diff --git a/CHANGELOG b/CHANGELOG
index ad95a3149..fe89a0bea 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -111,6 +111,10 @@ o A script could be executed twice if it was given with the --script
   option, also in the "version" category, and version detection (-sV)
   was requested. This has been fixed. [David]
 
+o Fixed port number representation in some of Nmap's and all of Nsock's
+  output.  Incorrect conversion modifiers were being used which caused
+  high ports to wrap around and be shown as negative values. [Kris]
+
 o Upgraded the shipped libdnet to 1.12. [Kris]
 
 o Upgraded the OpenSSL shipped for Windows to 0.9.8i. [Kris]
diff --git a/scan_engine.cc b/scan_engine.cc
index fcd4186e0..ce9c1d537 100644
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -2394,7 +2394,7 @@ static bool ultrascan_port_pspec_update(UltraScanInfo *USI,
   }
   else oldstate = currentp->state;
 
-  /*    printf("TCP port %hi has changed from state %s to %s!\n", portno, statenum2str(oldstate), statenum2str(newstate)); */
+  /*    printf("TCP port %hu has changed from state %s to %s!\n", portno, statenum2str(oldstate), statenum2str(newstate)); */
   switch(oldstate) {
     /* TODO: I need more code here to determine when a state should
        be overridden, for example PORT_OPEN trumps PORT_FIREWALLED
@@ -3437,7 +3437,7 @@ static bool do_one_select_round(UltraScanInfo *USI, struct timeval *stime) {
 	    
 	    if (res < 0 ) {
 	      if (o.debugging > 1) {
-		log_write(LOG_STDOUT, "Bad port %hi caught by 0-byte write: ",
+		log_write(LOG_STDOUT, "Bad port %hu caught by 0-byte write: ",
 			  pport);
 		perror("");
 	      }
@@ -4460,7 +4460,7 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
         }
 
         if (o.debugging)
-          log_write(LOG_STDOUT, "We got a TCP ping packet back from %s port %hi (trynum = %d)\n", inet_ntoa(ip->ip_src), ntohs(tcp->th_sport), trynum);
+          log_write(LOG_STDOUT, "We got a TCP ping packet back from %s port %hu (trynum = %d)\n", inet_ntoa(ip->ip_src), ntohs(tcp->th_sport), trynum);
       }
     } else if (ip->ip_p == IPPROTO_UDP && USI->ptech.rawudpscan) {
       struct udp_hdr *udp = (struct udp_hdr *) (((char *) ip) + 4 * ip->ip_hl);
@@ -4508,7 +4508,7 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
         current_reason = ER_UDPRESPONSE;
 
         if (o.debugging)
-          log_write(LOG_STDOUT, "In response to UDP-ping, we got UDP packet back from %s port %hi (trynum = %d)\n", inet_ntoa(ip->ip_src), htons(udp->uh_sport), trynum);
+          log_write(LOG_STDOUT, "In response to UDP-ping, we got UDP packet back from %s port %hu (trynum = %d)\n", inet_ntoa(ip->ip_src), htons(udp->uh_sport), trynum);
       }
     } else if (!USI->ptech.rawprotoscan && o.debugging) {
       error("Found whacked packet protocol %d in %s.", ip->ip_p, __func__);
diff --git a/service_scan.cc b/service_scan.cc
index 4f6cc6c8b..a1bc2f7f8 100644
--- a/service_scan.cc
+++ b/service_scan.cc
@@ -1838,7 +1838,7 @@ static int scanThroughTunnel(nsock_pool nsp, nsock_iod nsi, ServiceGroup *SG,
     return 0; // Not SSL
 
   // Alright!  We are going to start the tests over using SSL
-  // printf("DBG: Found SSL service on %s:%hi - starting SSL scan\n", svc->target->NameIP(), svc->portno);
+  // printf("DBG: Found SSL service on %s:%hu - starting SSL scan\n", svc->target->NameIP(), svc->portno);
   svc->tunnel = SERVICE_TUNNEL_SSL;
   svc->probe_matched = NULL;
   svc->product_matched[0] = svc->version_matched[0] = svc->extrainfo_matched[0] = '\0';
@@ -1968,7 +1968,7 @@ static int launchSomeServiceProbes(nsock_pool nsp, ServiceGroup *SG) {
       fatal("Failed to allocate Nsock I/O descriptor in %s()", __func__);
     }
     if (o.debugging > 1) {
-      log_write(LOG_PLAIN, "Starting probes against new service: %s:%hi (%s)\n", svc->target->targetipstr(), svc->portno, proto2ascii(svc->proto));
+      log_write(LOG_PLAIN, "Starting probes against new service: %s:%hu (%s)\n", svc->target->targetipstr(), svc->portno, proto2ascii(svc->proto));
     }
     if (o.spoofsource) {
       o.SourceSockAddr(&ss, &ss_len);
@@ -2140,20 +2140,20 @@ static void servicescan_read_handler(nsock_pool nsp, nsock_event nse, void *myda
       // WOO HOO!!!!!!  MATCHED!  But might be soft
       if (MD->isSoft && svc->probe_matched) {
 	if (strcmp(svc->probe_matched, MD->serviceName) != 0)
-	  error("WARNING:  service %s:%hi had allready soft-matched %s, but now soft-matched %s; ignoring second value", svc->target->NameIP(), svc->portno, svc->probe_matched, MD->serviceName);
+	  error("WARNING:  service %s:%hu had allready soft-matched %s, but now soft-matched %s; ignoring second value", svc->target->NameIP(), svc->portno, svc->probe_matched, MD->serviceName);
 	// No error if its the same - that happens frequently.  For
 	// example, if we read more data for the same probe response
 	// it will probably still match.
       } else {
 	if (o.debugging > 1) {
 	  if (MD->product || MD->version || MD->info)
-	    log_write(LOG_PLAIN, "Service scan match (Probe %s matched with %s): %s:%hi is %s%s.  Version: |%s|%s|%s|\n",
+	    log_write(LOG_PLAIN, "Service scan match (Probe %s matched with %s): %s:%hu is %s%s.  Version: |%s|%s|%s|\n",
                       probe->getName(), (*probe->fallbacks[fallbackDepth]).getName(),
 		      svc->target->NameIP(), svc->portno, (svc->tunnel == SERVICE_TUNNEL_SSL)? "SSL/" : "", 
 		      MD->serviceName, (MD->product)? MD->product : "", (MD->version)? MD->version : "", 
 		      (MD->info)? MD->info : "");
 	  else
-	    log_write(LOG_PLAIN, "Service scan %s match (Probe %s matched with %s): %s:%hi is %s%s\n",
+	    log_write(LOG_PLAIN, "Service scan %s match (Probe %s matched with %s): %s:%hu is %s%s\n",
                       (MD->isSoft)? "soft" : "hard",
                       probe->getName(), (*probe->fallbacks[fallbackDepth]).getName(),
 		      svc->target->NameIP(), svc->portno, (svc->tunnel == SERVICE_TUNNEL_SSL)? "SSL/" : "", MD->serviceName);