tcpdump shows traffic until I use a filter
Solution 1:
A possible reason is that tcpdump has received a packet which is either encapsulated into another protocol or a frame wich for example has been tagged with a VLAN ID.
You do not see this in tcpdump
's output as you have not specified any verbosity arguments, but your filter does not match as your port 443
would basically imply not vlan and (proto tcp or proto udp) and port 443
.
You also could verify this by dumping the frame in hex using -xx
and analyzing the frame data. If you know the VID in question, simply add and vlan <VID>
to your filter to get the packets captured.