How to make tcpdump output without address to name conversion ?

ABOUT tcpdump

tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.[3] Distributed under the BSD license,[4] tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, FreeBSD, DragonFly BSD, NetBSD, OpenBSD, OpenWrt, macOS, HP-UX 11i, and AIX. In those systems, tcpdump uses the libpcap library to capture packets. The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows port of libpcap

TYPICAL SHELL EXPOSURE OF tcpdump
[bash]
$tcpdump -i wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 100535 bytes
22:57:07.2100693 IP pop-star.mail.vip.gq1.yahoo.com.pop3 > debian.local.52114: Flags [.], ack 1661258925, win 122, options [nop,nop,TS val 2173829932 ecr 976272], length 0
22:57:07.268298 IP debian.local.51864 > 192.168.0.1.domain: 46776+ PTR? 100.0.168.192.in-addr.arpa. (44)
22:57:07.313780 IP 192.168.0.1.domain > debian.local.51864: 46776 NXDomain 0/0/0 (44)
22:57:07.415737 IP6 fe80::217:3fff:fed4:5a91.mdns > ff02::fb.mdns: 0 PTR (QM)? 100.0.168.192.in-addr.arpa. (44)
^C22:57:07.415957 IP debian.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 100.0.168.192.in-addr.arpa. (44)

5 packets captured
142 packets received by filter
107 packets dropped by kernel
$tcpdump -n -i wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 100535 bytes
22:57:22.254749 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 860083963:860084020, ack 1661259730, win 122, options [nop,nop,TS val 2173844920 ecr 979981], length 57
22:57:22.255313 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 57, win 12869, options [nop,nop,TS val 980091 ecr 2173844920], length 0
22:57:22.256184 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [P.], seq 1:36, ack 57, win 12870, options [nop,nop,TS val 980092 ecr 2173844920], length 35
22:57:22.294674 IP 82.99.16.155.6667 > 192.168.0.100.60770: Flags [P.], seq 19625001006:1962500836, ack 144138462, win 362, options [nop,nop,TS val 613570724 ecr 975277], length 180
22:57:22.294781 IP 192.168.0.100.60770 > 82.99.16.155.6667: Flags [.], ack 180, win 1315, options [nop,nop,TS val 980101 ecr 613570724], length 0
22:57:22.535975 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], ack 36, win 122, options [nop,nop,TS val 2173845201 ecr 980092], length 0
22:57:22.720623 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 57:99, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 42
22:57:22.726386 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 99:1529, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
22:57:22.726775 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 1529, win 12824, options [nop,nop,TS val 980209 ecr 2173845386], length 0
22:57:22.731894 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 1529:2959, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
22:57:22.736723 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 2959:4389, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
22:57:22.737038 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 4389, win 12819, options [nop,nop,TS val 980212 ecr 2173845386], length 0
22:57:22.742285 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 4389:5819, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
22:57:22.747851 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 5819:7249, ack 36, win 122, options [nop,nop,TS val 2173845386 ecr 980092], length 1430
22:57:22.748190 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 7249, win 12870, options [nop,nop,TS val 980215 ecr 2173845386], length 0
^C
15 packets captured
15 packets received by filter
0 packets dropped by kernel
$tcpdump -n -i wlan0 not port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 100535 bytes
23:00:14.805331 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 861355518:861356469, ack 1661268445, win 122, options [nop,nop,TS val 2174017454 ecr 1023161], length 951
23:00:14.844066 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 951, win 12870, options [nop,nop,TS val 1023239 ecr 2174017454], length 0
23:00:14.853690 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [P.], seq 1:36, ack 951, win 12870, options [nop,nop,TS val 1023241 ecr 2174017454], length 35
23:00:15.119868 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], ack 36, win 122, options [nop,nop,TS val 2174017773 ecr 1023241], length 0
23:00:15.283763 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 951:1008, ack 36, win 122, options [nop,nop,TS val 2174017936 ecr 1023241], length 57
23:00:15.284105 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 1008, win 12869, options [nop,nop,TS val 1023349 ecr 2174017936], length 0
23:00:15.284884 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [P.], seq 36:71, ack 1008, win 12870, options [nop,nop,TS val 1023349 ecr 2174017936], length 35
23:00:15.551697 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], ack 71, win 122, options [nop,nop,TS val 2174018206 ecr 1023349], length 0
23:00:15.745497 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [P.], seq 1008:1050, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 42
23:00:15.750532 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 1050:2480, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 1430
23:00:15.750619 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 2480, win 12824, options [nop,nop,TS val 10234100 ecr 2174018397], length 0
23:00:15.754352 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 2480:3910, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 1430
23:00:15.759837 IP 216.39.54.67.110 > 192.168.0.100.52114: Flags [.], seq 3910:5340, ack 71, win 122, options [nop,nop,TS val 2174018397 ecr 1023349], length 1430
23:00:15.760213 IP 192.168.0.100.52114 > 216.39.54.67.110: Flags [.], ack 5340, win 12819, options [nop,nop,TS val 1023468 ecr 2174018397], length 0
^C
14 packets captured
14 packets received by filter
0 packets dropped by kernel
$
[/bash]
TYPICAL RELATED SOURCE EXPOSURE
[c]
struct netdissect_options {
int ndo_bflag; /* print 4 byte ASes in ASDOT notation */
int ndo_eflag; /* print ethernet header */
int ndo_fflag; /* don’t translate "foreign" IP address */
int ndo_Kflag; /* don’t check TCP checksums */
int ndo_nflag; /* leave addresses as numbers */
.
.
.
.
.
.
[/c]
[c]
case ‘n’:
++ndo->ndo_nflag;
break;
[/c]

TYPICAL SOURCE CODE TAKEN FROM DEBIAN SOURCE PACKAGE tcpdump

RELATED LINKS
https://en.wikipedia.org/wiki/Tcpdump
https://opensource.com/article/18/10/introduction-tcpdump
https://www.ibm.com/support/knowledgecenter/en/SS2MBL_9.0.2/Troubleshooting/CX/TblS-Cap/AdditionalTcpdumpCommands_56.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s