tcpdump does not display packets seen by Wireshark

Question

The host (seen below) receives DNS requests from another host on the same network. It has port UDP/53 closed, still the packets are displayed by Wireshark.

Indeed, the are requests sent to 192.168.16.2 on port UDP/53, so the expression should be right:

tcpdump -v -s0 udp and dst port 53 and dst 192.168.16.2

If I do:

tcpdump -v -s0 udp

the DNS requests aren't displayed either.

Why doesn't tcpdump display the DNS requests, and how can I make it display them?

Answer 1

If your machine has several network interfaces, then you also need to set the interface to listen on using the -i option.

Your expression would then read:

tcpdump -v -s0 -i eth1 udp and dst port 53 and dst 192.168.16.2