Join Log in
Score:1
Denver123 avatar Server

tcpdump output has a different hostname

br flag
Denver123

Sorry in advance for the simple question, but I'm trying to educate myself on tcpdump and networks.

I'm tracing all traffic going to a certain host with

tcpdump -SX -i any dst host host.site.com

However, in the tcpdump output I see a different domain printed out, something like edge-123.site.com.

I pinged both URLs and they have the same IP, so that's the traffic I was querying for.

What I would like to understand why do I get a different hostname in the output and how can I prevent that from happening? Thanks.

125
0 + 0
Score:1
Michael Hampton avatar Server
cz flag
Michael Hampton

You got a different hostname because tcpdump looked up the PTR record for the IP address and used that in its display.

You can turn off hostname lookups and show only IP addresses with the -n option.

You may also want to use it twice, to avoid printing protocol and port names (e.g. 25 instead of smtp).

From the man page:

       -n     Don't convert host addresses to names.   This  can  be  used  to
              avoid DNS lookups.

       -nn    Don't convert protocol and port numbers etc. to names either.
0 + 0
Denver123 avatar
br flag
Denver123
Thank you! One more question, what is the PTR record for the IP address? Is that a DNS thing?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.