tcpdump: NFLOG link-layer type filtering not implemented

petulia3478

Man page for tcpdump: https://www.lightnetics.com/post/3769

-L
--list-data-link-types
List the known data link types for the interface, in the speci‐
fied mode, and exit. The list of known data link types may be
dependent on the specified mode; for example, on some platforms,
a Wi-Fi interface might support one set of data link types when
not in monitor mode (for example, it might support only fake
Ethernet headers, or might support 802.11 headers but not sup‐
port 802.11 headers with radio information) and another set of
data link types when in monitor mode (for example, it might sup‐
port 802.11 headers, or 802.11 headers with radio information,
only in monitor mode).

Run the following.

# tcpdump -L
Data link types for nflog (use option -y to set):
  NFLOG (Linux netfilter log messages) (printing not supported)
  IPV4 (Raw IPv4)

The first interface tcpdump uses does not support the printing output. See the list of interfaces known to your system.

$ sudo tcpdump -D

-D
--list-interfaces
Print the list of the network interfaces available on the system
and on which tcpdump can capture packets. For each network
interface, a number and an interface name, possibly followed by
a text description of the interface, is printed. The interface
name or the number can be supplied to the -i flag to specify an
interface on which to capture.
This can be useful on systems that don't have a command to list
them (e.g., Windows systems, or UNIX systems lacking ifconfig
-a); the number can be useful on Windows 2000 and later systems,
where the interface name is a somewhat complex string.
The -D flag will not be supported if tcpdump was built with an
older version of libpcap that lacks the pcap_findalldevs() func‐
tion.

Solution:
Specify the interface using the -i option and this will work.