在Linux系统上,使用TCPDump进行网络数据包捕获时,有可能会出现上述报错。这是因为TCPDump试图使用Linux kernel 3.0版本之后才引入的一种新的数据包捕获机制TPACKET_V2,但是该机制并不兼容早期版本的Linux kernel,所以就会出现操作不支持的报错。
解决该问题的方法是,可以在命令行中指定使用旧的数据包捕获机制,如下所示:
sudo tcpdump -i eth0 -s 0 -w output.pcap -C 32 -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root -Z root