-18 08:05 EST by Sarantis Paskalis
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-03-28 10:00:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sarantis Paskalis 2000-02-18 08:05:05 EST
tcpdump -n prints numerical IP addresses, but the name of the port.

From man tcpdump:
       -n     Don't convert addresses (i.e., host addresses, port
              numbers, etc.) to names.

tcpdump -n sample:
15:13:03.018987 eth0 < > P
2996:3072(76) ack 1 win 17520 (DF)

instead of 80, www is printed. I have seen this behavior in 6.1 and in
6.2beta, maybe it exists in previous versions too. Is this intentional?
Comment 1 Jeff Johnson 2000-05-15 08:26:59 EDT
Yes. In order to avoid unnecessary network lookup traffic (the underlying
reason for adding -n), ANK's tcpdump looks up common values for portnames
internally. Possibly the behavior of -n should be preserved even in the internal
lookup in order to produce similar output as before, but that can be achieved
with a shell wrapper if absolutely necessary.
Comment 2 Jeff Johnson 2000-07-11 14:39:46 EDT
FIxed (by updating man page) in tcpdump-3.4-22.
Comment 3 JP Vossen 2001-03-24 04:34:00 EST
This breaks nstreams (ftp://cvs.nessus.org/pub/nstreams/) a tcpdump file
parser that requires that -n actually work.  I understand the "spirit" of -n
in reducing traffic, but personally, I'd rather something work one way, or the
other, but not mixed -- as is the present case with -n.

I'd STRONGLY prefer that -n work correctly, but absent that you mention a
shell wrapper -- can you elaborate on that?  I understand what you mean, but
have no idea how to implement it.

BTW, the reason I want to use tcpdump -n rather than the built-in nstreams
capture is to capture ALL the RAW data.  I can then use nstreams and/or other
tools to analyze the data.  If I capture with nstreams, well...

I also installed tcpdump-3.4-29.i386.rpm (my system is RH6.2) in an attempt to
get a fix.  Needless to say, it did not work, but I also did not see any
changes in the man page, per "FIxed (by updating man page) in tcpdump-3.4-22."
Comment 4 Harald Hoyer 2001-03-28 10:00:51 EST
tcpdump -nn does it's job without printing port names .. 

Note You need to log in before you can comment on or make changes to this bug.