why `tcpdump -i any` can't capture unicast traffic in br0 whilst `tcpdump -i br0` can?

I am unable to capture **unicast** traffic on the br0 (**linux bridge**) interface using the command tcpdump -nni any -vvv. Broadcast traffic, however, is captured as expected. Interestingly, unicast traffic is captured if I open another terminal and run tcpdump -nni br0 -vvv to capture traffic specifically on the br0 interface simultaneously. I've noticed that this behavior is present with tcpdump version *4.9.3* (libpcap version 1.8.1), where the tcpdump -nni any -vvv command does not capture br0 unicast traffic. However, using tcpdump version *4.99.5* (*libpcap version 1.10.5 with TPACKET_V3*) works correctly and captures the unicast traffic on br0. I know that br0 get the all traffic which flow into the linux bridge device, see also Anatomy of a Linux bridge . > In cases where the destination MAC address of the incoming frame is multi- or broadcast, the bridge device is set to receive all traffic, or the address is matches one of the local interfaces, a clone of the frame is also delivered upwards in the local network stack by calling the br_pass_frame_ up function. The function updates the bridge device statistics, and passes the incoming frame up the network stack by calling the device independent netif_receive_skb function I suspect that I'm seeing may be related to the version of tcpdump or its parameters, but I can't confirm this. Could you help explain the reason for this behaviour?