> Actually, it stores > port 80 as 20480 and it stores other port numbers differently from they are > supposed to be. Anyone knows the reason? Is it a kind of one to one mapping? As I already told you via private email, you are looking at the little-endian version of 80 rather than the big-endian. Vern