tcpdump - resolve IP and skip resolving ports

tcpdump
Jakub M. picture Jakub M. · Nov 6, 2013 · Viewed 71.2k times · Source

How to tell tcpdump to resolve names and leave the port numbers unresolved?

From man:

-n     Don’t convert host addresses to names.  This can be used to avoid DNS lookups.
-nn    Don’t convert protocol and port numbers etc. to names either.

setting tcpdump -nn skips the resolution for both addresses and ports.

Answer

Latheesan picture Latheesan · Nov 6, 2013

Have you tried -nnvvS (Don't resolve DNS or Port names, be more verbose when printing info, print the absolute sequence numbers)

Src: http://www.ihtb.org/security/tcpdump-explained.txt (archived, original link dead)

Related questions

Can I use tcpdump to get HTTP requests, response header and response body?

I am using tcpdump to get HTTP data by executing the below command: sudo tcpdump -A -s 1492 dst port 80 The result of above command: Headers, I think request and response headers. Unreadable data. The url GET /modules/mod_news_pro_…

Read More
Monitor network activity in Android Phones

I would like to monitor network traffic of my Android Phone. I was thinking using tcpdump for Android, but I'm not sure if I have to cross-compile for the phone. Another question is the following, If I want to monitor …

Read More
How can I have tcpdump write to file and standard output the appropriate data?

I want to have tcpdump write raw packet data into a file and display packet analysis in standard output as the packets are captured (by analysis I mean the lines it displays normally when -w is missing). Can anybody please …

Read More