tcpdump指定网卡抓不到包

小鸟向前飞
  • 16

有以下链接

tcp        0      0 xx.xxx.xxx.200:37868    xx.xxx.xxx.200:8912     ESTABLISHED

这是同一主机上的连接,ifconfig查看本机IP如下:

em1: flags=41xx.xxx.xxxT,RUNNING,MULTICAST>  mtu 1500
        inet 10.100.120.200  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        inet6 xxxxxxxxxxxxxxxxxx  prefixlen 64  scopeid 0x20<link>
        ether xxxxxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        RX packets 23533445831  bytes 12254750999380 (11.1 TiB)
        RX errors 0  dropped 201  overruns 0  frame 0
        TX packets 27314081080  bytes 20721227957904 (18.8 TiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 18  

em1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.197  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        device interrupt 18  

em1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.198  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        device interrupt 18  

em1:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.215  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        device interrupt 18  

em1:4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.133  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxx txqueuelen 1000  (Ethernet)
        device interrupt 18  

em2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
....

em1 有虚拟网卡

tcpdump -i em1 tcp port 37868 什么也抓不到,只有tcpdump -i any 才能抓到37868端口的数据,请问是什么原因?

回复
阅读 1.7k
1 个回答
✓ 已被采纳

既然是本机自连,数据包经过 lo,不是 em1

试一下这样 tcpdump -i lo tcp port 37868

撰写回答
你尚未登录,登录后可以
  • 和开发者交流问题的细节
  • 关注并接收问题和回答的更新提醒
  • 参与内容的编辑和改进,让解决方法与时俱进
宣传栏