{"id":7982,"date":"2012-12-18T17:24:08","date_gmt":"2012-12-18T17:24:08","guid":{"rendered":"http:\/\/www.beautifulwork.org\/?p=7982"},"modified":"2012-12-18T17:24:08","modified_gmt":"2012-12-18T17:24:08","slug":"tcpdump-no-conversion-of-addresses-to-names","status":"publish","type":"post","link":"https:\/\/www.trueangle.org\/index.php\/2012\/12\/18\/tcpdump-no-conversion-of-addresses-to-names\/","title":{"rendered":"How to make tcpdump output without address to name conversion ?"},"content":{"rendered":"

ABOUT tcpdump<\/u><\/p>\n

\ntcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP\/IP and other packets being transmitted or received over a network to which the computer is attached.[3] Distributed under the BSD license,[4] tcpdump is free software.\n\nTcpdump works on most Unix-like operating systems: Linux, Solaris, FreeBSD, DragonFly BSD, NetBSD, OpenBSD, OpenWrt, macOS, HP-UX 11i, and AIX. In those systems, tcpdump uses the libpcap library to capture packets. The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows port of libpcap\n<\/pre>\n
TYPICAL SHELL EXPOSURE OF tcpdump<\/u>
\n[bash]
\n$tcpdump  -i wlan0
\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode
\nlistening on wlan0, link-type EN10MB (Ethernet), capture size 100535 bytes
\n22:57:07.2100693 IP pop-star.mail.vip.gq1.yahoo.com.pop3 > debian.local.52114: Flags [.], ack 1661258925, win 122, options [nop,nop,TS val 2173829932 ecr 976272], length 0
\n22:57:07.268298 IP debian.local.51864 > 192.168.0.1.domain: 46776+ PTR? 100.0.168.192.in-addr.arpa. (44)
\n22:57:07.313780 IP 192.168.0.1.domain > debian.local.51864: 46776 NXDomain 0\/0\/0 (44)
\n22:57:07.415737 IP6 fe80::217:3fff:fed4:5a91.mdns > ff02::fb.mdns: 0 PTR (QM)? 100.0.168.192.in-addr.arpa. (44)
\n^C22:57:07.415957 IP debian.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 100.0.168.192.in-addr.arpa. (44)<\/p>\n
5 packets captured
\n142 packets received by filter
\n107 packets dropped by kernel
\n$tcpdump  -n -i wlan0
\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode
\nlistening on wlan0, link-type EN10MB (Ethernet), capture size 100535 bytes
\n22:57:22.254749 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 860083963:860084020, ack 1661259730, win 122, options [nop,nop,TS val 2173844920 ecr 979981], length 57
\n22:57:22.255313 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 57, win 12869, options [nop,nop,TS val 980091 ecr 2173844920], length 0
\n22:57:22.256184 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [P.], seq 1:36, ack 57, win 12870, options [nop,nop,TS val 980092 ecr 2173844920], length 35
\n22:57:22.294674 IP 82.99.16.155.6667 > 192.168.0.100.60770: Flags [P.], seq 19625001006:1962500836, ack 144138462, win 362, options [nop,nop,TS val 613570724 ecr 975277], length 180
\n22:57:22.294781 IP 192.168.0.100.60770 > 82.99.16.155.6667: Flags [.], ack 180, win 1315, options [nop,nop,TS val 980101 ecr 613570724], length 0
\n22:57:22.535975 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], ack 36, win 122, options [nop,nop,TS val 2173845201 ecr 980092], length 0
\n22:57:22.720623 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 57:99, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 42
\n22:57:22.726386 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 99:1529, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
\n22:57:22.726775 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 1529, win 12824, options [nop,nop,TS val 980209 ecr 2173845386], length 0
\n22:57:22.731894 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 1529:2959, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
\n22:57:22.736723 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 2959:4389, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
\n22:57:22.737038 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 4389, win 12819, options [nop,nop,TS val 980212 ecr 2173845386], length 0
\n22:57:22.742285 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 4389:5819, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
\n22:57:22.747851 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 5819:7249, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
\n22:57:22.748190 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 7249, win 12870, options [nop,nop,TS val 980215 ecr 2173845386], length 0
\n^C
\n15 packets captured
