tcpdump指定网卡抓不到包

Question

有以下链接

tcp        0      0 xx.xxx.xxx.200:37868    xx.xxx.xxx.200:8912     ESTABLISHED

这是同一主机上的连接，ifconfig查看本机IP如下：

em1: flags=41xx.xxx.xxxT,RUNNING,MULTICAST>  mtu 1500
        inet 10.100.120.200  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        inet6 xxxxxxxxxxxxxxxxxx  prefixlen 64  scopeid 0x20<link>
        ether xxxxxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        RX packets 23533445831  bytes 12254750999380 (11.1 TiB)
        RX errors 0  dropped 201  overruns 0  frame 0
        TX packets 27314081080  bytes 20721227957904 (18.8 TiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 18  

em1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.197  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        device interrupt 18  

em1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.198  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        device interrupt 18  

em1:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.215  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxx  txqueuelen 1000  (Ethernet)
        device interrupt 18  

em1:4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xxx.xxx.133  netmask 255.255.255.0  broadcast xx.xxx.xxx.255
        ether xxxxxxxxxxxxx txqueuelen 1000  (Ethernet)
        device interrupt 18  

em2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
....

em1 有虚拟网卡

tcpdump -i em1 tcp port 37868 什么也抓不到，只有tcpdump -i any 才能抓到37868端口的数据，请问是什么原因？

Answer 1

既然是本机自连，数据包经过 lo，不是 em1。

试一下这样 tcpdump -i lo tcp port 37868。