BPF and VLAN

You've to be a bit careful with the vlan keyword as a BPF filter (when combining it with other filters), as it moves filters 4 bytes to the right, see here: http://www.christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php.

You could also use a filter of the ethernet header - this link describes the solution and potential issues perfectly: http://serverfault.com/questions/196250/tcpdump-capture-one-of-several-vlans.