~からTCPDUMP(1)
-i interface --interface=interface Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback)
ip addr出力では、構成と「上」の両方で物理が仮想のenp0s3前に来ます。ifb0ただし、tcpdumpはifb0デフォルトで次のものを選択します。
# tcpdump -nn "port 53"
listening on ifb0, link-type EN10MB (Ethernet), capture size 262144 bytes
# ip addr
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:00:d1:69 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
valid_lft 86105sec preferred_lft 86105sec
inet6 fe80::c7b0:9bbc:90cd:2bae/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc netem state UNKNOWN group default qlen 32
link/ether 3a:d6:ac:0d:23:31 brd ff:ff:ff:ff:ff:ff
inet6 fe80::38d6:acff:fe0d:2331/64 scope link
valid_lft forever preferred_lft forever