tcpdump - prevent interpreting/decoding protocols

Question

Is there a way to stop tcpdump from (mis)interpreting protocols in captured packets?

It assumes that traffic coming from port 4500/udp is always IPSec traffic, 53/udp is DNS query, etc and tries to decode it. That's a problem for me because I can't parse the output properly.

score 4 · Accepted Answer · answered Jun 03 '16 at 10:04

4

You can use the '-q' option to remove the content decoding. You can maybe add the '-A' to see in ASCII the content of the packets, or -dd to see in C format.

answered Jun 03 '16 at 10:04

Dom

6,628
1
19
24

You might also try the `-nn` flag to prevent host and port name resolution. – Jeremy Dover Jun 03 '16 at 11:14

tcpdump - prevent interpreting/decoding protocols

1 Answers1