Iam trying to redirect port and verify the redirection is working using

and then

Sadly this is not capturing anything, at the same time, iam still receiving packets to port 162 seeing via tcpdump.

Also when i start using iptables redirect 162 -> 10162, i stop seeing snmptrapd messages in syslog informing me, that trap was received. After deleting the rule, the syslog is getting the info again.

What iam seeking, is evidence that port 10162 is receiving the redirected trap, which is input for my logstash and so i can investigate my bigger issue with ELK stack further. Basically iam in process of trying to follow the path step by step and see where my issue lies.

At least why snmptrapd stops saying trap is received in syslog (when redirected) and mabye the correct way how to set tcpdump to capture "inner" communication.

So the redirect works fine, i checked by other means (debuging logstash itself - sending snmptrap and catching it in logstash-console). I guess: When redirect takes place, snmptrapd is no longer getting anything on port 162 since its probably redirected before it reaches it by iptables, but tcpdump runs even before this redirection so its actually takes 162 as original port (based on message itself), BUT cant capture on port 10162 since its not running or reading "behind it". Thats my basic understanding. It would still be nice to know the way of checking also port 10162 after redirection, for even deeper understanding and knowledge...or better explanation than mine which is serious guessing

Tcpdump reads right off the interface. Whatever you do after that requires a correct filter expression to capture. You might find things easier with wireshark.