\n15 packets received by filter
\n0 packets dropped by kernel
\n$tcpdump  -n -i wlan0 not port 80
\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode
\nlistening on wlan0, link-type EN10MB (Ethernet), capture size 100535 bytes
\n23:00:14.805331 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 861355518:861356469, ack 1661268445, win 122, options [nop,nop,TS val 2174017454 ecr 1023161], length 951
\n23:00:14.844066 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 951, win 12870, options [nop,nop,TS val 1023239 ecr 2174017454], length 0
\n23:00:14.853690 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [P.], seq 1:36, ack 951, win 12870, options [nop,nop,TS val 1023241 ecr 2174017454], length 35
\n23:00:15.119868 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], ack 36, win 122, options [nop,nop,TS val 2174017773 ecr 1023241], length 0
\n23:00:15.283763 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 951:1008, ack 36, win 122, options [nop,nop,TS val 2174017936 ecr 1023241], length 57
\n23:00:15.284105 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 1008, win 12869, options [nop,nop,TS val 1023349 ecr 2174017936], length 0
\n23:00:15.284884 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [P.], seq 36:71, ack 1008, win 12870, options [nop,nop,TS val 1023349 ecr 2174017936], length 35
\n23:00:15.551697 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], ack 71, win 122, options [nop,nop,TS val 2174018206 ecr 1023349], length 0
\n23:00:15.745497 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 1008:1050, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 42
\n23:00:15.750532 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 1050:2480, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 1430
\n23:00:15.750619 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 2480, win 12824, options [nop,nop,TS val 10234100 ecr 2174018397], length 0
\n23:00:15.754352 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 2480:3910, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 1430
\n23:00:15.759837 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 3910:5340, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 1430
\n23:00:15.760213 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 5340, win 12819, options [nop,nop,TS val 1023468 ecr 2174018397], length 0
\n^C
\n14 packets captured
\n14 packets received by filter
\n0 packets dropped by kernel
\n$
\n[\/bash]
\nTYPICAL RELATED SOURCE EXPOSURE<\/u>
\n[c]
\nstruct netdissect_options {
\n  int ndo_bflag;\t\t\/* print 4 byte ASes in ASDOT notation *\/
\n  int ndo_eflag;\t\t\/* print ethernet header *\/
\n  int ndo_fflag;\t\t\/* don’t translate "foreign" IP address *\/
\n  int ndo_Kflag;\t\t\/* don’t check TCP checksums *\/
\n  int ndo_nflag;\t\t\/* leave addresses as numbers *\/
\n.
\n.
\n.
\n.
\n.
\n.
\n[\/c]
\n[c]
\ncase ‘n’:
\n\t\t\t++ndo->ndo_nflag;
\n\t\t\tbreak;
\n[\/c]<\/p>\n
TYPICAL SOURCE CODE TAKEN FROM DEBIAN SOURCE PACKAGE tcpdump<\/p>\n
RELATED LINKS
\nhttps:\/\/en.wikipedia.org\/wiki\/Tcpdump<\/a>
\nhttps:\/\/opensource.com\/article\/18\/10\/introduction-tcpdump<\/a>
\nhttps:\/\/www.ibm.com\/support\/knowledgecenter\/en\/SS2MBL_9.0.2\/Troubleshooting\/CX\/TblS-Cap\/AdditionalTcpdumpCommands_56.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
ABOUT tcpdump tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP\/IP and other packets being transmitted or received over a network to which the computer is attached.[3] Distributed under the BSD license,[4] tcpdump is free software. Tcpdump works on most Unix-like operating systems: Linux, Solaris, … <\/p>\n
Continue reading “How to make tcpdump output  without address to name conversion ?”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[19],"tags":[1158,1224,1551],"_links":{"self":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/posts\/7982"}],"collection":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/comments?post=7982"}],"version-history":[{"count":0,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/posts\/7982\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/media?parent=7982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/categories?post=7982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.trueangle.org\/index.php\/wp-json\/wp\/v2\/tags?post=7982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}