Using the following command, you can capture & decode SNMP traffic going in and out of a specific interface (enp3s0 in this example):
tcpdump -v -i enp3s0 'udp port 161'
This works by just filtering for UDP packets on port 161 – the SNMP port. The -v flag tells tcpdump to decode the traffic in real time.
Example output:
01:28:27.915505 IP (tos 0x0, ttl 64, id 28865, offset 0, flags [DF], proto UDP (17), length 151)
10.9.2.199.snmp > 10.9.2.15.47669: { SNMPv3 { F=a } { USM B=1 T=608 U="admin" } { ScopedPDU E=_80_00_6a_92_03_44_a5_6e_43_5e_4c C="" { GetResponse(33) R=1015374419 105.1.1.1.5.1.2=1 } } }
01:28:27.915646 IP (tos 0x0, ttl 64, id 38290, offset 0, flags [DF], proto UDP (17), length 150)
10.9.2.15.47669 > 10.9.2.199.snmp: { SNMPv3 { F=ar } { USM B=1 T=608 U="admin" } { ScopedPDU E=_80_00_6a_92_03_44_a5_6e_43_5e_4c C="" { GetNextRequest(32) R=1015374420 105.1.1.1.5.1.2 } } }