Device communicates with server through bridge, unable to capture all packages

networking tcp bridge wireshark packet

It appears you were sniffing on the virtual bridge interface. This interface will only receive traffic directed there + some other packets as part of the discovery process. Keep in mind that a bridge works mostly like a regular Ethernet switch: Once the switch has learned which MAC addresses are reachable through which ports, traffic for these MAC addresses will only be sent to these ports.

Only as part of the learning process are packets flooded to all ports. That’s what you saw.

To get all traffic, you need to sniff traffic on one of the bridged “real” interfaces, preferably the one the device to monitor is connected to. You will then see all traffic.

Of course, since it appears the actual data exchange is encrypted, you won’t be able to inspect its contents. But maybe the device has weak security and you can perform a man in the middle attack.

Related

Is NFS + NIS a modern good practice for Linux networks to achieve common logins and home directories?
Event logger won't start: error 2 The system cannot find the file specified, Windows server 2008R2
GitLab not sending mails
PostgreSQL SSL root.crt not loading
rsync error: unexplained error (code 130 ) at rsync.c(543) [sender=3.0.7]
Is there a quick way to get the very last file in a large TAR?
Postfix virtual domains: how to accept all subdomains except for two?
Disabling Language Bar on Server 2012 R2
What do you use for a RAM disk on Windows Server?
SMTP 552 4.3.1 Session size exceeds fixed maximum session size
opendkim error loading key
iptables blocking ssh tunnel