Device communicates with server through bridge, unable to capture all packages
It appears you were sniffing on the virtual bridge interface. This interface will only receive traffic directed there + some other packets as part of the discovery process. Keep in mind that a bridge works mostly like a regular Ethernet switch: Once the switch has learned which MAC addresses are reachable through which ports, traffic for these MAC addresses will only be sent to these ports.
Only as part of the learning process are packets flooded to all ports. That’s what you saw.
To get all traffic, you need to sniff traffic on one of the bridged “real” interfaces, preferably the one the device to monitor is connected to. You will then see all traffic.
Of course, since it appears the actual data exchange is encrypted, you won’t be able to inspect its contents. But maybe the device has weak security and you can perform a man in the middle attack.