tcpdump output has a different hostname
Sorry in advance for the simple question, but I'm trying to educate myself on tcpdump and networks.
I'm tracing all traffic going to a certain host with
tcpdump -SX -i any dst host host.site.com
However, in the tcpdump output I see a different domain printed out, something like
edge-123.site.com
.
I pinged both URLs and they have the same IP, so that's the traffic I was querying for.
What I would like to understand why do I get a different hostname in the output and how can I prevent that from happening? Thanks.
Solution 1:
You got a different hostname because tcpdump looked up the PTR record for the IP address and used that in its display.
You can turn off hostname lookups and show only IP addresses with the -n
option.
You may also want to use it twice, to avoid printing protocol and port names (e.g. 25
instead of smtp
).
From the man page:
-n Don't convert host addresses to names. This can be used to
avoid DNS lookups.
-nn Don't convert protocol and port numbers etc. to names either.